Attachment 870036 Details for Bug 1216088

SCAP report

report.html (text/html), 3.22 MB, created by Ricardo Branco on 2023-10-10 10:22:10 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Ricardo Branco

Created: 2023-10-10 10:22:10 UTC

Size: 3.22 MB

patch

obsolete

><!DOCTYPE html><html lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width, initial-scale=1"><title>xccdf_org.open-scap_testresult_xccdf_org.ssgproject.content_profile_pcs-hardening | OpenSCAP Evaluation Report</title><style>
>/*!
> * Bootstrap v3.3.7 (http://getbootstrap.com)
> * Copyright 2011-2016 Twitter, Inc.
> * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE)
> */
>
>/*!
> * Generated using the Bootstrap Customizer (https://getbootstrap.com/customize/?id=8160adef040364fa8f688f6065765caf)
> * Config saved to config.json and https://gist.github.com/8160adef040364fa8f688f6065765caf
> *//*!
> * Bootstrap v3.3.7 (http://getbootstrap.com)
> * Copyright 2011-2016 Twitter, Inc.
> * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE)
> *//*! normalize.css v3.0.3 | MIT License | github.com/necolas/normalize.css */html{font-family:sans-serif;-ms-text-size-adjust:100%;-webkit-text-size-adjust:100%}body{margin:0}article,aside,details,figcaption,figure,footer,header,hgroup,main,menu,nav,section,summary{display:block}audio,canvas,progress,video{display:inline-block;vertical-align:baseline}audio:not([controls]){display:none;height:0}[hidden],template{display:none}a{background-color:transparent}a:active,a:hover{outline:0}abbr[title]{border-bottom:1px dotted}b,strong{font-weight:bold}dfn{font-style:italic}h1{font-size:2em;margin:0.67em 0}mark{background:#ff0;color:#000}small{font-size:80%}sub,sup{font-size:75%;line-height:0;position:relative;vertical-align:baseline}sup{top:-0.5em}sub{bottom:-0.25em}img{border:0}svg:not(:root){overflow:hidden}figure{margin:1em 40px}hr{-webkit-box-sizing:content-box;-moz-box-sizing:content-box;box-sizing:content-box;height:0}pre{overflow:auto}code,kbd,pre,samp{font-family:monospace, monospace;font-size:1em}button,input,optgroup,select,textarea{color:inherit;font:inherit;margin:0}button{overflow:visible}button,select{text-transform:none}button,html input[type="button"],input[type="reset"],input[type="submit"]{-webkit-appearance:button;cursor:pointer}button[disabled],html input[disabled]{cursor:default}button::-moz-focus-inner,input::-moz-focus-inner{border:0;padding:0}input{line-height:normal}input[type="checkbox"],input[type="radio"]{-webkit-box-sizing:border-box;-moz-box-sizing:border-box;box-sizing:border-box;padding:0}input[type="number"]::-webkit-inner-spin-button,input[type="number"]::-webkit-outer-spin-button{height:auto}input[type="search"]{-webkit-appearance:textfield;-webkit-box-sizing:content-box;-moz-box-sizing:content-box;box-sizing:content-box}input[type="search"]::-webkit-search-cancel-button,input[type="search"]::-webkit-search-decoration{-webkit-appearance:none}fieldset{border:1px solid #c0c0c0;margin:0 2px;padding:0.35em 0.625em 0.75em}legend{border:0;padding:0}textarea{overflow:auto}optgroup{font-weight:bold}table{border-collapse:collapse;border-spacing:0}td,th{padding:0}/*! Source: https://github.com/h5bp/html5-boilerplate/blob/master/src/css/main.css */@media print{*,*:before,*:after{background:transparent !important;color:#000 !important;-webkit-box-shadow:none !important;box-shadow:none !important;text-shadow:none !important}a,a:visited{text-decoration:underline}a[href^="#"]:after,a[href^="javascript:"]:after{content:""}pre,blockquote{border:1px solid #999;page-break-inside:avoid}thead{display:table-header-group}tr,img{page-break-inside:avoid}img{max-width:100% !important}p,h2,h3{orphans:3;widows:3}h2,h3{page-break-after:avoid}.navbar{display:none}.btn>.caret,.dropup>.btn>.caret{border-top-color:#000 !important}.label{border:1px solid #000}.table{border-collapse:collapse !important}.table td,.table th{background-color:#fff !important}.table-bordered th,.table-bordered td{border:1px solid #ddd !important}}*{-webkit-box-sizing:border-box;-moz-box-sizing:border-box;box-sizing:border-box}*:before,*:after{-webkit-box-sizing:border-box;-moz-box-sizing:border-box;box-sizing:border-box}html{font-size:10px;-webkit-tap-highlight-color:rgba(0,0,0,0)}body{font-family:"Helvetica Neue",Helvetica,Arial,sans-serif;font-size:14px;line-height:1.42857143;color:#333;background-color:#fff}input,button,select,textarea{font-family:inherit;font-size:inherit;line-height:inherit}a{color:#428bca;text-decoration:none}a:hover,a:focus{color:#2a6496;text-decoration:underline}a:focus{outline:5px auto -webkit-focus-ring-color;outline-offset:-2px}figure{margin:0}img{vertical-align:middle}.img-responsive{display:block;max-width:100%;height:auto}.img-rounded{border-radius:6px}.img-thumbnail{padding:4px;line-height:1.42857143;background-color:#fff;border:1px solid #ddd;border-radius:4px;-webkit-transition:all .2s ease-in-out;-o-transition:all .2s ease-in-out;transition:all .2s ease-in-out;display:inline-block;max-width:100%;height:auto}.img-circle{border-radius:50%}hr{margin-top:20px;margin-bottom:20px;border:0;border-top:1px solid #eee}.sr-only{position:absolute;width:1px;height:1px;margin:-1px;padding:0;overflow:hidden;clip:rect(0, 0, 0, 0);border:0}.sr-only-focusable:active,.sr-only-focusable:focus{position:static;width:auto;height:auto;margin:0;overflow:visible;clip:auto}[role="button"]{cursor:pointer}h1,h2,h3,h4,h5,h6,.h1,.h2,.h3,.h4,.h5,.h6{font-family:inherit;font-weight:500;line-height:1.1;color:inherit}h1 small,h2 small,h3 small,h4 small,h5 small,h6 small,.h1 small,.h2 small,.h3 small,.h4 small,.h5 small,.h6 small,h1 .small,h2 .small,h3 .small,h4 .small,h5 .small,h6 .small,.h1 .small,.h2 .small,.h3 .small,.h4 .small,.h5 .small,.h6 .small{font-weight:normal;line-height:1;color:#777}h1,.h1,h2,.h2,h3,.h3{margin-top:20px;margin-bottom:10px}h1 small,.h1 small,h2 small,.h2 small,h3 small,.h3 small,h1 .small,.h1 .small,h2 .small,.h2 .small,h3 .small,.h3 .small{font-size:65%}h4,.h4,h5,.h5,h6,.h6{margin-top:10px;margin-bottom:10px}h4 small,.h4 small,h5 small,.h5 small,h6 small,.h6 small,h4 .small,.h4 .small,h5 .small,.h5 .small,h6 .small,.h6 .small{font-size:75%}h1,.h1{font-size:36px}h2,.h2{font-size:30px}h3,.h3{font-size:24px}h4,.h4{font-size:18px}h5,.h5{font-size:14px}h6,.h6{font-size:12px}p{margin:0 0 10px}.lead{margin-bottom:20px;font-size:16px;font-weight:300;line-height:1.4}@media (min-width:768px){.lead{font-size:21px}}small,.small{font-size:85%}mark,.mark{background-color:#fcf8e3;padding:.2em}.text-left{text-align:left}.text-right{text-align:right}.text-center{text-align:center}.text-justify{text-align:justify}.text-nowrap{white-space:nowrap}.text-lowercase{text-transform:lowercase}.text-uppercase{text-transform:uppercase}.text-capitalize{text-transform:capitalize}.text-muted{color:#777}.text-primary{color:#428bca}a.text-primary:hover,a.text-primary:focus{color:#3071a9}.text-success{color:#3c763d}a.text-success:hover,a.text-success:focus{color:#2b542c}.text-info{color:#31708f}a.text-info:hover,a.text-info:focus{color:#245269}.text-warning{color:#8a6d3b}a.text-warning:hover,a.text-warning:focus{color:#66512c}.text-danger{color:#a94442}a.text-danger:hover,a.text-danger:focus{color:#843534}.bg-primary{color:#fff;background-color:#428bca}a.bg-primary:hover,a.bg-primary:focus{background-color:#3071a9}.bg-success{background-color:#dff0d8}a.bg-success:hover,a.bg-success:focus{background-color:#c1e2b3}.bg-info{background-color:#d9edf7}a.bg-info:hover,a.bg-info:focus{background-color:#afd9ee}.bg-warning{background-color:#fcf8e3}a.bg-warning:hover,a.bg-warning:focus{background-color:#f7ecb5}.bg-danger{background-color:#f2dede}a.bg-danger:hover,a.bg-danger:focus{background-color:#e4b9b9}.page-header{padding-bottom:9px;margin:40px 0 20px;border-bottom:1px solid #eee}ul,ol{margin-top:0;margin-bottom:10px}ul ul,ol ul,ul ol,ol ol{margin-bottom:0}.list-unstyled{padding-left:0;list-style:none}.list-inline{padding-left:0;list-style:none;margin-left:-5px}.list-inline>li{display:inline-block;padding-left:5px;padding-right:5px}dl{margin-top:0;margin-bottom:20px}dt,dd{line-height:1.42857143}dt{font-weight:bold}dd{margin-left:0}@media (min-width:768px){.dl-horizontal dt{float:left;width:160px;clear:left;text-align:right;overflow:hidden;text-overflow:ellipsis;white-space:nowrap}.dl-horizontal dd{margin-left:180px}}abbr[title],abbr[data-original-title]{cursor:help;border-bottom:1px dotted #777}.initialism{font-size:90%;text-transform:uppercase}blockquote{padding:10px 20px;margin:0 0 20px;font-size:17.5px;border-left:5px solid #eee}blockquote p:last-child,blockquote ul:last-child,blockquote ol:last-child{margin-bottom:0}blockquote footer,blockquote small,blockquote .small{display:block;font-size:80%;line-height:1.42857143;color:#777}blockquote footer:before,blockquote small:before,blockquote .small:before{content:'\2014 \00A0'}.blockquote-reverse,blockquote.pull-right{padding-right:15px;padding-left:0;border-right:5px solid #eee;border-left:0;text-align:right}.blockquote-reverse footer:before,blockquote.pull-right footer:before,.blockquote-reverse small:before,blockquote.pull-right small:before,.blockquote-reverse .small:before,blockquote.pull-right .small:before{content:''}.blockquote-reverse footer:after,blockquote.pull-right footer:after,.blockquote-reverse small:after,blockquote.pull-right small:after,.blockquote-reverse .small:after,blockquote.pull-right .small:after{content:'\00A0 \2014'}address{margin-bottom:20px;font-style:normal;line-height:1.42857143}code,kbd,pre,samp{font-family:Menlo,Monaco,Consolas,"Courier New",monospace}code{padding:2px 4px;font-size:90%;color:#c7254e;background-color:#f9f2f4;border-radius:4px}kbd{padding:2px 4px;font-size:90%;color:#fff;background-color:#333;border-radius:3px;-webkit-box-shadow:inset 0 -1px 0 rgba(0,0,0,0.25);box-shadow:inset 0 -1px 0 rgba(0,0,0,0.25)}kbd kbd{padding:0;font-size:100%;font-weight:bold;-webkit-box-shadow:none;box-shadow:none}pre{display:block;padding:9.5px;margin:0 0 10px;font-size:13px;line-height:1.42857143;word-break:break-all;word-wrap:break-word;color:#333;background-color:#f5f5f5;border:1px solid #ccc;border-radius:4px}pre code{padding:0;font-size:inherit;color:inherit;white-space:pre-wrap;background-color:transparent;border-radius:0}.pre-scrollable{max-height:340px;overflow-y:scroll}.container{margin-right:auto;margin-left:auto;padding-left:15px;padding-right:15px}@media (min-width:768px){.container{width:750px}}@media (min-width:992px){.container{width:970px}}@media (min-width:1200px){.container{width:1170px}}.container-fluid{margin-right:auto;margin-left:auto;padding-left:15px;padding-right:15px}.row{margin-left:-15px;margin-right:-15px}.col-xs-1, .col-sm-1, .col-md-1, .col-lg-1, .col-xs-2, .col-sm-2, .col-md-2, .col-lg-2, .col-xs-3, .col-sm-3, .col-md-3, .col-lg-3, .col-xs-4, .col-sm-4, .col-md-4, .col-lg-4, .col-xs-5, .col-sm-5, .col-md-5, .col-lg-5, .col-xs-6, .col-sm-6, .col-md-6, .col-lg-6, .col-xs-7, .col-sm-7, .col-md-7, .col-lg-7, .col-xs-8, .col-sm-8, .col-md-8, .col-lg-8, .col-xs-9, .col-sm-9, .col-md-9, .col-lg-9, .col-xs-10, .col-sm-10, .col-md-10, .col-lg-10, .col-xs-11, .col-sm-11, .col-md-11, .col-lg-11, .col-xs-12, .col-sm-12, .col-md-12, .col-lg-12{position:relative;min-height:1px;padding-left:15px;padding-right:15px}.col-xs-1, .col-xs-2, .col-xs-3, .col-xs-4, .col-xs-5, .col-xs-6, .col-xs-7, .col-xs-8, .col-xs-9, .col-xs-10, .col-xs-11, .col-xs-12{float:left}.col-xs-12{width:100%}.col-xs-11{width:91.66666667%}.col-xs-10{width:83.33333333%}.col-xs-9{width:75%}.col-xs-8{width:66.66666667%}.col-xs-7{width:58.33333333%}.col-xs-6{width:50%}.col-xs-5{width:41.66666667%}.col-xs-4{width:33.33333333%}.col-xs-3{width:25%}.col-xs-2{width:16.66666667%}.col-xs-1{width:8.33333333%}.col-xs-pull-12{right:100%}.col-xs-pull-11{right:91.66666667%}.col-xs-pull-10{right:83.33333333%}.col-xs-pull-9{right:75%}.col-xs-pull-8{right:66.66666667%}.col-xs-pull-7{right:58.33333333%}.col-xs-pull-6{right:50%}.col-xs-pull-5{right:41.66666667%}.col-xs-pull-4{right:33.33333333%}.col-xs-pull-3{right:25%}.col-xs-pull-2{right:16.66666667%}.col-xs-pull-1{right:8.33333333%}.col-xs-pull-0{right:auto}.col-xs-push-12{left:100%}.col-xs-push-11{left:91.66666667%}.col-xs-push-10{left:83.33333333%}.col-xs-push-9{left:75%}.col-xs-push-8{left:66.66666667%}.col-xs-push-7{left:58.33333333%}.col-xs-push-6{left:50%}.col-xs-push-5{left:41.66666667%}.col-xs-push-4{left:33.33333333%}.col-xs-push-3{left:25%}.col-xs-push-2{left:16.66666667%}.col-xs-push-1{left:8.33333333%}.col-xs-push-0{left:auto}.col-xs-offset-12{margin-left:100%}.col-xs-offset-11{margin-left:91.66666667%}.col-xs-offset-10{margin-left:83.33333333%}.col-xs-offset-9{margin-left:75%}.col-xs-offset-8{margin-left:66.66666667%}.col-xs-offset-7{margin-left:58.33333333%}.col-xs-offset-6{margin-left:50%}.col-xs-offset-5{margin-left:41.66666667%}.col-xs-offset-4{margin-left:33.33333333%}.col-xs-offset-3{margin-left:25%}.col-xs-offset-2{margin-left:16.66666667%}.col-xs-offset-1{margin-left:8.33333333%}.col-xs-offset-0{margin-left:0}@media (min-width:768px){.col-sm-1, .col-sm-2, .col-sm-3, .col-sm-4, .col-sm-5, .col-sm-6, .col-sm-7, .col-sm-8, .col-sm-9, .col-sm-10, .col-sm-11, .col-sm-12{float:left}.col-sm-12{width:100%}.col-sm-11{width:91.66666667%}.col-sm-10{width:83.33333333%}.col-sm-9{width:75%}.col-sm-8{width:66.66666667%}.col-sm-7{width:58.33333333%}.col-sm-6{width:50%}.col-sm-5{width:41.66666667%}.col-sm-4{width:33.33333333%}.col-sm-3{width:25%}.col-sm-2{width:16.66666667%}.col-sm-1{width:8.33333333%}.col-sm-pull-12{right:100%}.col-sm-pull-11{right:91.66666667%}.col-sm-pull-10{right:83.33333333%}.col-sm-pull-9{right:75%}.col-sm-pull-8{right:66.66666667%}.col-sm-pull-7{right:58.33333333%}.col-sm-pull-6{right:50%}.col-sm-pull-5{right:41.66666667%}.col-sm-pull-4{right:33.33333333%}.col-sm-pull-3{right:25%}.col-sm-pull-2{right:16.66666667%}.col-sm-pull-1{right:8.33333333%}.col-sm-pull-0{right:auto}.col-sm-push-12{left:100%}.col-sm-push-11{left:91.66666667%}.col-sm-push-10{left:83.33333333%}.col-sm-push-9{left:75%}.col-sm-push-8{left:66.66666667%}.col-sm-push-7{left:58.33333333%}.col-sm-push-6{left:50%}.col-sm-push-5{left:41.66666667%}.col-sm-push-4{left:33.33333333%}.col-sm-push-3{left:25%}.col-sm-push-2{left:16.66666667%}.col-sm-push-1{left:8.33333333%}.col-sm-push-0{left:auto}.col-sm-offset-12{margin-left:100%}.col-sm-offset-11{margin-left:91.66666667%}.col-sm-offset-10{margin-left:83.33333333%}.col-sm-offset-9{margin-left:75%}.col-sm-offset-8{margin-left:66.66666667%}.col-sm-offset-7{margin-left:58.33333333%}.col-sm-offset-6{margin-left:50%}.col-sm-offset-5{margin-left:41.66666667%}.col-sm-offset-4{margin-left:33.33333333%}.col-sm-offset-3{margin-left:25%}.col-sm-offset-2{margin-left:16.66666667%}.col-sm-offset-1{margin-left:8.33333333%}.col-sm-offset-0{margin-left:0}}@media (min-width:992px){.col-md-1, .col-md-2, .col-md-3, .col-md-4, .col-md-5, .col-md-6, .col-md-7, .col-md-8, .col-md-9, .col-md-10, .col-md-11, .col-md-12{float:left}.col-md-12{width:100%}.col-md-11{width:91.66666667%}.col-md-10{width:83.33333333%}.col-md-9{width:75%}.col-md-8{width:66.66666667%}.col-md-7{width:58.33333333%}.col-md-6{width:50%}.col-md-5{width:41.66666667%}.col-md-4{width:33.33333333%}.col-md-3{width:25%}.col-md-2{width:16.66666667%}.col-md-1{width:8.33333333%}.col-md-pull-12{right:100%}.col-md-pull-11{right:91.66666667%}.col-md-pull-10{right:83.33333333%}.col-md-pull-9{right:75%}.col-md-pull-8{right:66.66666667%}.col-md-pull-7{right:58.33333333%}.col-md-pull-6{right:50%}.col-md-pull-5{right:41.66666667%}.col-md-pull-4{right:33.33333333%}.col-md-pull-3{right:25%}.col-md-pull-2{right:16.66666667%}.col-md-pull-1{right:8.33333333%}.col-md-pull-0{right:auto}.col-md-push-12{left:100%}.col-md-push-11{left:91.66666667%}.col-md-push-10{left:83.33333333%}.col-md-push-9{left:75%}.col-md-push-8{left:66.66666667%}.col-md-push-7{left:58.33333333%}.col-md-push-6{left:50%}.col-md-push-5{left:41.66666667%}.col-md-push-4{left:33.33333333%}.col-md-push-3{left:25%}.col-md-push-2{left:16.66666667%}.col-md-push-1{left:8.33333333%}.col-md-push-0{left:auto}.col-md-offset-12{margin-left:100%}.col-md-offset-11{margin-left:91.66666667%}.col-md-offset-10{margin-left:83.33333333%}.col-md-offset-9{margin-left:75%}.col-md-offset-8{margin-left:66.66666667%}.col-md-offset-7{margin-left:58.33333333%}.col-md-offset-6{margin-left:50%}.col-md-offset-5{margin-left:41.66666667%}.col-md-offset-4{margin-left:33.33333333%}.col-md-offset-3{margin-left:25%}.col-md-offset-2{margin-left:16.66666667%}.col-md-offset-1{margin-left:8.33333333%}.col-md-offset-0{margin-left:0}}@media (min-width:1200px){.col-lg-1, .col-lg-2, .col-lg-3, .col-lg-4, .col-lg-5, .col-lg-6, .col-lg-7, .col-lg-8, .col-lg-9, .col-lg-10, .col-lg-11, .col-lg-12{float:left}.col-lg-12{width:100%}.col-lg-11{width:91.66666667%}.col-lg-10{width:83.33333333%}.col-lg-9{width:75%}.col-lg-8{width:66.66666667%}.col-lg-7{width:58.33333333%}.col-lg-6{width:50%}.col-lg-5{width:41.66666667%}.col-lg-4{width:33.33333333%}.col-lg-3{width:25%}.col-lg-2{width:16.66666667%}.col-lg-1{width:8.33333333%}.col-lg-pull-12{right:100%}.col-lg-pull-11{right:91.66666667%}.col-lg-pull-10{right:83.33333333%}.col-lg-pull-9{right:75%}.col-lg-pull-8{right:66.66666667%}.col-lg-pull-7{right:58.33333333%}.col-lg-pull-6{right:50%}.col-lg-pull-5{right:41.66666667%}.col-lg-pull-4{right:33.33333333%}.col-lg-pull-3{right:25%}.col-lg-pull-2{right:16.66666667%}.col-lg-pull-1{right:8.33333333%}.col-lg-pull-0{right:auto}.col-lg-push-12{left:100%}.col-lg-push-11{left:91.66666667%}.col-lg-push-10{left:83.33333333%}.col-lg-push-9{left:75%}.col-lg-push-8{left:66.66666667%}.col-lg-push-7{left:58.33333333%}.col-lg-push-6{left:50%}.col-lg-push-5{left:41.66666667%}.col-lg-push-4{left:33.33333333%}.col-lg-push-3{left:25%}.col-lg-push-2{left:16.66666667%}.col-lg-push-1{left:8.33333333%}.col-lg-push-0{left:auto}.col-lg-offset-12{margin-left:100%}.col-lg-offset-11{margin-left:91.66666667%}.col-lg-offset-10{margin-left:83.33333333%}.col-lg-offset-9{margin-left:75%}.col-lg-offset-8{margin-left:66.66666667%}.col-lg-offset-7{margin-left:58.33333333%}.col-lg-offset-6{margin-left:50%}.col-lg-offset-5{margin-left:41.66666667%}.col-lg-offset-4{margin-left:33.33333333%}.col-lg-offset-3{margin-left:25%}.col-lg-offset-2{margin-left:16.66666667%}.col-lg-offset-1{margin-left:8.33333333%}.col-lg-offset-0{margin-left:0}}table{background-color:transparent}caption{padding-top:8px;padding-bottom:8px;color:#777;text-align:left}th{text-align:left}.table{width:100%;max-width:100%;margin-bottom:20px}.table>thead>tr>th,.table>tbody>tr>th,.table>tfoot>tr>th,.table>thead>tr>td,.table>tbody>tr>td,.table>tfoot>tr>td{padding:8px;line-height:1.42857143;vertical-align:top;border-top:1px solid #ddd}.table>thead>tr>th{vertical-align:bottom;border-bottom:2px solid #ddd}.table>caption+thead>tr:first-child>th,.table>colgroup+thead>tr:first-child>th,.table>thead:first-child>tr:first-child>th,.table>caption+thead>tr:first-child>td,.table>colgroup+thead>tr:first-child>td,.table>thead:first-child>tr:first-child>td{border-top:0}.table>tbody+tbody{border-top:2px solid #ddd}.table .table{background-color:#fff}.table-condensed>thead>tr>th,.table-condensed>tbody>tr>th,.table-condensed>tfoot>tr>th,.table-condensed>thead>tr>td,.table-condensed>tbody>tr>td,.table-condensed>tfoot>tr>td{padding:5px}.table-bordered{border:1px solid #ddd}.table-bordered>thead>tr>th,.table-bordered>tbody>tr>th,.table-bordered>tfoot>tr>th,.table-bordered>thead>tr>td,.table-bordered>tbody>tr>td,.table-bordered>tfoot>tr>td{border:1px solid #ddd}.table-bordered>thead>tr>th,.table-bordered>thead>tr>td{border-bottom-width:2px}.table-striped>tbody>tr:nth-of-type(odd){background-color:#f9f9f9}.table-hover>tbody>tr:hover{background-color:#f5f5f5}table col[class*="col-"]{position:static;float:none;display:table-column}table td[class*="col-"],table th[class*="col-"]{position:static;float:none;display:table-cell}.table>thead>tr>td.active,.table>tbody>tr>td.active,.table>tfoot>tr>td.active,.table>thead>tr>th.active,.table>tbody>tr>th.active,.table>tfoot>tr>th.active,.table>thead>tr.active>td,.table>tbody>tr.active>td,.table>tfoot>tr.active>td,.table>thead>tr.active>th,.table>tbody>tr.active>th,.table>tfoot>tr.active>th{background-color:#f5f5f5}.table-hover>tbody>tr>td.active:hover,.table-hover>tbody>tr>th.active:hover,.table-hover>tbody>tr.active:hover>td,.table-hover>tbody>tr:hover>.active,.table-hover>tbody>tr.active:hover>th{background-color:#e8e8e8}.table>thead>tr>td.success,.table>tbody>tr>td.success,.table>tfoot>tr>td.success,.table>thead>tr>th.success,.table>tbody>tr>th.success,.table>tfoot>tr>th.success,.table>thead>tr.success>td,.table>tbody>tr.success>td,.table>tfoot>tr.success>td,.table>thead>tr.success>th,.table>tbody>tr.success>th,.table>tfoot>tr.success>th{background-color:#dff0d8}.table-hover>tbody>tr>td.success:hover,.table-hover>tbody>tr>th.success:hover,.table-hover>tbody>tr.success:hover>td,.table-hover>tbody>tr:hover>.success,.table-hover>tbody>tr.success:hover>th{background-color:#d0e9c6}.table>thead>tr>td.info,.table>tbody>tr>td.info,.table>tfoot>tr>td.info,.table>thead>tr>th.info,.table>tbody>tr>th.info,.table>tfoot>tr>th.info,.table>thead>tr.info>td,.table>tbody>tr.info>td,.table>tfoot>tr.info>td,.table>thead>tr.info>th,.table>tbody>tr.info>th,.table>tfoot>tr.info>th{background-color:#d9edf7}.table-hover>tbody>tr>td.info:hover,.table-hover>tbody>tr>th.info:hover,.table-hover>tbody>tr.info:hover>td,.table-hover>tbody>tr:hover>.info,.table-hover>tbody>tr.info:hover>th{background-color:#c4e3f3}.table>thead>tr>td.warning,.table>tbody>tr>td.warning,.table>tfoot>tr>td.warning,.table>thead>tr>th.warning,.table>tbody>tr>th.warning,.table>tfoot>tr>th.warning,.table>thead>tr.warning>td,.table>tbody>tr.warning>td,.table>tfoot>tr.warning>td,.table>thead>tr.warning>th,.table>tbody>tr.warning>th,.table>tfoot>tr.warning>th{background-color:#fcf8e3}.table-hover>tbody>tr>td.warning:hover,.table-hover>tbody>tr>th.warning:hover,.table-hover>tbody>tr.warning:hover>td,.table-hover>tbody>tr:hover>.warning,.table-hover>tbody>tr.warning:hover>th{background-color:#faf2cc}.table>thead>tr>td.danger,.table>tbody>tr>td.danger,.table>tfoot>tr>td.danger,.table>thead>tr>th.danger,.table>tbody>tr>th.danger,.table>tfoot>tr>th.danger,.table>thead>tr.danger>td,.table>tbody>tr.danger>td,.table>tfoot>tr.danger>td,.table>thead>tr.danger>th,.table>tbody>tr.danger>th,.table>tfoot>tr.danger>th{background-color:#f2dede}.table-hover>tbody>tr>td.danger:hover,.table-hover>tbody>tr>th.danger:hover,.table-hover>tbody>tr.danger:hover>td,.table-hover>tbody>tr:hover>.danger,.table-hover>tbody>tr.danger:hover>th{background-color:#ebcccc}.table-responsive{overflow-x:auto;min-height:0.01%}@media screen and (max-width:767px){.table-responsive{width:100%;margin-bottom:15px;overflow-y:hidden;-ms-overflow-style:-ms-autohiding-scrollbar;border:1px solid #ddd}.table-responsive>.table{margin-bottom:0}.table-responsive>.table>thead>tr>th,.table-responsive>.table>tbody>tr>th,.table-responsive>.table>tfoot>tr>th,.table-responsive>.table>thead>tr>td,.table-responsive>.table>tbody>tr>td,.table-responsive>.table>tfoot>tr>td{white-space:nowrap}.table-responsive>.table-bordered{border:0}.table-responsive>.table-bordered>thead>tr>th:first-child,.table-responsive>.table-bordered>tbody>tr>th:first-child,.table-responsive>.table-bordered>tfoot>tr>th:first-child,.table-responsive>.table-bordered>thead>tr>td:first-child,.table-responsive>.table-bordered>tbody>tr>td:first-child,.table-responsive>.table-bordered>tfoot>tr>td:first-child{border-left:0}.table-responsive>.table-bordered>thead>tr>th:last-child,.table-responsive>.table-bordered>tbody>tr>th:last-child,.table-responsive>.table-bordered>tfoot>tr>th:last-child,.table-responsive>.table-bordered>thead>tr>td:last-child,.table-responsive>.table-bordered>tbody>tr>td:last-child,.table-responsive>.table-bordered>tfoot>tr>td:last-child{border-right:0}.table-responsive>.table-bordered>tbody>tr:last-child>th,.table-responsive>.table-bordered>tfoot>tr:last-child>th,.table-responsive>.table-bordered>tbody>tr:last-child>td,.table-responsive>.table-bordered>tfoot>tr:last-child>td{border-bottom:0}}fieldset{padding:0;margin:0;border:0;min-width:0}legend{display:block;width:100%;padding:0;margin-bottom:20px;font-size:21px;line-height:inherit;color:#333;border:0;border-bottom:1px solid #e5e5e5}label{display:inline-block;max-width:100%;margin-bottom:5px;font-weight:bold}input[type="search"]{-webkit-box-sizing:border-box;-moz-box-sizing:border-box;box-sizing:border-box}input[type="radio"],input[type="checkbox"]{margin:4px 0 0;margin-top:1px \9;line-height:normal}input[type="file"]{display:block}input[type="range"]{display:block;width:100%}select[multiple],select[size]{height:auto}input[type="file"]:focus,input[type="radio"]:focus,input[type="checkbox"]:focus{outline:5px auto -webkit-focus-ring-color;outline-offset:-2px}output{display:block;padding-top:7px;font-size:14px;line-height:1.42857143;color:#555}.form-control{display:block;width:100%;height:34px;padding:6px 12px;font-size:14px;line-height:1.42857143;color:#555;background-color:#fff;background-image:none;border:1px solid #ccc;border-radius:4px;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,0.075);box-shadow:inset 0 1px 1px rgba(0,0,0,0.075);-webkit-transition:border-color ease-in-out .15s, -webkit-box-shadow ease-in-out .15s;-o-transition:border-color ease-in-out .15s, box-shadow ease-in-out .15s;transition:border-color ease-in-out .15s, box-shadow ease-in-out .15s}.form-control:focus{border-color:#66afe9;outline:0;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,.075), 0 0 8px rgba(102, 175, 233, 0.6);box-shadow:inset 0 1px 1px rgba(0,0,0,.075), 0 0 8px rgba(102, 175, 233, 0.6)}.form-control::-moz-placeholder{color:#777;opacity:1}.form-control:-ms-input-placeholder{color:#777}.form-control::-webkit-input-placeholder{color:#777}.form-control::-ms-expand{border:0;background-color:transparent}.form-control[disabled],.form-control[readonly],fieldset[disabled] .form-control{background-color:#eee;opacity:1}.form-control[disabled],fieldset[disabled] .form-control{cursor:not-allowed}textarea.form-control{height:auto}input[type="search"]{-webkit-appearance:none}@media screen and (-webkit-min-device-pixel-ratio:0){input[type="date"].form-control,input[type="time"].form-control,input[type="datetime-local"].form-control,input[type="month"].form-control{line-height:34px}input[type="date"].input-sm,input[type="time"].input-sm,input[type="datetime-local"].input-sm,input[type="month"].input-sm,.input-group-sm input[type="date"],.input-group-sm input[type="time"],.input-group-sm input[type="datetime-local"],.input-group-sm input[type="month"]{line-height:30px}input[type="date"].input-lg,input[type="time"].input-lg,input[type="datetime-local"].input-lg,input[type="month"].input-lg,.input-group-lg input[type="date"],.input-group-lg input[type="time"],.input-group-lg input[type="datetime-local"],.input-group-lg input[type="month"]{line-height:46px}}.form-group{margin-bottom:15px}.radio,.checkbox{position:relative;display:block;margin-top:10px;margin-bottom:10px}.radio label,.checkbox label{min-height:20px;padding-left:20px;margin-bottom:0;font-weight:normal;cursor:pointer}.radio input[type="radio"],.radio-inline input[type="radio"],.checkbox input[type="checkbox"],.checkbox-inline input[type="checkbox"]{position:absolute;margin-left:-20px;margin-top:4px \9}.radio+.radio,.checkbox+.checkbox{margin-top:-5px}.radio-inline,.checkbox-inline{position:relative;display:inline-block;padding-left:20px;margin-bottom:0;vertical-align:middle;font-weight:normal;cursor:pointer}.radio-inline+.radio-inline,.checkbox-inline+.checkbox-inline{margin-top:0;margin-left:10px}input[type="radio"][disabled],input[type="checkbox"][disabled],input[type="radio"].disabled,input[type="checkbox"].disabled,fieldset[disabled] input[type="radio"],fieldset[disabled] input[type="checkbox"]{cursor:not-allowed}.radio-inline.disabled,.checkbox-inline.disabled,fieldset[disabled] .radio-inline,fieldset[disabled] .checkbox-inline{cursor:not-allowed}.radio.disabled label,.checkbox.disabled label,fieldset[disabled] .radio label,fieldset[disabled] .checkbox label{cursor:not-allowed}.form-control-static{padding-top:7px;padding-bottom:7px;margin-bottom:0;min-height:34px}.form-control-static.input-lg,.form-control-static.input-sm{padding-left:0;padding-right:0}.input-sm{height:30px;padding:5px 10px;font-size:12px;line-height:1.5;border-radius:3px}select.input-sm{height:30px;line-height:30px}textarea.input-sm,select[multiple].input-sm{height:auto}.form-group-sm .form-control{height:30px;padding:5px 10px;font-size:12px;line-height:1.5;border-radius:3px}.form-group-sm select.form-control{height:30px;line-height:30px}.form-group-sm textarea.form-control,.form-group-sm select[multiple].form-control{height:auto}.form-group-sm .form-control-static{height:30px;min-height:32px;padding:6px 10px;font-size:12px;line-height:1.5}.input-lg{height:46px;padding:10px 16px;font-size:18px;line-height:1.33;border-radius:6px}select.input-lg{height:46px;line-height:46px}textarea.input-lg,select[multiple].input-lg{height:auto}.form-group-lg .form-control{height:46px;padding:10px 16px;font-size:18px;line-height:1.33;border-radius:6px}.form-group-lg select.form-control{height:46px;line-height:46px}.form-group-lg textarea.form-control,.form-group-lg select[multiple].form-control{height:auto}.form-group-lg .form-control-static{height:46px;min-height:38px;padding:11px 16px;font-size:18px;line-height:1.33}.has-feedback{position:relative}.has-feedback .form-control{padding-right:42.5px}.form-control-feedback{position:absolute;top:0;right:0;z-index:2;display:block;width:34px;height:34px;line-height:34px;text-align:center;pointer-events:none}.input-lg+.form-control-feedback,.input-group-lg+.form-control-feedback,.form-group-lg .form-control+.form-control-feedback{width:46px;height:46px;line-height:46px}.input-sm+.form-control-feedback,.input-group-sm+.form-control-feedback,.form-group-sm .form-control+.form-control-feedback{width:30px;height:30px;line-height:30px}.has-success .help-block,.has-success .control-label,.has-success .radio,.has-success .checkbox,.has-success .radio-inline,.has-success .checkbox-inline,.has-success.radio label,.has-success.checkbox label,.has-success.radio-inline label,.has-success.checkbox-inline label{color:#3c763d}.has-success .form-control{border-color:#3c763d;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,0.075);box-shadow:inset 0 1px 1px rgba(0,0,0,0.075)}.has-success .form-control:focus{border-color:#2b542c;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,0.075),0 0 6px #67b168;box-shadow:inset 0 1px 1px rgba(0,0,0,0.075),0 0 6px #67b168}.has-success .input-group-addon{color:#3c763d;border-color:#3c763d;background-color:#dff0d8}.has-success .form-control-feedback{color:#3c763d}.has-warning .help-block,.has-warning .control-label,.has-warning .radio,.has-warning .checkbox,.has-warning .radio-inline,.has-warning .checkbox-inline,.has-warning.radio label,.has-warning.checkbox label,.has-warning.radio-inline label,.has-warning.checkbox-inline label{color:#8a6d3b}.has-warning .form-control{border-color:#8a6d3b;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,0.075);box-shadow:inset 0 1px 1px rgba(0,0,0,0.075)}.has-warning .form-control:focus{border-color:#66512c;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,0.075),0 0 6px #c0a16b;box-shadow:inset 0 1px 1px rgba(0,0,0,0.075),0 0 6px #c0a16b}.has-warning .input-group-addon{color:#8a6d3b;border-color:#8a6d3b;background-color:#fcf8e3}.has-warning .form-control-feedback{color:#8a6d3b}.has-error .help-block,.has-error .control-label,.has-error .radio,.has-error .checkbox,.has-error .radio-inline,.has-error .checkbox-inline,.has-error.radio label,.has-error.checkbox label,.has-error.radio-inline label,.has-error.checkbox-inline label{color:#a94442}.has-error .form-control{border-color:#a94442;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,0.075);box-shadow:inset 0 1px 1px rgba(0,0,0,0.075)}.has-error .form-control:focus{border-color:#843534;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,0.075),0 0 6px #ce8483;box-shadow:inset 0 1px 1px rgba(0,0,0,0.075),0 0 6px #ce8483}.has-error .input-group-addon{color:#a94442;border-color:#a94442;background-color:#f2dede}.has-error .form-control-feedback{color:#a94442}.has-feedback label~.form-control-feedback{top:25px}.has-feedback label.sr-only~.form-control-feedback{top:0}.help-block{display:block;margin-top:5px;margin-bottom:10px;color:#737373}@media (min-width:768px){.form-inline .form-group{display:inline-block;margin-bottom:0;vertical-align:middle}.form-inline .form-control{display:inline-block;width:auto;vertical-align:middle}.form-inline .form-control-static{display:inline-block}.form-inline .input-group{display:inline-table;vertical-align:middle}.form-inline .input-group .input-group-addon,.form-inline .input-group .input-group-btn,.form-inline .input-group .form-control{width:auto}.form-inline .input-group>.form-control{width:100%}.form-inline .control-label{margin-bottom:0;vertical-align:middle}.form-inline .radio,.form-inline .checkbox{display:inline-block;margin-top:0;margin-bottom:0;vertical-align:middle}.form-inline .radio label,.form-inline .checkbox label{padding-left:0}.form-inline .radio input[type="radio"],.form-inline .checkbox input[type="checkbox"]{position:relative;margin-left:0}.form-inline .has-feedback .form-control-feedback{top:0}}.form-horizontal .radio,.form-horizontal .checkbox,.form-horizontal .radio-inline,.form-horizontal .checkbox-inline{margin-top:0;margin-bottom:0;padding-top:7px}.form-horizontal .radio,.form-horizontal .checkbox{min-height:27px}.form-horizontal .form-group{margin-left:-15px;margin-right:-15px}@media (min-width:768px){.form-horizontal .control-label{text-align:right;margin-bottom:0;padding-top:7px}}.form-horizontal .has-feedback .form-control-feedback{right:15px}@media (min-width:768px){.form-horizontal .form-group-lg .control-label{padding-top:11px;font-size:18px}}@media (min-width:768px){.form-horizontal .form-group-sm .control-label{padding-top:6px;font-size:12px}}.btn{display:inline-block;margin-bottom:0;font-weight:normal;text-align:center;vertical-align:middle;-ms-touch-action:manipulation;touch-action:manipulation;cursor:pointer;background-image:none;border:1px solid transparent;white-space:nowrap;padding:6px 12px;font-size:14px;line-height:1.42857143;border-radius:4px;-webkit-user-select:none;-moz-user-select:none;-ms-user-select:none;user-select:none}.btn:focus,.btn:active:focus,.btn.active:focus,.btn.focus,.btn:active.focus,.btn.active.focus{outline:5px auto -webkit-focus-ring-color;outline-offset:-2px}.btn:hover,.btn:focus,.btn.focus{color:#333;text-decoration:none}.btn:active,.btn.active{outline:0;background-image:none;-webkit-box-shadow:inset 0 3px 5px rgba(0,0,0,0.125);box-shadow:inset 0 3px 5px rgba(0,0,0,0.125)}.btn.disabled,.btn[disabled],fieldset[disabled] .btn{cursor:not-allowed;opacity:.65;filter:alpha(opacity=65);-webkit-box-shadow:none;box-shadow:none}a.btn.disabled,fieldset[disabled] a.btn{pointer-events:none}.btn-default{color:#333;background-color:#fff;border-color:#ccc}.btn-default:focus,.btn-default.focus{color:#333;background-color:#e6e6e6;border-color:#8c8c8c}.btn-default:hover{color:#333;background-color:#e6e6e6;border-color:#adadad}.btn-default:active,.btn-default.active,.open>.dropdown-toggle.btn-default{color:#333;background-color:#e6e6e6;border-color:#adadad}.btn-default:active:hover,.btn-default.active:hover,.open>.dropdown-toggle.btn-default:hover,.btn-default:active:focus,.btn-default.active:focus,.open>.dropdown-toggle.btn-default:focus,.btn-default:active.focus,.btn-default.active.focus,.open>.dropdown-toggle.btn-default.focus{color:#333;background-color:#d4d4d4;border-color:#8c8c8c}.btn-default:active,.btn-default.active,.open>.dropdown-toggle.btn-default{background-image:none}.btn-default.disabled:hover,.btn-default[disabled]:hover,fieldset[disabled] .btn-default:hover,.btn-default.disabled:focus,.btn-default[disabled]:focus,fieldset[disabled] .btn-default:focus,.btn-default.disabled.focus,.btn-default[disabled].focus,fieldset[disabled] .btn-default.focus{background-color:#fff;border-color:#ccc}.btn-default .badge{color:#fff;background-color:#333}.btn-primary{color:#fff;background-color:#428bca;border-color:#357ebd}.btn-primary:focus,.btn-primary.focus{color:#fff;background-color:#3071a9;border-color:#193c5a}.btn-primary:hover{color:#fff;background-color:#3071a9;border-color:#285e8e}.btn-primary:active,.btn-primary.active,.open>.dropdown-toggle.btn-primary{color:#fff;background-color:#3071a9;border-color:#285e8e}.btn-primary:active:hover,.btn-primary.active:hover,.open>.dropdown-toggle.btn-primary:hover,.btn-primary:active:focus,.btn-primary.active:focus,.open>.dropdown-toggle.btn-primary:focus,.btn-primary:active.focus,.btn-primary.active.focus,.open>.dropdown-toggle.btn-primary.focus{color:#fff;background-color:#285e8e;border-color:#193c5a}.btn-primary:active,.btn-primary.active,.open>.dropdown-toggle.btn-primary{background-image:none}.btn-primary.disabled:hover,.btn-primary[disabled]:hover,fieldset[disabled] .btn-primary:hover,.btn-primary.disabled:focus,.btn-primary[disabled]:focus,fieldset[disabled] .btn-primary:focus,.btn-primary.disabled.focus,.btn-primary[disabled].focus,fieldset[disabled] .btn-primary.focus{background-color:#428bca;border-color:#357ebd}.btn-primary .badge{color:#428bca;background-color:#fff}.btn-success{color:#fff;background-color:#5cb85c;border-color:#4cae4c}.btn-success:focus,.btn-success.focus{color:#fff;background-color:#449d44;border-color:#255625}.btn-success:hover{color:#fff;background-color:#449d44;border-color:#398439}.btn-success:active,.btn-success.active,.open>.dropdown-toggle.btn-success{color:#fff;background-color:#449d44;border-color:#398439}.btn-success:active:hover,.btn-success.active:hover,.open>.dropdown-toggle.btn-success:hover,.btn-success:active:focus,.btn-success.active:focus,.open>.dropdown-toggle.btn-success:focus,.btn-success:active.focus,.btn-success.active.focus,.open>.dropdown-toggle.btn-success.focus{color:#fff;background-color:#398439;border-color:#255625}.btn-success:active,.btn-success.active,.open>.dropdown-toggle.btn-success{background-image:none}.btn-success.disabled:hover,.btn-success[disabled]:hover,fieldset[disabled] .btn-success:hover,.btn-success.disabled:focus,.btn-success[disabled]:focus,fieldset[disabled] .btn-success:focus,.btn-success.disabled.focus,.btn-success[disabled].focus,fieldset[disabled] .btn-success.focus{background-color:#5cb85c;border-color:#4cae4c}.btn-success .badge{color:#5cb85c;background-color:#fff}.btn-info{color:#fff;background-color:#5bc0de;border-color:#46b8da}.btn-info:focus,.btn-info.focus{color:#fff;background-color:#31b0d5;border-color:#1b6d85}.btn-info:hover{color:#fff;background-color:#31b0d5;border-color:#269abc}.btn-info:active,.btn-info.active,.open>.dropdown-toggle.btn-info{color:#fff;background-color:#31b0d5;border-color:#269abc}.btn-info:active:hover,.btn-info.active:hover,.open>.dropdown-toggle.btn-info:hover,.btn-info:active:focus,.btn-info.active:focus,.open>.dropdown-toggle.btn-info:focus,.btn-info:active.focus,.btn-info.active.focus,.open>.dropdown-toggle.btn-info.focus{color:#fff;background-color:#269abc;border-color:#1b6d85}.btn-info:active,.btn-info.active,.open>.dropdown-toggle.btn-info{background-image:none}.btn-info.disabled:hover,.btn-info[disabled]:hover,fieldset[disabled] .btn-info:hover,.btn-info.disabled:focus,.btn-info[disabled]:focus,fieldset[disabled] .btn-info:focus,.btn-info.disabled.focus,.btn-info[disabled].focus,fieldset[disabled] .btn-info.focus{background-color:#5bc0de;border-color:#46b8da}.btn-info .badge{color:#5bc0de;background-color:#fff}.btn-warning{color:#fff;background-color:#f0ad4e;border-color:#eea236}.btn-warning:focus,.btn-warning.focus{color:#fff;background-color:#ec971f;border-color:#985f0d}.btn-warning:hover{color:#fff;background-color:#ec971f;border-color:#d58512}.btn-warning:active,.btn-warning.active,.open>.dropdown-toggle.btn-warning{color:#fff;background-color:#ec971f;border-color:#d58512}.btn-warning:active:hover,.btn-warning.active:hover,.open>.dropdown-toggle.btn-warning:hover,.btn-warning:active:focus,.btn-warning.active:focus,.open>.dropdown-toggle.btn-warning:focus,.btn-warning:active.focus,.btn-warning.active.focus,.open>.dropdown-toggle.btn-warning.focus{color:#fff;background-color:#d58512;border-color:#985f0d}.btn-warning:active,.btn-warning.active,.open>.dropdown-toggle.btn-warning{background-image:none}.btn-warning.disabled:hover,.btn-warning[disabled]:hover,fieldset[disabled] .btn-warning:hover,.btn-warning.disabled:focus,.btn-warning[disabled]:focus,fieldset[disabled] .btn-warning:focus,.btn-warning.disabled.focus,.btn-warning[disabled].focus,fieldset[disabled] .btn-warning.focus{background-color:#f0ad4e;border-color:#eea236}.btn-warning .badge{color:#f0ad4e;background-color:#fff}.btn-danger{color:#fff;background-color:#d9534f;border-color:#d43f3a}.btn-danger:focus,.btn-danger.focus{color:#fff;background-color:#c9302c;border-color:#761c19}.btn-danger:hover{color:#fff;background-color:#c9302c;border-color:#ac2925}.btn-danger:active,.btn-danger.active,.open>.dropdown-toggle.btn-danger{color:#fff;background-color:#c9302c;border-color:#ac2925}.btn-danger:active:hover,.btn-danger.active:hover,.open>.dropdown-toggle.btn-danger:hover,.btn-danger:active:focus,.btn-danger.active:focus,.open>.dropdown-toggle.btn-danger:focus,.btn-danger:active.focus,.btn-danger.active.focus,.open>.dropdown-toggle.btn-danger.focus{color:#fff;background-color:#ac2925;border-color:#761c19}.btn-danger:active,.btn-danger.active,.open>.dropdown-toggle.btn-danger{background-image:none}.btn-danger.disabled:hover,.btn-danger[disabled]:hover,fieldset[disabled] .btn-danger:hover,.btn-danger.disabled:focus,.btn-danger[disabled]:focus,fieldset[disabled] .btn-danger:focus,.btn-danger.disabled.focus,.btn-danger[disabled].focus,fieldset[disabled] .btn-danger.focus{background-color:#d9534f;border-color:#d43f3a}.btn-danger .badge{color:#d9534f;background-color:#fff}.btn-link{color:#428bca;font-weight:normal;border-radius:0}.btn-link,.btn-link:active,.btn-link.active,.btn-link[disabled],fieldset[disabled] .btn-link{background-color:transparent;-webkit-box-shadow:none;box-shadow:none}.btn-link,.btn-link:hover,.btn-link:focus,.btn-link:active{border-color:transparent}.btn-link:hover,.btn-link:focus{color:#2a6496;text-decoration:underline;background-color:transparent}.btn-link[disabled]:hover,fieldset[disabled] .btn-link:hover,.btn-link[disabled]:focus,fieldset[disabled] .btn-link:focus{color:#777;text-decoration:none}.btn-lg,.btn-group-lg>.btn{padding:10px 16px;font-size:18px;line-height:1.33;border-radius:6px}.btn-sm,.btn-group-sm>.btn{padding:5px 10px;font-size:12px;line-height:1.5;border-radius:3px}.btn-xs,.btn-group-xs>.btn{padding:1px 5px;font-size:12px;line-height:1.5;border-radius:3px}.btn-block{display:block;width:100%}.btn-block+.btn-block{margin-top:5px}input[type="submit"].btn-block,input[type="reset"].btn-block,input[type="button"].btn-block{width:100%}.fade{opacity:0;-webkit-transition:opacity .15s linear;-o-transition:opacity .15s linear;transition:opacity .15s linear}.fade.in{opacity:1}.collapse{display:none}.collapse.in{display:block}tr.collapse.in{display:table-row}tbody.collapse.in{display:table-row-group}.collapsing{position:relative;height:0;overflow:hidden;-webkit-transition-property:height, visibility;-o-transition-property:height, visibility;transition-property:height, visibility;-webkit-transition-duration:.35s;-o-transition-duration:.35s;transition-duration:.35s;-webkit-transition-timing-function:ease;-o-transition-timing-function:ease;transition-timing-function:ease}.btn-group,.btn-group-vertical{position:relative;display:inline-block;vertical-align:middle}.btn-group>.btn,.btn-group-vertical>.btn{position:relative;float:left}.btn-group>.btn:hover,.btn-group-vertical>.btn:hover,.btn-group>.btn:focus,.btn-group-vertical>.btn:focus,.btn-group>.btn:active,.btn-group-vertical>.btn:active,.btn-group>.btn.active,.btn-group-vertical>.btn.active{z-index:2}.btn-group .btn+.btn,.btn-group .btn+.btn-group,.btn-group .btn-group+.btn,.btn-group .btn-group+.btn-group{margin-left:-1px}.btn-toolbar{margin-left:-5px}.btn-toolbar .btn,.btn-toolbar .btn-group,.btn-toolbar .input-group{float:left}.btn-toolbar>.btn,.btn-toolbar>.btn-group,.btn-toolbar>.input-group{margin-left:5px}.btn-group>.btn:not(:first-child):not(:last-child):not(.dropdown-toggle){border-radius:0}.btn-group>.btn:first-child{margin-left:0}.btn-group>.btn:first-child:not(:last-child):not(.dropdown-toggle){border-bottom-right-radius:0;border-top-right-radius:0}.btn-group>.btn:last-child:not(:first-child),.btn-group>.dropdown-toggle:not(:first-child){border-bottom-left-radius:0;border-top-left-radius:0}.btn-group>.btn-group{float:left}.btn-group>.btn-group:not(:first-child):not(:last-child)>.btn{border-radius:0}.btn-group>.btn-group:first-child:not(:last-child)>.btn:last-child,.btn-group>.btn-group:first-child:not(:last-child)>.dropdown-toggle{border-bottom-right-radius:0;border-top-right-radius:0}.btn-group>.btn-group:last-child:not(:first-child)>.btn:first-child{border-bottom-left-radius:0;border-top-left-radius:0}.btn-group .dropdown-toggle:active,.btn-group.open .dropdown-toggle{outline:0}.btn-group>.btn+.dropdown-toggle{padding-left:8px;padding-right:8px}.btn-group>.btn-lg+.dropdown-toggle{padding-left:12px;padding-right:12px}.btn-group.open .dropdown-toggle{-webkit-box-shadow:inset 0 3px 5px rgba(0,0,0,0.125);box-shadow:inset 0 3px 5px rgba(0,0,0,0.125)}.btn-group.open .dropdown-toggle.btn-link{-webkit-box-shadow:none;box-shadow:none}.btn .caret{margin-left:0}.btn-lg .caret{border-width:5px 5px 0;border-bottom-width:0}.dropup .btn-lg .caret{border-width:0 5px 5px}.btn-group-vertical>.btn,.btn-group-vertical>.btn-group,.btn-group-vertical>.btn-group>.btn{display:block;float:none;width:100%;max-width:100%}.btn-group-vertical>.btn-group>.btn{float:none}.btn-group-vertical>.btn+.btn,.btn-group-vertical>.btn+.btn-group,.btn-group-vertical>.btn-group+.btn,.btn-group-vertical>.btn-group+.btn-group{margin-top:-1px;margin-left:0}.btn-group-vertical>.btn:not(:first-child):not(:last-child){border-radius:0}.btn-group-vertical>.btn:first-child:not(:last-child){border-top-right-radius:4px;border-top-left-radius:4px;border-bottom-right-radius:0;border-bottom-left-radius:0}.btn-group-vertical>.btn:last-child:not(:first-child){border-top-right-radius:0;border-top-left-radius:0;border-bottom-right-radius:4px;border-bottom-left-radius:4px}.btn-group-vertical>.btn-group:not(:first-child):not(:last-child)>.btn{border-radius:0}.btn-group-vertical>.btn-group:first-child:not(:last-child)>.btn:last-child,.btn-group-vertical>.btn-group:first-child:not(:last-child)>.dropdown-toggle{border-bottom-right-radius:0;border-bottom-left-radius:0}.btn-group-vertical>.btn-group:last-child:not(:first-child)>.btn:first-child{border-top-right-radius:0;border-top-left-radius:0}.btn-group-justified{display:table;width:100%;table-layout:fixed;border-collapse:separate}.btn-group-justified>.btn,.btn-group-justified>.btn-group{float:none;display:table-cell;width:1%}.btn-group-justified>.btn-group .btn{width:100%}.btn-group-justified>.btn-group .dropdown-menu{left:auto}[data-toggle="buttons"]>.btn input[type="radio"],[data-toggle="buttons"]>.btn-group>.btn input[type="radio"],[data-toggle="buttons"]>.btn input[type="checkbox"],[data-toggle="buttons"]>.btn-group>.btn input[type="checkbox"]{position:absolute;clip:rect(0, 0, 0, 0);pointer-events:none}.input-group{position:relative;display:table;border-collapse:separate}.input-group[class*="col-"]{float:none;padding-left:0;padding-right:0}.input-group .form-control{position:relative;z-index:2;float:left;width:100%;margin-bottom:0}.input-group .form-control:focus{z-index:3}.input-group-lg>.form-control,.input-group-lg>.input-group-addon,.input-group-lg>.input-group-btn>.btn{height:46px;padding:10px 16px;font-size:18px;line-height:1.33;border-radius:6px}select.input-group-lg>.form-control,select.input-group-lg>.input-group-addon,select.input-group-lg>.input-group-btn>.btn{height:46px;line-height:46px}textarea.input-group-lg>.form-control,textarea.input-group-lg>.input-group-addon,textarea.input-group-lg>.input-group-btn>.btn,select[multiple].input-group-lg>.form-control,select[multiple].input-group-lg>.input-group-addon,select[multiple].input-group-lg>.input-group-btn>.btn{height:auto}.input-group-sm>.form-control,.input-group-sm>.input-group-addon,.input-group-sm>.input-group-btn>.btn{height:30px;padding:5px 10px;font-size:12px;line-height:1.5;border-radius:3px}select.input-group-sm>.form-control,select.input-group-sm>.input-group-addon,select.input-group-sm>.input-group-btn>.btn{height:30px;line-height:30px}textarea.input-group-sm>.form-control,textarea.input-group-sm>.input-group-addon,textarea.input-group-sm>.input-group-btn>.btn,select[multiple].input-group-sm>.form-control,select[multiple].input-group-sm>.input-group-addon,select[multiple].input-group-sm>.input-group-btn>.btn{height:auto}.input-group-addon,.input-group-btn,.input-group .form-control{display:table-cell}.input-group-addon:not(:first-child):not(:last-child),.input-group-btn:not(:first-child):not(:last-child),.input-group .form-control:not(:first-child):not(:last-child){border-radius:0}.input-group-addon,.input-group-btn{width:1%;white-space:nowrap;vertical-align:middle}.input-group-addon{padding:6px 12px;font-size:14px;font-weight:normal;line-height:1;color:#555;text-align:center;background-color:#eee;border:1px solid #ccc;border-radius:4px}.input-group-addon.input-sm{padding:5px 10px;font-size:12px;border-radius:3px}.input-group-addon.input-lg{padding:10px 16px;font-size:18px;border-radius:6px}.input-group-addon input[type="radio"],.input-group-addon input[type="checkbox"]{margin-top:0}.input-group .form-control:first-child,.input-group-addon:first-child,.input-group-btn:first-child>.btn,.input-group-btn:first-child>.btn-group>.btn,.input-group-btn:first-child>.dropdown-toggle,.input-group-btn:last-child>.btn:not(:last-child):not(.dropdown-toggle),.input-group-btn:last-child>.btn-group:not(:last-child)>.btn{border-bottom-right-radius:0;border-top-right-radius:0}.input-group-addon:first-child{border-right:0}.input-group .form-control:last-child,.input-group-addon:last-child,.input-group-btn:last-child>.btn,.input-group-btn:last-child>.btn-group>.btn,.input-group-btn:last-child>.dropdown-toggle,.input-group-btn:first-child>.btn:not(:first-child),.input-group-btn:first-child>.btn-group:not(:first-child)>.btn{border-bottom-left-radius:0;border-top-left-radius:0}.input-group-addon:last-child{border-left:0}.input-group-btn{position:relative;font-size:0;white-space:nowrap}.input-group-btn>.btn{position:relative}.input-group-btn>.btn+.btn{margin-left:-1px}.input-group-btn>.btn:hover,.input-group-btn>.btn:focus,.input-group-btn>.btn:active{z-index:2}.input-group-btn:first-child>.btn,.input-group-btn:first-child>.btn-group{margin-right:-1px}.input-group-btn:last-child>.btn,.input-group-btn:last-child>.btn-group{z-index:2;margin-left:-1px}.nav{margin-bottom:0;padding-left:0;list-style:none}.nav>li{position:relative;display:block}.nav>li>a{position:relative;display:block;padding:10px 15px}.nav>li>a:hover,.nav>li>a:focus{text-decoration:none;background-color:#eee}.nav>li.disabled>a{color:#777}.nav>li.disabled>a:hover,.nav>li.disabled>a:focus{color:#777;text-decoration:none;background-color:transparent;cursor:not-allowed}.nav .open>a,.nav .open>a:hover,.nav .open>a:focus{background-color:#eee;border-color:#428bca}.nav .nav-divider{height:1px;margin:9px 0;overflow:hidden;background-color:#e5e5e5}.nav>li>a>img{max-width:none}.nav-tabs{border-bottom:1px solid #ddd}.nav-tabs>li{float:left;margin-bottom:-1px}.nav-tabs>li>a{margin-right:2px;line-height:1.42857143;border:1px solid transparent;border-radius:4px 4px 0 0}.nav-tabs>li>a:hover{border-color:#eee #eee #ddd}.nav-tabs>li.active>a,.nav-tabs>li.active>a:hover,.nav-tabs>li.active>a:focus{color:#555;background-color:#fff;border:1px solid #ddd;border-bottom-color:transparent;cursor:default}.nav-tabs.nav-justified{width:100%;border-bottom:0}.nav-tabs.nav-justified>li{float:none}.nav-tabs.nav-justified>li>a{text-align:center;margin-bottom:5px}.nav-tabs.nav-justified>.dropdown .dropdown-menu{top:auto;left:auto}@media (min-width:768px){.nav-tabs.nav-justified>li{display:table-cell;width:1%}.nav-tabs.nav-justified>li>a{margin-bottom:0}}.nav-tabs.nav-justified>li>a{margin-right:0;border-radius:4px}.nav-tabs.nav-justified>.active>a,.nav-tabs.nav-justified>.active>a:hover,.nav-tabs.nav-justified>.active>a:focus{border:1px solid #ddd}@media (min-width:768px){.nav-tabs.nav-justified>li>a{border-bottom:1px solid #ddd;border-radius:4px 4px 0 0}.nav-tabs.nav-justified>.active>a,.nav-tabs.nav-justified>.active>a:hover,.nav-tabs.nav-justified>.active>a:focus{border-bottom-color:#fff}}.nav-pills>li{float:left}.nav-pills>li>a{border-radius:4px}.nav-pills>li+li{margin-left:2px}.nav-pills>li.active>a,.nav-pills>li.active>a:hover,.nav-pills>li.active>a:focus{color:#fff;background-color:#428bca}.nav-stacked>li{float:none}.nav-stacked>li+li{margin-top:2px;margin-left:0}.nav-justified{width:100%}.nav-justified>li{float:none}.nav-justified>li>a{text-align:center;margin-bottom:5px}.nav-justified>.dropdown .dropdown-menu{top:auto;left:auto}@media (min-width:768px){.nav-justified>li{display:table-cell;width:1%}.nav-justified>li>a{margin-bottom:0}}.nav-tabs-justified{border-bottom:0}.nav-tabs-justified>li>a{margin-right:0;border-radius:4px}.nav-tabs-justified>.active>a,.nav-tabs-justified>.active>a:hover,.nav-tabs-justified>.active>a:focus{border:1px solid #ddd}@media (min-width:768px){.nav-tabs-justified>li>a{border-bottom:1px solid #ddd;border-radius:4px 4px 0 0}.nav-tabs-justified>.active>a,.nav-tabs-justified>.active>a:hover,.nav-tabs-justified>.active>a:focus{border-bottom-color:#fff}}.tab-content>.tab-pane{display:none}.tab-content>.active{display:block}.nav-tabs .dropdown-menu{margin-top:-1px;border-top-right-radius:0;border-top-left-radius:0}.navbar{position:relative;min-height:50px;margin-bottom:20px;border:1px solid transparent}@media (min-width:768px){.navbar{border-radius:4px}}@media (min-width:768px){.navbar-header{float:left}}.navbar-collapse{overflow-x:visible;padding-right:15px;padding-left:15px;border-top:1px solid transparent;-webkit-box-shadow:inset 0 1px 0 rgba(255,255,255,0.1);box-shadow:inset 0 1px 0 rgba(255,255,255,0.1);-webkit-overflow-scrolling:touch}.navbar-collapse.in{overflow-y:auto}@media (min-width:768px){.navbar-collapse{width:auto;border-top:0;-webkit-box-shadow:none;box-shadow:none}.navbar-collapse.collapse{display:block !important;height:auto !important;padding-bottom:0;overflow:visible !important}.navbar-collapse.in{overflow-y:visible}.navbar-fixed-top .navbar-collapse,.navbar-static-top .navbar-collapse,.navbar-fixed-bottom .navbar-collapse{padding-left:0;padding-right:0}}.navbar-fixed-top .navbar-collapse,.navbar-fixed-bottom .navbar-collapse{max-height:340px}@media (max-device-width:480px) and (orientation:landscape){.navbar-fixed-top .navbar-collapse,.navbar-fixed-bottom .navbar-collapse{max-height:200px}}.container>.navbar-header,.container-fluid>.navbar-header,.container>.navbar-collapse,.container-fluid>.navbar-collapse{margin-right:-15px;margin-left:-15px}@media (min-width:768px){.container>.navbar-header,.container-fluid>.navbar-header,.container>.navbar-collapse,.container-fluid>.navbar-collapse{margin-right:0;margin-left:0}}.navbar-static-top{z-index:1000;border-width:0 0 1px}@media (min-width:768px){.navbar-static-top{border-radius:0}}.navbar-fixed-top,.navbar-fixed-bottom{position:fixed;right:0;left:0;z-index:1030}@media (min-width:768px){.navbar-fixed-top,.navbar-fixed-bottom{border-radius:0}}.navbar-fixed-top{top:0;border-width:0 0 1px}.navbar-fixed-bottom{bottom:0;margin-bottom:0;border-width:1px 0 0}.navbar-brand{float:left;padding:15px 15px;font-size:18px;line-height:20px;height:50px}.navbar-brand:hover,.navbar-brand:focus{text-decoration:none}.navbar-brand>img{display:block}@media (min-width:768px){.navbar>.container .navbar-brand,.navbar>.container-fluid .navbar-brand{margin-left:-15px}}.navbar-toggle{position:relative;float:right;margin-right:15px;padding:9px 10px;margin-top:8px;margin-bottom:8px;background-color:transparent;background-image:none;border:1px solid transparent;border-radius:4px}.navbar-toggle:focus{outline:0}.navbar-toggle .icon-bar{display:block;width:22px;height:2px;border-radius:1px}.navbar-toggle .icon-bar+.icon-bar{margin-top:4px}@media (min-width:768px){.navbar-toggle{display:none}}.navbar-nav{margin:7.5px -15px}.navbar-nav>li>a{padding-top:10px;padding-bottom:10px;line-height:20px}@media (max-width:767px){.navbar-nav .open .dropdown-menu{position:static;float:none;width:auto;margin-top:0;background-color:transparent;border:0;-webkit-box-shadow:none;box-shadow:none}.navbar-nav .open .dropdown-menu>li>a,.navbar-nav .open .dropdown-menu .dropdown-header{padding:5px 15px 5px 25px}.navbar-nav .open .dropdown-menu>li>a{line-height:20px}.navbar-nav .open .dropdown-menu>li>a:hover,.navbar-nav .open .dropdown-menu>li>a:focus{background-image:none}}@media (min-width:768px){.navbar-nav{float:left;margin:0}.navbar-nav>li{float:left}.navbar-nav>li>a{padding-top:15px;padding-bottom:15px}}.navbar-form{margin-left:-15px;margin-right:-15px;padding:10px 15px;border-top:1px solid transparent;border-bottom:1px solid transparent;-webkit-box-shadow:inset 0 1px 0 rgba(255,255,255,0.1),0 1px 0 rgba(255,255,255,0.1);box-shadow:inset 0 1px 0 rgba(255,255,255,0.1),0 1px 0 rgba(255,255,255,0.1);margin-top:8px;margin-bottom:8px}@media (min-width:768px){.navbar-form .form-group{display:inline-block;margin-bottom:0;vertical-align:middle}.navbar-form .form-control{display:inline-block;width:auto;vertical-align:middle}.navbar-form .form-control-static{display:inline-block}.navbar-form .input-group{display:inline-table;vertical-align:middle}.navbar-form .input-group .input-group-addon,.navbar-form .input-group .input-group-btn,.navbar-form .input-group .form-control{width:auto}.navbar-form .input-group>.form-control{width:100%}.navbar-form .control-label{margin-bottom:0;vertical-align:middle}.navbar-form .radio,.navbar-form .checkbox{display:inline-block;margin-top:0;margin-bottom:0;vertical-align:middle}.navbar-form .radio label,.navbar-form .checkbox label{padding-left:0}.navbar-form .radio input[type="radio"],.navbar-form .checkbox input[type="checkbox"]{position:relative;margin-left:0}.navbar-form .has-feedback .form-control-feedback{top:0}}@media (max-width:767px){.navbar-form .form-group{margin-bottom:5px}.navbar-form .form-group:last-child{margin-bottom:0}}@media (min-width:768px){.navbar-form{width:auto;border:0;margin-left:0;margin-right:0;padding-top:0;padding-bottom:0;-webkit-box-shadow:none;box-shadow:none}}.navbar-nav>li>.dropdown-menu{margin-top:0;border-top-right-radius:0;border-top-left-radius:0}.navbar-fixed-bottom .navbar-nav>li>.dropdown-menu{margin-bottom:0;border-top-right-radius:4px;border-top-left-radius:4px;border-bottom-right-radius:0;border-bottom-left-radius:0}.navbar-btn{margin-top:8px;margin-bottom:8px}.navbar-btn.btn-sm{margin-top:10px;margin-bottom:10px}.navbar-btn.btn-xs{margin-top:14px;margin-bottom:14px}.navbar-text{margin-top:15px;margin-bottom:15px}@media (min-width:768px){.navbar-text{float:left;margin-left:15px;margin-right:15px}}@media (min-width:768px){.navbar-left{float:left !important}.navbar-right{float:right !important;margin-right:-15px}.navbar-right~.navbar-right{margin-right:0}}.navbar-default{background-color:#f8f8f8;border-color:#e7e7e7}.navbar-default .navbar-brand{color:#777}.navbar-default .navbar-brand:hover,.navbar-default .navbar-brand:focus{color:#5e5e5e;background-color:transparent}.navbar-default .navbar-text{color:#777}.navbar-default .navbar-nav>li>a{color:#777}.navbar-default .navbar-nav>li>a:hover,.navbar-default .navbar-nav>li>a:focus{color:#333;background-color:transparent}.navbar-default .navbar-nav>.active>a,.navbar-default .navbar-nav>.active>a:hover,.navbar-default .navbar-nav>.active>a:focus{color:#555;background-color:#e7e7e7}.navbar-default .navbar-nav>.disabled>a,.navbar-default .navbar-nav>.disabled>a:hover,.navbar-default .navbar-nav>.disabled>a:focus{color:#ccc;background-color:transparent}.navbar-default .navbar-toggle{border-color:#ddd}.navbar-default .navbar-toggle:hover,.navbar-default .navbar-toggle:focus{background-color:#ddd}.navbar-default .navbar-toggle .icon-bar{background-color:#888}.navbar-default .navbar-collapse,.navbar-default .navbar-form{border-color:#e7e7e7}.navbar-default .navbar-nav>.open>a,.navbar-default .navbar-nav>.open>a:hover,.navbar-default .navbar-nav>.open>a:focus{background-color:#e7e7e7;color:#555}@media (max-width:767px){.navbar-default .navbar-nav .open .dropdown-menu>li>a{color:#777}.navbar-default .navbar-nav .open .dropdown-menu>li>a:hover,.navbar-default .navbar-nav .open .dropdown-menu>li>a:focus{color:#333;background-color:transparent}.navbar-default .navbar-nav .open .dropdown-menu>.active>a,.navbar-default .navbar-nav .open .dropdown-menu>.active>a:hover,.navbar-default .navbar-nav .open .dropdown-menu>.active>a:focus{color:#555;background-color:#e7e7e7}.navbar-default .navbar-nav .open .dropdown-menu>.disabled>a,.navbar-default .navbar-nav .open .dropdown-menu>.disabled>a:hover,.navbar-default .navbar-nav .open .dropdown-menu>.disabled>a:focus{color:#ccc;background-color:transparent}}.navbar-default .navbar-link{color:#777}.navbar-default .navbar-link:hover{color:#333}.navbar-default .btn-link{color:#777}.navbar-default .btn-link:hover,.navbar-default .btn-link:focus{color:#333}.navbar-default .btn-link[disabled]:hover,fieldset[disabled] .navbar-default .btn-link:hover,.navbar-default .btn-link[disabled]:focus,fieldset[disabled] .navbar-default .btn-link:focus{color:#ccc}.navbar-inverse{background-color:#222;border-color:#080808}.navbar-inverse .navbar-brand{color:#777}.navbar-inverse .navbar-brand:hover,.navbar-inverse .navbar-brand:focus{color:#fff;background-color:transparent}.navbar-inverse .navbar-text{color:#777}.navbar-inverse .navbar-nav>li>a{color:#777}.navbar-inverse .navbar-nav>li>a:hover,.navbar-inverse .navbar-nav>li>a:focus{color:#fff;background-color:transparent}.navbar-inverse .navbar-nav>.active>a,.navbar-inverse .navbar-nav>.active>a:hover,.navbar-inverse .navbar-nav>.active>a:focus{color:#fff;background-color:#080808}.navbar-inverse .navbar-nav>.disabled>a,.navbar-inverse .navbar-nav>.disabled>a:hover,.navbar-inverse .navbar-nav>.disabled>a:focus{color:#444;background-color:transparent}.navbar-inverse .navbar-toggle{border-color:#333}.navbar-inverse .navbar-toggle:hover,.navbar-inverse .navbar-toggle:focus{background-color:#333}.navbar-inverse .navbar-toggle .icon-bar{background-color:#fff}.navbar-inverse .navbar-collapse,.navbar-inverse .navbar-form{border-color:#101010}.navbar-inverse .navbar-nav>.open>a,.navbar-inverse .navbar-nav>.open>a:hover,.navbar-inverse .navbar-nav>.open>a:focus{background-color:#080808;color:#fff}@media (max-width:767px){.navbar-inverse .navbar-nav .open .dropdown-menu>.dropdown-header{border-color:#080808}.navbar-inverse .navbar-nav .open .dropdown-menu .divider{background-color:#080808}.navbar-inverse .navbar-nav .open .dropdown-menu>li>a{color:#777}.navbar-inverse .navbar-nav .open .dropdown-menu>li>a:hover,.navbar-inverse .navbar-nav .open .dropdown-menu>li>a:focus{color:#fff;background-color:transparent}.navbar-inverse .navbar-nav .open .dropdown-menu>.active>a,.navbar-inverse .navbar-nav .open .dropdown-menu>.active>a:hover,.navbar-inverse .navbar-nav .open .dropdown-menu>.active>a:focus{color:#fff;background-color:#080808}.navbar-inverse .navbar-nav .open .dropdown-menu>.disabled>a,.navbar-inverse .navbar-nav .open .dropdown-menu>.disabled>a:hover,.navbar-inverse .navbar-nav .open .dropdown-menu>.disabled>a:focus{color:#444;background-color:transparent}}.navbar-inverse .navbar-link{color:#777}.navbar-inverse .navbar-link:hover{color:#fff}.navbar-inverse .btn-link{color:#777}.navbar-inverse .btn-link:hover,.navbar-inverse .btn-link:focus{color:#fff}.navbar-inverse .btn-link[disabled]:hover,fieldset[disabled] .navbar-inverse .btn-link:hover,.navbar-inverse .btn-link[disabled]:focus,fieldset[disabled] .navbar-inverse .btn-link:focus{color:#444}.label{display:inline;padding:.2em .6em .3em;font-size:75%;font-weight:bold;line-height:1;color:#fff;text-align:center;white-space:nowrap;vertical-align:baseline;border-radius:.25em}a.label:hover,a.label:focus{color:#fff;text-decoration:none;cursor:pointer}.label:empty{display:none}.btn .label{position:relative;top:-1px}.label-default{background-color:#777}.label-default[href]:hover,.label-default[href]:focus{background-color:#5e5e5e}.label-primary{background-color:#428bca}.label-primary[href]:hover,.label-primary[href]:focus{background-color:#3071a9}.label-success{background-color:#5cb85c}.label-success[href]:hover,.label-success[href]:focus{background-color:#449d44}.label-info{background-color:#5bc0de}.label-info[href]:hover,.label-info[href]:focus{background-color:#31b0d5}.label-warning{background-color:#f0ad4e}.label-warning[href]:hover,.label-warning[href]:focus{background-color:#ec971f}.label-danger{background-color:#d9534f}.label-danger[href]:hover,.label-danger[href]:focus{background-color:#c9302c}.badge{display:inline-block;min-width:10px;padding:3px 7px;font-size:12px;font-weight:bold;color:#fff;line-height:1;vertical-align:middle;white-space:nowrap;text-align:center;background-color:#777;border-radius:10px}.badge:empty{display:none}.btn .badge{position:relative;top:-1px}.btn-xs .badge,.btn-group-xs>.btn .badge{top:0;padding:1px 5px}a.badge:hover,a.badge:focus{color:#fff;text-decoration:none;cursor:pointer}.list-group-item.active>.badge,.nav-pills>.active>a>.badge{color:#428bca;background-color:#fff}.list-group-item>.badge{float:right}.list-group-item>.badge+.badge{margin-right:5px}.nav-pills>li>a>.badge{margin-left:3px}.alert{padding:15px;margin-bottom:20px;border:1px solid transparent;border-radius:4px}.alert h4{margin-top:0;color:inherit}.alert .alert-link{font-weight:bold}.alert>p,.alert>ul{margin-bottom:0}.alert>p+p{margin-top:5px}.alert-dismissable,.alert-dismissible{padding-right:35px}.alert-dismissable .close,.alert-dismissible .close{position:relative;top:-2px;right:-21px;color:inherit}.alert-success{background-color:#dff0d8;border-color:#d6e9c6;color:#3c763d}.alert-success hr{border-top-color:#c9e2b3}.alert-success .alert-link{color:#2b542c}.alert-info{background-color:#d9edf7;border-color:#bce8f1;color:#31708f}.alert-info hr{border-top-color:#a6e1ec}.alert-info .alert-link{color:#245269}.alert-warning{background-color:#fcf8e3;border-color:#faebcc;color:#8a6d3b}.alert-warning hr{border-top-color:#f7e1b5}.alert-warning .alert-link{color:#66512c}.alert-danger{background-color:#f2dede;border-color:#ebccd1;color:#a94442}.alert-danger hr{border-top-color:#e4b9c0}.alert-danger .alert-link{color:#843534}@-webkit-keyframes progress-bar-stripes{from{background-position:40px 0}to{background-position:0 0}}@-o-keyframes progress-bar-stripes{from{background-position:40px 0}to{background-position:0 0}}@keyframes progress-bar-stripes{from{background-position:40px 0}to{background-position:0 0}}.progress{overflow:hidden;height:20px;margin-bottom:20px;background-color:#f5f5f5;border-radius:4px;-webkit-box-shadow:inset 0 1px 2px rgba(0,0,0,0.1);box-shadow:inset 0 1px 2px rgba(0,0,0,0.1)}.progress-bar{float:left;width:0%;height:100%;font-size:12px;line-height:20px;color:#fff;text-align:center;background-color:#428bca;-webkit-box-shadow:inset 0 -1px 0 rgba(0,0,0,0.15);box-shadow:inset 0 -1px 0 rgba(0,0,0,0.15);-webkit-transition:width .6s ease;-o-transition:width .6s ease;transition:width .6s ease}.progress-striped .progress-bar,.progress-bar-striped{background-image:-webkit-linear-gradient(45deg, rgba(255,255,255,0.15) 25%, transparent 25%, transparent 50%, rgba(255,255,255,0.15) 50%, rgba(255,255,255,0.15) 75%, transparent 75%, transparent);background-image:-o-linear-gradient(45deg, rgba(255,255,255,0.15) 25%, transparent 25%, transparent 50%, rgba(255,255,255,0.15) 50%, rgba(255,255,255,0.15) 75%, transparent 75%, transparent);background-image:linear-gradient(45deg, rgba(255,255,255,0.15) 25%, transparent 25%, transparent 50%, rgba(255,255,255,0.15) 50%, rgba(255,255,255,0.15) 75%, transparent 75%, transparent);-webkit-background-size:40px 40px;background-size:40px 40px}.progress.active .progress-bar,.progress-bar.active{-webkit-animation:progress-bar-stripes 2s linear infinite;-o-animation:progress-bar-stripes 2s linear infinite;animation:progress-bar-stripes 2s linear infinite}.progress-bar-success{background-color:#5cb85c}.progress-striped .progress-bar-success{background-image:-webkit-linear-gradient(45deg, rgba(255,255,255,0.15) 25%, transparent 25%, transparent 50%, rgba(255,255,255,0.15) 50%, rgba(255,255,255,0.15) 75%, transparent 75%, transparent);background-image:-o-linear-gradient(45deg, rgba(255,255,255,0.15) 25%, transparent 25%, transparent 50%, rgba(255,255,255,0.15) 50%, rgba(255,255,255,0.15) 75%, transparent 75%, transparent);background-image:linear-gradient(45deg, rgba(255,255,255,0.15) 25%, transparent 25%, transparent 50%, rgba(255,255,255,0.15) 50%, rgba(255,255,255,0.15) 75%, transparent 75%, transparent)}.progress-bar-info{background-color:#5bc0de}.progress-striped .progress-bar-info{background-image:-webkit-linear-gradient(45deg, rgba(255,255,255,0.15) 25%, transparent 25%, transparent 50%, rgba(255,255,255,0.15) 50%, rgba(255,255,255,0.15) 75%, transparent 75%, transparent);background-image:-o-linear-gradient(45deg, rgba(255,255,255,0.15) 25%, transparent 25%, transparent 50%, rgba(255,255,255,0.15) 50%, rgba(255,255,255,0.15) 75%, transparent 75%, transparent);background-image:linear-gradient(45deg, rgba(255,255,255,0.15) 25%, transparent 25%, transparent 50%, rgba(255,255,255,0.15) 50%, rgba(255,255,255,0.15) 75%, transparent 75%, transparent)}.progress-bar-warning{background-color:#f0ad4e}.progress-striped .progress-bar-warning{background-image:-webkit-linear-gradient(45deg, rgba(255,255,255,0.15) 25%, transparent 25%, transparent 50%, rgba(255,255,255,0.15) 50%, rgba(255,255,255,0.15) 75%, transparent 75%, transparent);background-image:-o-linear-gradient(45deg, rgba(255,255,255,0.15) 25%, transparent 25%, transparent 50%, rgba(255,255,255,0.15) 50%, rgba(255,255,255,0.15) 75%, transparent 75%, transparent);background-image:linear-gradient(45deg, rgba(255,255,255,0.15) 25%, transparent 25%, transparent 50%, rgba(255,255,255,0.15) 50%, rgba(255,255,255,0.15) 75%, transparent 75%, transparent)}.progress-bar-danger{background-color:#d9534f}.progress-striped .progress-bar-danger{background-image:-webkit-linear-gradient(45deg, rgba(255,255,255,0.15) 25%, transparent 25%, transparent 50%, rgba(255,255,255,0.15) 50%, rgba(255,255,255,0.15) 75%, transparent 75%, transparent);background-image:-o-linear-gradient(45deg, rgba(255,255,255,0.15) 25%, transparent 25%, transparent 50%, rgba(255,255,255,0.15) 50%, rgba(255,255,255,0.15) 75%, transparent 75%, transparent);background-image:linear-gradient(45deg, rgba(255,255,255,0.15) 25%, transparent 25%, transparent 50%, rgba(255,255,255,0.15) 50%, rgba(255,255,255,0.15) 75%, transparent 75%, transparent)}.panel{margin-bottom:20px;background-color:#fff;border:1px solid transparent;border-radius:4px;-webkit-box-shadow:0 1px 1px rgba(0,0,0,0.05);box-shadow:0 1px 1px rgba(0,0,0,0.05)}.panel-body{padding:15px}.panel-heading{padding:10px 15px;border-bottom:1px solid transparent;border-top-right-radius:3px;border-top-left-radius:3px}.panel-heading>.dropdown .dropdown-toggle{color:inherit}.panel-title{margin-top:0;margin-bottom:0;font-size:16px;color:inherit}.panel-title>a,.panel-title>small,.panel-title>.small,.panel-title>small>a,.panel-title>.small>a{color:inherit}.panel-footer{padding:10px 15px;background-color:#f5f5f5;border-top:1px solid #ddd;border-bottom-right-radius:3px;border-bottom-left-radius:3px}.panel>.list-group,.panel>.panel-collapse>.list-group{margin-bottom:0}.panel>.list-group .list-group-item,.panel>.panel-collapse>.list-group .list-group-item{border-width:1px 0;border-radius:0}.panel>.list-group:first-child .list-group-item:first-child,.panel>.panel-collapse>.list-group:first-child .list-group-item:first-child{border-top:0;border-top-right-radius:3px;border-top-left-radius:3px}.panel>.list-group:last-child .list-group-item:last-child,.panel>.panel-collapse>.list-group:last-child .list-group-item:last-child{border-bottom:0;border-bottom-right-radius:3px;border-bottom-left-radius:3px}.panel>.panel-heading+.panel-collapse>.list-group .list-group-item:first-child{border-top-right-radius:0;border-top-left-radius:0}.panel-heading+.list-group .list-group-item:first-child{border-top-width:0}.list-group+.panel-footer{border-top-width:0}.panel>.table,.panel>.table-responsive>.table,.panel>.panel-collapse>.table{margin-bottom:0}.panel>.table caption,.panel>.table-responsive>.table caption,.panel>.panel-collapse>.table caption{padding-left:15px;padding-right:15px}.panel>.table:first-child,.panel>.table-responsive:first-child>.table:first-child{border-top-right-radius:3px;border-top-left-radius:3px}.panel>.table:first-child>thead:first-child>tr:first-child,.panel>.table-responsive:first-child>.table:first-child>thead:first-child>tr:first-child,.panel>.table:first-child>tbody:first-child>tr:first-child,.panel>.table-responsive:first-child>.table:first-child>tbody:first-child>tr:first-child{border-top-left-radius:3px;border-top-right-radius:3px}.panel>.table:first-child>thead:first-child>tr:first-child td:first-child,.panel>.table-responsive:first-child>.table:first-child>thead:first-child>tr:first-child td:first-child,.panel>.table:first-child>tbody:first-child>tr:first-child td:first-child,.panel>.table-responsive:first-child>.table:first-child>tbody:first-child>tr:first-child td:first-child,.panel>.table:first-child>thead:first-child>tr:first-child th:first-child,.panel>.table-responsive:first-child>.table:first-child>thead:first-child>tr:first-child th:first-child,.panel>.table:first-child>tbody:first-child>tr:first-child th:first-child,.panel>.table-responsive:first-child>.table:first-child>tbody:first-child>tr:first-child th:first-child{border-top-left-radius:3px}.panel>.table:first-child>thead:first-child>tr:first-child td:last-child,.panel>.table-responsive:first-child>.table:first-child>thead:first-child>tr:first-child td:last-child,.panel>.table:first-child>tbody:first-child>tr:first-child td:last-child,.panel>.table-responsive:first-child>.table:first-child>tbody:first-child>tr:first-child td:last-child,.panel>.table:first-child>thead:first-child>tr:first-child th:last-child,.panel>.table-responsive:first-child>.table:first-child>thead:first-child>tr:first-child th:last-child,.panel>.table:first-child>tbody:first-child>tr:first-child th:last-child,.panel>.table-responsive:first-child>.table:first-child>tbody:first-child>tr:first-child th:last-child{border-top-right-radius:3px}.panel>.table:last-child,.panel>.table-responsive:last-child>.table:last-child{border-bottom-right-radius:3px;border-bottom-left-radius:3px}.panel>.table:last-child>tbody:last-child>tr:last-child,.panel>.table-responsive:last-child>.table:last-child>tbody:last-child>tr:last-child,.panel>.table:last-child>tfoot:last-child>tr:last-child,.panel>.table-responsive:last-child>.table:last-child>tfoot:last-child>tr:last-child{border-bottom-left-radius:3px;border-bottom-right-radius:3px}.panel>.table:last-child>tbody:last-child>tr:last-child td:first-child,.panel>.table-responsive:last-child>.table:last-child>tbody:last-child>tr:last-child td:first-child,.panel>.table:last-child>tfoot:last-child>tr:last-child td:first-child,.panel>.table-responsive:last-child>.table:last-child>tfoot:last-child>tr:last-child td:first-child,.panel>.table:last-child>tbody:last-child>tr:last-child th:first-child,.panel>.table-responsive:last-child>.table:last-child>tbody:last-child>tr:last-child th:first-child,.panel>.table:last-child>tfoot:last-child>tr:last-child th:first-child,.panel>.table-responsive:last-child>.table:last-child>tfoot:last-child>tr:last-child th:first-child{border-bottom-left-radius:3px}.panel>.table:last-child>tbody:last-child>tr:last-child td:last-child,.panel>.table-responsive:last-child>.table:last-child>tbody:last-child>tr:last-child td:last-child,.panel>.table:last-child>tfoot:last-child>tr:last-child td:last-child,.panel>.table-responsive:last-child>.table:last-child>tfoot:last-child>tr:last-child td:last-child,.panel>.table:last-child>tbody:last-child>tr:last-child th:last-child,.panel>.table-responsive:last-child>.table:last-child>tbody:last-child>tr:last-child th:last-child,.panel>.table:last-child>tfoot:last-child>tr:last-child th:last-child,.panel>.table-responsive:last-child>.table:last-child>tfoot:last-child>tr:last-child th:last-child{border-bottom-right-radius:3px}.panel>.panel-body+.table,.panel>.panel-body+.table-responsive,.panel>.table+.panel-body,.panel>.table-responsive+.panel-body{border-top:1px solid #ddd}.panel>.table>tbody:first-child>tr:first-child th,.panel>.table>tbody:first-child>tr:first-child td{border-top:0}.panel>.table-bordered,.panel>.table-responsive>.table-bordered{border:0}.panel>.table-bordered>thead>tr>th:first-child,.panel>.table-responsive>.table-bordered>thead>tr>th:first-child,.panel>.table-bordered>tbody>tr>th:first-child,.panel>.table-responsive>.table-bordered>tbody>tr>th:first-child,.panel>.table-bordered>tfoot>tr>th:first-child,.panel>.table-responsive>.table-bordered>tfoot>tr>th:first-child,.panel>.table-bordered>thead>tr>td:first-child,.panel>.table-responsive>.table-bordered>thead>tr>td:first-child,.panel>.table-bordered>tbody>tr>td:first-child,.panel>.table-responsive>.table-bordered>tbody>tr>td:first-child,.panel>.table-bordered>tfoot>tr>td:first-child,.panel>.table-responsive>.table-bordered>tfoot>tr>td:first-child{border-left:0}.panel>.table-bordered>thead>tr>th:last-child,.panel>.table-responsive>.table-bordered>thead>tr>th:last-child,.panel>.table-bordered>tbody>tr>th:last-child,.panel>.table-responsive>.table-bordered>tbody>tr>th:last-child,.panel>.table-bordered>tfoot>tr>th:last-child,.panel>.table-responsive>.table-bordered>tfoot>tr>th:last-child,.panel>.table-bordered>thead>tr>td:last-child,.panel>.table-responsive>.table-bordered>thead>tr>td:last-child,.panel>.table-bordered>tbody>tr>td:last-child,.panel>.table-responsive>.table-bordered>tbody>tr>td:last-child,.panel>.table-bordered>tfoot>tr>td:last-child,.panel>.table-responsive>.table-bordered>tfoot>tr>td:last-child{border-right:0}.panel>.table-bordered>thead>tr:first-child>td,.panel>.table-responsive>.table-bordered>thead>tr:first-child>td,.panel>.table-bordered>tbody>tr:first-child>td,.panel>.table-responsive>.table-bordered>tbody>tr:first-child>td,.panel>.table-bordered>thead>tr:first-child>th,.panel>.table-responsive>.table-bordered>thead>tr:first-child>th,.panel>.table-bordered>tbody>tr:first-child>th,.panel>.table-responsive>.table-bordered>tbody>tr:first-child>th{border-bottom:0}.panel>.table-bordered>tbody>tr:last-child>td,.panel>.table-responsive>.table-bordered>tbody>tr:last-child>td,.panel>.table-bordered>tfoot>tr:last-child>td,.panel>.table-responsive>.table-bordered>tfoot>tr:last-child>td,.panel>.table-bordered>tbody>tr:last-child>th,.panel>.table-responsive>.table-bordered>tbody>tr:last-child>th,.panel>.table-bordered>tfoot>tr:last-child>th,.panel>.table-responsive>.table-bordered>tfoot>tr:last-child>th{border-bottom:0}.panel>.table-responsive{border:0;margin-bottom:0}.panel-group{margin-bottom:20px}.panel-group .panel{margin-bottom:0;border-radius:4px}.panel-group .panel+.panel{margin-top:5px}.panel-group .panel-heading{border-bottom:0}.panel-group .panel-heading+.panel-collapse>.panel-body,.panel-group .panel-heading+.panel-collapse>.list-group{border-top:1px solid #ddd}.panel-group .panel-footer{border-top:0}.panel-group .panel-footer+.panel-collapse .panel-body{border-bottom:1px solid #ddd}.panel-default{border-color:#ddd}.panel-default>.panel-heading{color:#333;background-color:#f5f5f5;border-color:#ddd}.panel-default>.panel-heading+.panel-collapse>.panel-body{border-top-color:#ddd}.panel-default>.panel-heading .badge{color:#f5f5f5;background-color:#333}.panel-default>.panel-footer+.panel-collapse>.panel-body{border-bottom-color:#ddd}.panel-primary{border-color:#428bca}.panel-primary>.panel-heading{color:#fff;background-color:#428bca;border-color:#428bca}.panel-primary>.panel-heading+.panel-collapse>.panel-body{border-top-color:#428bca}.panel-primary>.panel-heading .badge{color:#428bca;background-color:#fff}.panel-primary>.panel-footer+.panel-collapse>.panel-body{border-bottom-color:#428bca}.panel-success{border-color:#d6e9c6}.panel-success>.panel-heading{color:#3c763d;background-color:#dff0d8;border-color:#d6e9c6}.panel-success>.panel-heading+.panel-collapse>.panel-body{border-top-color:#d6e9c6}.panel-success>.panel-heading .badge{color:#dff0d8;background-color:#3c763d}.panel-success>.panel-footer+.panel-collapse>.panel-body{border-bottom-color:#d6e9c6}.panel-info{border-color:#bce8f1}.panel-info>.panel-heading{color:#31708f;background-color:#d9edf7;border-color:#bce8f1}.panel-info>.panel-heading+.panel-collapse>.panel-body{border-top-color:#bce8f1}.panel-info>.panel-heading .badge{color:#d9edf7;background-color:#31708f}.panel-info>.panel-footer+.panel-collapse>.panel-body{border-bottom-color:#bce8f1}.panel-warning{border-color:#faebcc}.panel-warning>.panel-heading{color:#8a6d3b;background-color:#fcf8e3;border-color:#faebcc}.panel-warning>.panel-heading+.panel-collapse>.panel-body{border-top-color:#faebcc}.panel-warning>.panel-heading .badge{color:#fcf8e3;background-color:#8a6d3b}.panel-warning>.panel-footer+.panel-collapse>.panel-body{border-bottom-color:#faebcc}.panel-danger{border-color:#ebccd1}.panel-danger>.panel-heading{color:#a94442;background-color:#f2dede;border-color:#ebccd1}.panel-danger>.panel-heading+.panel-collapse>.panel-body{border-top-color:#ebccd1}.panel-danger>.panel-heading .badge{color:#f2dede;background-color:#a94442}.panel-danger>.panel-footer+.panel-collapse>.panel-body{border-bottom-color:#ebccd1}.modal-open{overflow:hidden}.modal{display:none;overflow:hidden;position:fixed;top:0;right:0;bottom:0;left:0;z-index:1050;-webkit-overflow-scrolling:touch;outline:0}.modal.fade .modal-dialog{-webkit-transform:translate(0, -25%);-ms-transform:translate(0, -25%);-o-transform:translate(0, -25%);transform:translate(0, -25%);-webkit-transition:-webkit-transform 0.3s ease-out;-o-transition:-o-transform 0.3s ease-out;transition:transform 0.3s ease-out}.modal.in .modal-dialog{-webkit-transform:translate(0, 0);-ms-transform:translate(0, 0);-o-transform:translate(0, 0);transform:translate(0, 0)}.modal-open .modal{overflow-x:hidden;overflow-y:auto}.modal-dialog{position:relative;width:auto;margin:10px}.modal-content{position:relative;background-color:#fff;border:1px solid #999;border:1px solid rgba(0,0,0,0.2);border-radius:6px;-webkit-box-shadow:0 3px 9px rgba(0,0,0,0.5);box-shadow:0 3px 9px rgba(0,0,0,0.5);-webkit-background-clip:padding-box;background-clip:padding-box;outline:0}.modal-backdrop{position:fixed;top:0;right:0;bottom:0;left:0;z-index:1040;background-color:#000}.modal-backdrop.fade{opacity:0;filter:alpha(opacity=0)}.modal-backdrop.in{opacity:.5;filter:alpha(opacity=50)}.modal-header{padding:15px;border-bottom:1px solid #e5e5e5}.modal-header .close{margin-top:-2px}.modal-title{margin:0;line-height:1.42857143}.modal-body{position:relative;padding:15px}.modal-footer{padding:15px;text-align:right;border-top:1px solid #e5e5e5}.modal-footer .btn+.btn{margin-left:5px;margin-bottom:0}.modal-footer .btn-group .btn+.btn{margin-left:-1px}.modal-footer .btn-block+.btn-block{margin-left:0}.modal-scrollbar-measure{position:absolute;top:-9999px;width:50px;height:50px;overflow:scroll}@media (min-width:768px){.modal-dialog{width:600px;margin:30px auto}.modal-content{-webkit-box-shadow:0 5px 15px rgba(0,0,0,0.5);box-shadow:0 5px 15px rgba(0,0,0,0.5)}.modal-sm{width:300px}}@media (min-width:992px){.modal-lg{width:900px}}.clearfix:before,.clearfix:after,.dl-horizontal dd:before,.dl-horizontal dd:after,.container:before,.container:after,.container-fluid:before,.container-fluid:after,.row:before,.row:after,.form-horizontal .form-group:before,.form-horizontal .form-group:after,.btn-toolbar:before,.btn-toolbar:after,.btn-group-vertical>.btn-group:before,.btn-group-vertical>.btn-group:after,.nav:before,.nav:after,.navbar:before,.navbar:after,.navbar-header:before,.navbar-header:after,.navbar-collapse:before,.navbar-collapse:after,.panel-body:before,.panel-body:after,.modal-header:before,.modal-header:after,.modal-footer:before,.modal-footer:after{content:" ";display:table}.clearfix:after,.dl-horizontal dd:after,.container:after,.container-fluid:after,.row:after,.form-horizontal .form-group:after,.btn-toolbar:after,.btn-group-vertical>.btn-group:after,.nav:after,.navbar:after,.navbar-header:after,.navbar-collapse:after,.panel-body:after,.modal-header:after,.modal-footer:after{clear:both}.center-block{display:block;margin-left:auto;margin-right:auto}.pull-right{float:right !important}.pull-left{float:left !important}.hide{display:none !important}.show{display:block !important}.invisible{visibility:hidden}.text-hide{font:0/0 a;color:transparent;text-shadow:none;background-color:transparent;border:0}.hidden{display:none !important}.affix{position:fixed}@-ms-viewport{width:device-width}.visible-xs,.visible-sm,.visible-md,.visible-lg{display:none !important}.visible-xs-block,.visible-xs-inline,.visible-xs-inline-block,.visible-sm-block,.visible-sm-inline,.visible-sm-inline-block,.visible-md-block,.visible-md-inline,.visible-md-inline-block,.visible-lg-block,.visible-lg-inline,.visible-lg-inline-block{display:none !important}@media (max-width:767px){.visible-xs{display:block !important}table.visible-xs{display:table !important}tr.visible-xs{display:table-row !important}th.visible-xs,td.visible-xs{display:table-cell !important}}@media (max-width:767px){.visible-xs-block{display:block !important}}@media (max-width:767px){.visible-xs-inline{display:inline !important}}@media (max-width:767px){.visible-xs-inline-block{display:inline-block !important}}@media (min-width:768px) and (max-width:991px){.visible-sm{display:block !important}table.visible-sm{display:table !important}tr.visible-sm{display:table-row !important}th.visible-sm,td.visible-sm{display:table-cell !important}}@media (min-width:768px) and (max-width:991px){.visible-sm-block{display:block !important}}@media (min-width:768px) and (max-width:991px){.visible-sm-inline{display:inline !important}}@media (min-width:768px) and (max-width:991px){.visible-sm-inline-block{display:inline-block !important}}@media (min-width:992px) and (max-width:1199px){.visible-md{display:block !important}table.visible-md{display:table !important}tr.visible-md{display:table-row !important}th.visible-md,td.visible-md{display:table-cell !important}}@media (min-width:992px) and (max-width:1199px){.visible-md-block{display:block !important}}@media (min-width:992px) and (max-width:1199px){.visible-md-inline{display:inline !important}}@media (min-width:992px) and (max-width:1199px){.visible-md-inline-block{display:inline-block !important}}@media (min-width:1200px){.visible-lg{display:block !important}table.visible-lg{display:table !important}tr.visible-lg{display:table-row !important}th.visible-lg,td.visible-lg{display:table-cell !important}}@media (min-width:1200px){.visible-lg-block{display:block !important}}@media (min-width:1200px){.visible-lg-inline{display:inline !important}}@media (min-width:1200px){.visible-lg-inline-block{display:inline-block !important}}@media (max-width:767px){.hidden-xs{display:none !important}}@media (min-width:768px) and (max-width:991px){.hidden-sm{display:none !important}}@media (min-width:992px) and (max-width:1199px){.hidden-md{display:none !important}}@media (min-width:1200px){.hidden-lg{display:none !important}}.visible-print{display:none !important}@media print{.visible-print{display:block !important}table.visible-print{display:table !important}tr.visible-print{display:table-row !important}th.visible-print,td.visible-print{display:table-cell !important}}.visible-print-block{display:none !important}@media print{.visible-print-block{display:block !important}}.visible-print-inline{display:none !important}@media print{.visible-print-inline{display:inline !important}}.visible-print-inline-block{display:none !important}@media print{.visible-print-inline-block{display:inline-block !important}}@media print{.hidden-print{display:none !important}}
>table.treetable span.indenter{display:inline-block;margin:0;padding:0;text-align:right;user-select:none;-khtml-user-select:none;-moz-user-select:none;-o-user-select:none;-webkit-user-select:none;-webkit-box-sizing:content-box;-moz-box-sizing:content-box;box-sizing:content-box;width:19px}table.treetable span.indenter a{background-position:left center;background-repeat:no-repeat;display:inline-block;text-decoration:none;width:19px}table.treetable tr.collapsed span.indenter a{background-image:url(data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAACXBIWXMAAAsTAAALEwEAmpwYAAAKT2lDQ1BQaG90b3Nob3AgSUNDIHByb2ZpbGUAAHjanVNnVFPpFj333vRCS4iAlEtvUhUIIFJCi4AUkSYqIQkQSoghodkVUcERRUUEG8igiAOOjoCMFVEsDIoK2AfkIaKOg6OIisr74Xuja9a89+bN/rXXPues852zzwfACAyWSDNRNYAMqUIeEeCDx8TG4eQuQIEKJHAAEAizZCFz/SMBAPh+PDwrIsAHvgABeNMLCADATZvAMByH/w/qQplcAYCEAcB0kThLCIAUAEB6jkKmAEBGAYCdmCZTAKAEAGDLY2LjAFAtAGAnf+bTAICd+Jl7AQBblCEVAaCRACATZYhEAGg7AKzPVopFAFgwABRmS8Q5ANgtADBJV2ZIALC3AMDOEAuyAAgMADBRiIUpAAR7AGDIIyN4AISZABRG8lc88SuuEOcqAAB4mbI8uSQ5RYFbCC1xB1dXLh4ozkkXKxQ2YQJhmkAuwnmZGTKBNA/g88wAAKCRFRHgg/P9eM4Ors7ONo62Dl8t6r8G/yJiYuP+5c+rcEAAAOF0ftH+LC+zGoA7BoBt/qIl7gRoXgugdfeLZrIPQLUAoOnaV/Nw+H48PEWhkLnZ2eXk5NhKxEJbYcpXff5nwl/AV/1s+X48/Pf14L7iJIEyXYFHBPjgwsz0TKUcz5IJhGLc5o9H/LcL//wd0yLESWK5WCoU41EScY5EmozzMqUiiUKSKcUl0v9k4t8s+wM+3zUAsGo+AXuRLahdYwP2SycQWHTA4vcAAPK7b8HUKAgDgGiD4c93/+8//UegJQCAZkmScQAAXkQkLlTKsz/HCAAARKCBKrBBG/TBGCzABhzBBdzBC/xgNoRCJMTCQhBCCmSAHHJgKayCQiiGzbAdKmAv1EAdNMBRaIaTcA4uwlW4Dj1wD/phCJ7BKLyBCQRByAgTYSHaiAFiilgjjggXmYX4IcFIBBKLJCDJiBRRIkuRNUgxUopUIFVIHfI9cgI5h1xGupE7yAAygvyGvEcxlIGyUT3UDLVDuag3GoRGogvQZHQxmo8WoJvQcrQaPYw2oefQq2gP2o8+Q8cwwOgYBzPEbDAuxsNCsTgsCZNjy7EirAyrxhqwVqwDu4n1Y8+xdwQSgUXACTYEd0IgYR5BSFhMWE7YSKggHCQ0EdoJNwkDhFHCJyKTqEu0JroR+cQYYjIxh1hILCPWEo8TLxB7iEPENyQSiUMyJ7mQAkmxpFTSEtJG0m5SI+ksqZs0SBojk8naZGuyBzmULCAryIXkneTD5DPkG+Qh8lsKnWJAcaT4U+IoUspqShnlEOU05QZlmDJBVaOaUt2ooVQRNY9aQq2htlKvUYeoEzR1mjnNgxZJS6WtopXTGmgXaPdpr+h0uhHdlR5Ol9BX0svpR+iX6AP0dwwNhhWDx4hnKBmbGAcYZxl3GK+YTKYZ04sZx1QwNzHrmOeZD5lvVVgqtip8FZHKCpVKlSaVGyovVKmqpqreqgtV81XLVI+pXlN9rkZVM1PjqQnUlqtVqp1Q61MbU2epO6iHqmeob1Q/pH5Z/YkGWcNMw09DpFGgsV/jvMYgC2MZs3gsIWsNq4Z1gTXEJrHN2Xx2KruY/R27iz2qqaE5QzNKM1ezUvOUZj8H45hx+Jx0TgnnKKeX836K3hTvKeIpG6Y0TLkxZVxrqpaXllirSKtRq0frvTau7aedpr1Fu1n7gQ5Bx0onXCdHZ4/OBZ3nU9lT3acKpxZNPTr1ri6qa6UbobtEd79up+6Ynr5egJ5Mb6feeb3n+hx9L/1U/W36p/VHDFgGswwkBtsMzhg8xTVxbzwdL8fb8VFDXcNAQ6VhlWGX4YSRudE8o9VGjUYPjGnGXOMk423GbcajJgYmISZLTepN7ppSTbmmKaY7TDtMx83MzaLN1pk1mz0x1zLnm+eb15vft2BaeFostqi2uGVJsuRaplnutrxuhVo5WaVYVVpds0atna0l1rutu6cRp7lOk06rntZnw7Dxtsm2qbcZsOXYBtuutm22fWFnYhdnt8Wuw+6TvZN9un2N/T0HDYfZDqsdWh1+c7RyFDpWOt6azpzuP33F9JbpL2dYzxDP2DPjthPLKcRpnVOb00dnF2e5c4PziIuJS4LLLpc+Lpsbxt3IveRKdPVxXeF60vWdm7Obwu2o26/uNu5p7ofcn8w0nymeWTNz0MPIQ+BR5dE/C5+VMGvfrH5PQ0+BZ7XnIy9jL5FXrdewt6V3qvdh7xc+9j5yn+M+4zw33jLeWV/MN8C3yLfLT8Nvnl+F30N/I/9k/3r/0QCngCUBZwOJgUGBWwL7+Hp8Ib+OPzrbZfay2e1BjKC5QRVBj4KtguXBrSFoyOyQrSH355jOkc5pDoVQfujW0Adh5mGLw34MJ4WHhVeGP45wiFga0TGXNXfR3ENz30T6RJZE3ptnMU85ry1KNSo+qi5qPNo3ujS6P8YuZlnM1VidWElsSxw5LiquNm5svt/87fOH4p3iC+N7F5gvyF1weaHOwvSFpxapLhIsOpZATIhOOJTwQRAqqBaMJfITdyWOCnnCHcJnIi/RNtGI2ENcKh5O8kgqTXqS7JG8NXkkxTOlLOW5hCepkLxMDUzdmzqeFpp2IG0yPTq9MYOSkZBxQqohTZO2Z+pn5mZ2y6xlhbL+xW6Lty8elQfJa7OQrAVZLQq2QqboVFoo1yoHsmdlV2a/zYnKOZarnivN7cyzytuQN5zvn//tEsIS4ZK2pYZLVy0dWOa9rGo5sjxxedsK4xUFK4ZWBqw8uIq2Km3VT6vtV5eufr0mek1rgV7ByoLBtQFr6wtVCuWFfevc1+1dT1gvWd+1YfqGnRs+FYmKrhTbF5cVf9go3HjlG4dvyr+Z3JS0qavEuWTPZtJm6ebeLZ5bDpaql+aXDm4N2dq0Dd9WtO319kXbL5fNKNu7g7ZDuaO/PLi8ZafJzs07P1SkVPRU+lQ27tLdtWHX+G7R7ht7vPY07NXbW7z3/T7JvttVAVVN1WbVZftJ+7P3P66Jqun4lvttXa1ObXHtxwPSA/0HIw6217nU1R3SPVRSj9Yr60cOxx++/p3vdy0NNg1VjZzG4iNwRHnk6fcJ3/ceDTradox7rOEH0x92HWcdL2pCmvKaRptTmvtbYlu6T8w+0dbq3nr8R9sfD5w0PFl5SvNUyWna6YLTk2fyz4ydlZ19fi753GDborZ752PO32oPb++6EHTh0kX/i+c7vDvOXPK4dPKy2+UTV7hXmq86X23qdOo8/pPTT8e7nLuarrlca7nuer21e2b36RueN87d9L158Rb/1tWeOT3dvfN6b/fF9/XfFt1+cif9zsu72Xcn7q28T7xf9EDtQdlD3YfVP1v+3Njv3H9qwHeg89HcR/cGhYPP/pH1jw9DBY+Zj8uGDYbrnjg+OTniP3L96fynQ89kzyaeF/6i/suuFxYvfvjV69fO0ZjRoZfyl5O/bXyl/erA6xmv28bCxh6+yXgzMV70VvvtwXfcdx3vo98PT+R8IH8o/2j5sfVT0Kf7kxmTk/8EA5jz/GMzLdsAAAAgY0hSTQAAeiUAAICDAAD5/wAAgOkAAHUwAADqYAAAOpgAABdvkl/FRgAAAHlJREFUeNrcU1sNgDAQ6wgmcAM2MICGGlg1gJnNzWQcvwQGy1j4oUl/7tH0mpwzM7SgQyO+EZAUWh2MkkzSWhJwuRAlHYsJwEwyvs1gABDuzqoJcTw5qxaIJN0bgQRgIjnlmn1heSO5PE6Y2YXe+5Cr5+h++gs12AcAS6FS+7YOsj4AAAAASUVORK5CYII=)}table.treetable tr.expanded span.indenter a{background-image:url(data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAACXBIWXMAAAsTAAALEwEAmpwYAAAKT2lDQ1BQaG90b3Nob3AgSUNDIHByb2ZpbGUAAHjanVNnVFPpFj333vRCS4iAlEtvUhUIIFJCi4AUkSYqIQkQSoghodkVUcERRUUEG8igiAOOjoCMFVEsDIoK2AfkIaKOg6OIisr74Xuja9a89+bN/rXXPues852zzwfACAyWSDNRNYAMqUIeEeCDx8TG4eQuQIEKJHAAEAizZCFz/SMBAPh+PDwrIsAHvgABeNMLCADATZvAMByH/w/qQplcAYCEAcB0kThLCIAUAEB6jkKmAEBGAYCdmCZTAKAEAGDLY2LjAFAtAGAnf+bTAICd+Jl7AQBblCEVAaCRACATZYhEAGg7AKzPVopFAFgwABRmS8Q5ANgtADBJV2ZIALC3AMDOEAuyAAgMADBRiIUpAAR7AGDIIyN4AISZABRG8lc88SuuEOcqAAB4mbI8uSQ5RYFbCC1xB1dXLh4ozkkXKxQ2YQJhmkAuwnmZGTKBNA/g88wAAKCRFRHgg/P9eM4Ors7ONo62Dl8t6r8G/yJiYuP+5c+rcEAAAOF0ftH+LC+zGoA7BoBt/qIl7gRoXgugdfeLZrIPQLUAoOnaV/Nw+H48PEWhkLnZ2eXk5NhKxEJbYcpXff5nwl/AV/1s+X48/Pf14L7iJIEyXYFHBPjgwsz0TKUcz5IJhGLc5o9H/LcL//wd0yLESWK5WCoU41EScY5EmozzMqUiiUKSKcUl0v9k4t8s+wM+3zUAsGo+AXuRLahdYwP2SycQWHTA4vcAAPK7b8HUKAgDgGiD4c93/+8//UegJQCAZkmScQAAXkQkLlTKsz/HCAAARKCBKrBBG/TBGCzABhzBBdzBC/xgNoRCJMTCQhBCCmSAHHJgKayCQiiGzbAdKmAv1EAdNMBRaIaTcA4uwlW4Dj1wD/phCJ7BKLyBCQRByAgTYSHaiAFiilgjjggXmYX4IcFIBBKLJCDJiBRRIkuRNUgxUopUIFVIHfI9cgI5h1xGupE7yAAygvyGvEcxlIGyUT3UDLVDuag3GoRGogvQZHQxmo8WoJvQcrQaPYw2oefQq2gP2o8+Q8cwwOgYBzPEbDAuxsNCsTgsCZNjy7EirAyrxhqwVqwDu4n1Y8+xdwQSgUXACTYEd0IgYR5BSFhMWE7YSKggHCQ0EdoJNwkDhFHCJyKTqEu0JroR+cQYYjIxh1hILCPWEo8TLxB7iEPENyQSiUMyJ7mQAkmxpFTSEtJG0m5SI+ksqZs0SBojk8naZGuyBzmULCAryIXkneTD5DPkG+Qh8lsKnWJAcaT4U+IoUspqShnlEOU05QZlmDJBVaOaUt2ooVQRNY9aQq2htlKvUYeoEzR1mjnNgxZJS6WtopXTGmgXaPdpr+h0uhHdlR5Ol9BX0svpR+iX6AP0dwwNhhWDx4hnKBmbGAcYZxl3GK+YTKYZ04sZx1QwNzHrmOeZD5lvVVgqtip8FZHKCpVKlSaVGyovVKmqpqreqgtV81XLVI+pXlN9rkZVM1PjqQnUlqtVqp1Q61MbU2epO6iHqmeob1Q/pH5Z/YkGWcNMw09DpFGgsV/jvMYgC2MZs3gsIWsNq4Z1gTXEJrHN2Xx2KruY/R27iz2qqaE5QzNKM1ezUvOUZj8H45hx+Jx0TgnnKKeX836K3hTvKeIpG6Y0TLkxZVxrqpaXllirSKtRq0frvTau7aedpr1Fu1n7gQ5Bx0onXCdHZ4/OBZ3nU9lT3acKpxZNPTr1ri6qa6UbobtEd79up+6Ynr5egJ5Mb6feeb3n+hx9L/1U/W36p/VHDFgGswwkBtsMzhg8xTVxbzwdL8fb8VFDXcNAQ6VhlWGX4YSRudE8o9VGjUYPjGnGXOMk423GbcajJgYmISZLTepN7ppSTbmmKaY7TDtMx83MzaLN1pk1mz0x1zLnm+eb15vft2BaeFostqi2uGVJsuRaplnutrxuhVo5WaVYVVpds0atna0l1rutu6cRp7lOk06rntZnw7Dxtsm2qbcZsOXYBtuutm22fWFnYhdnt8Wuw+6TvZN9un2N/T0HDYfZDqsdWh1+c7RyFDpWOt6azpzuP33F9JbpL2dYzxDP2DPjthPLKcRpnVOb00dnF2e5c4PziIuJS4LLLpc+Lpsbxt3IveRKdPVxXeF60vWdm7Obwu2o26/uNu5p7ofcn8w0nymeWTNz0MPIQ+BR5dE/C5+VMGvfrH5PQ0+BZ7XnIy9jL5FXrdewt6V3qvdh7xc+9j5yn+M+4zw33jLeWV/MN8C3yLfLT8Nvnl+F30N/I/9k/3r/0QCngCUBZwOJgUGBWwL7+Hp8Ib+OPzrbZfay2e1BjKC5QRVBj4KtguXBrSFoyOyQrSH355jOkc5pDoVQfujW0Adh5mGLw34MJ4WHhVeGP45wiFga0TGXNXfR3ENz30T6RJZE3ptnMU85ry1KNSo+qi5qPNo3ujS6P8YuZlnM1VidWElsSxw5LiquNm5svt/87fOH4p3iC+N7F5gvyF1weaHOwvSFpxapLhIsOpZATIhOOJTwQRAqqBaMJfITdyWOCnnCHcJnIi/RNtGI2ENcKh5O8kgqTXqS7JG8NXkkxTOlLOW5hCepkLxMDUzdmzqeFpp2IG0yPTq9MYOSkZBxQqohTZO2Z+pn5mZ2y6xlhbL+xW6Lty8elQfJa7OQrAVZLQq2QqboVFoo1yoHsmdlV2a/zYnKOZarnivN7cyzytuQN5zvn//tEsIS4ZK2pYZLVy0dWOa9rGo5sjxxedsK4xUFK4ZWBqw8uIq2Km3VT6vtV5eufr0mek1rgV7ByoLBtQFr6wtVCuWFfevc1+1dT1gvWd+1YfqGnRs+FYmKrhTbF5cVf9go3HjlG4dvyr+Z3JS0qavEuWTPZtJm6ebeLZ5bDpaql+aXDm4N2dq0Dd9WtO319kXbL5fNKNu7g7ZDuaO/PLi8ZafJzs07P1SkVPRU+lQ27tLdtWHX+G7R7ht7vPY07NXbW7z3/T7JvttVAVVN1WbVZftJ+7P3P66Jqun4lvttXa1ObXHtxwPSA/0HIw6217nU1R3SPVRSj9Yr60cOxx++/p3vdy0NNg1VjZzG4iNwRHnk6fcJ3/ceDTradox7rOEH0x92HWcdL2pCmvKaRptTmvtbYlu6T8w+0dbq3nr8R9sfD5w0PFl5SvNUyWna6YLTk2fyz4ydlZ19fi753GDborZ752PO32oPb++6EHTh0kX/i+c7vDvOXPK4dPKy2+UTV7hXmq86X23qdOo8/pPTT8e7nLuarrlca7nuer21e2b36RueN87d9L158Rb/1tWeOT3dvfN6b/fF9/XfFt1+cif9zsu72Xcn7q28T7xf9EDtQdlD3YfVP1v+3Njv3H9qwHeg89HcR/cGhYPP/pH1jw9DBY+Zj8uGDYbrnjg+OTniP3L96fynQ89kzyaeF/6i/suuFxYvfvjV69fO0ZjRoZfyl5O/bXyl/erA6xmv28bCxh6+yXgzMV70VvvtwXfcdx3vo98PT+R8IH8o/2j5sfVT0Kf7kxmTk/8EA5jz/GMzLdsAAAAgY0hSTQAAeiUAAICDAAD5/wAAgOkAAHUwAADqYAAAOpgAABdvkl/FRgAAAHFJREFUeNpi/P//PwMlgImBQsA44C6gvhfa29v3MzAwOODRc6CystIRbxi0t7fjDJjKykpGYrwwi1hxnLHQ3t7+jIGBQRJJ6HllZaUUKYEYRYBPOB0gBShKwKGA////48VtbW3/8clTnBIH3gCKkzJgAGvBX0dDm0sCAAAAAElFTkSuQmCC)}table.treetable tr.branch{background-color:#f9f9f9}table.treetable tr.selected{background-color:#3875d7;color:#fff}table.treetable tr span.indenter a{outline:0}tr.rule-overview-needs-attention td a{color:#d9534f}td.rule-result div,span.rule-result{text-align:center;font-weight:bold;color:#fff;background:gray}td.rule-result-fail div,span.rule-result-fail{background:#d9534f}td.rule-result-error div,span.rule-result-error{background:#d9534f}td.rule-result-unknown div,span.rule-result-unknown{background:#f0ad4e}td.rule-result-pass div,span.rule-result-pass{background:#5cb85c}td.rule-result-fixed div,span.rule-result-fixed{background:#5cb85c}.js-only{display:none}.rule-result-filtered,.rule-result-filtered>*{display:none !important}.search-no-match,.search-no-match>*{display:none !important}.rule-detail-fail,.rule-detail-error,.rule-detail-unknown{border:2px solid #d9534f}#footer{text-align:center;margin-top:50px}pre{overflow:auto !important;word-wrap:normal !important;white-space:pre-wrap}div.check-system-details,div.remediation,div.description{width:0;min-width:100%;overflow-x:auto}div.profile-description{white-space:pre-wrap}div.modal-body{margin:50px;padding:0}div.horizontal-scroll{overflow-x:auto}div.top-spacer-10{margin-top:10px}@media print{.noprint{display:none}.label{border:0;padding:0}.container{width:100%}abbr[title]{border:0;text-decoration:none}div.progress{overflow:visible;height:auto}div.progress-bar{width:auto;float:none;width:auto !important;text-align:left}div.panel-body{padding:4px}}</style><script>
>/*! jQuery v1.12.4 | (c) jQuery Foundation | jquery.org/license */
>!function(a,b){"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a window with a document");return b(a)}:b(a)}("undefined"!=typeof window?window:this,function(a,b){var c=[],d=a.document,e=c.slice,f=c.concat,g=c.push,h=c.indexOf,i={},j=i.toString,k=i.hasOwnProperty,l={},m="1.12.4",n=function(a,b){return new n.fn.init(a,b)},o=/^[\s\uFEFF\xA0]+|[\s\uFEFF\xA0]+$/g,p=/^-ms-/,q=/-([\da-z])/gi,r=function(a,b){return b.toUpperCase()};n.fn=n.prototype={jquery:m,constructor:n,selector:"",length:0,toArray:function(){return e.call(this)},get:function(a){return null!=a?0>a?this[a+this.length]:this[a]:e.call(this)},pushStack:function(a){var b=n.merge(this.constructor(),a);return b.prevObject=this,b.context=this.context,b},each:function(a){return n.each(this,a)},map:function(a){return this.pushStack(n.map(this,function(b,c){return a.call(b,c,b)}))},slice:function(){return this.pushStack(e.apply(this,arguments))},first:function(){return this.eq(0)},last:function(){return this.eq(-1)},eq:function(a){var b=this.length,c=+a+(0>a?b:0);return this.pushStack(c>=0&&b>c?[this[c]]:[])},end:function(){return this.prevObject||this.constructor()},push:g,sort:c.sort,splice:c.splice},n.extend=n.fn.extend=function(){var a,b,c,d,e,f,g=arguments[0]||{},h=1,i=arguments.length,j=!1;for("boolean"==typeof g&&(j=g,g=arguments[h]||{},h++),"object"==typeof g||n.isFunction(g)||(g={}),h===i&&(g=this,h--);i>h;h++)if(null!=(e=arguments[h]))for(d in e)a=g[d],c=e[d],g!==c&&(j&&c&&(n.isPlainObject(c)||(b=n.isArray(c)))?(b?(b=!1,f=a&&n.isArray(a)?a:[]):f=a&&n.isPlainObject(a)?a:{},g[d]=n.extend(j,f,c)):void 0!==c&&(g[d]=c));return g},n.extend({expando:"jQuery"+(m+Math.random()).replace(/\D/g,""),isReady:!0,error:function(a){throw new Error(a)},noop:function(){},isFunction:function(a){return"function"===n.type(a)},isArray:Array.isArray||function(a){return"array"===n.type(a)},isWindow:function(a){return null!=a&&a==a.window},isNumeric:function(a){var b=a&&a.toString();return!n.isArray(a)&&b-parseFloat(b)+1>=0},isEmptyObject:function(a){var b;for(b in a)return!1;return!0},isPlainObject:function(a){var b;if(!a||"object"!==n.type(a)||a.nodeType||n.isWindow(a))return!1;try{if(a.constructor&&!k.call(a,"constructor")&&!k.call(a.constructor.prototype,"isPrototypeOf"))return!1}catch(c){return!1}if(!l.ownFirst)for(b in a)return k.call(a,b);for(b in a);return void 0===b||k.call(a,b)},type:function(a){return null==a?a+"":"object"==typeof a||"function"==typeof a?i[j.call(a)]||"object":typeof a},globalEval:function(b){b&&n.trim(b)&&(a.execScript||function(b){a.eval.call(a,b)})(b)},camelCase:function(a){return a.replace(p,"ms-").replace(q,r)},nodeName:function(a,b){return a.nodeName&&a.nodeName.toLowerCase()===b.toLowerCase()},each:function(a,b){var c,d=0;if(s(a)){for(c=a.length;c>d;d++)if(b.call(a[d],d,a[d])===!1)break}else for(d in a)if(b.call(a[d],d,a[d])===!1)break;return a},trim:function(a){return null==a?"":(a+"").replace(o,"")},makeArray:function(a,b){var c=b||[];return null!=a&&(s(Object(a))?n.merge(c,"string"==typeof a?[a]:a):g.call(c,a)),c},inArray:function(a,b,c){var d;if(b){if(h)return h.call(b,a,c);for(d=b.length,c=c?0>c?Math.max(0,d+c):c:0;d>c;c++)if(c in b&&b[c]===a)return c}return-1},merge:function(a,b){var c=+b.length,d=0,e=a.length;while(c>d)a[e++]=b[d++];if(c!==c)while(void 0!==b[d])a[e++]=b[d++];return a.length=e,a},grep:function(a,b,c){for(var d,e=[],f=0,g=a.length,h=!c;g>f;f++)d=!b(a[f],f),d!==h&&e.push(a[f]);return e},map:function(a,b,c){var d,e,g=0,h=[];if(s(a))for(d=a.length;d>g;g++)e=b(a[g],g,c),null!=e&&h.push(e);else for(g in a)e=b(a[g],g,c),null!=e&&h.push(e);return f.apply([],h)},guid:1,proxy:function(a,b){var c,d,f;return"string"==typeof b&&(f=a[b],b=a,a=f),n.isFunction(a)?(c=e.call(arguments,2),d=function(){return a.apply(b||this,c.concat(e.call(arguments)))},d.guid=a.guid=a.guid||n.guid++,d):void 0},now:function(){return+new Date},support:l}),"function"==typeof Symbol&&(n.fn[Symbol.iterator]=c[Symbol.iterator]),n.each("Boolean Number String Function Array Date RegExp Object Error Symbol".split(" "),function(a,b){i["[object "+b+"]"]=b.toLowerCase()});function s(a){var b=!!a&&"length"in a&&a.length,c=n.type(a);return"function"===c||n.isWindow(a)?!1:"array"===c||0===b||"number"==typeof b&&b>0&&b-1 in a}var t=function(a){var b,c,d,e,f,g,h,i,j,k,l,m,n,o,p,q,r,s,t,u="sizzle"+1*new Date,v=a.document,w=0,x=0,y=ga(),z=ga(),A=ga(),B=function(a,b){return a===b&&(l=!0),0},C=1<<31,D={}.hasOwnProperty,E=[],F=E.pop,G=E.push,H=E.push,I=E.slice,J=function(a,b){for(var c=0,d=a.length;d>c;c++)if(a[c]===b)return c;return-1},K="checked|selected|async|autofocus|autoplay|controls|defer|disabled|hidden|ismap|loop|multiple|open|readonly|required|scoped",L="[\\x20\\t\\r\\n\\f]",M="(?:\\\\.|[\\w-]|[^\\x00-\\xa0])+",N="\\["+L+"*("+M+")(?:"+L+"*([*^$|!~]?=)"+L+"*(?:'((?:\\\\.|[^\\\\'])*)'|\"((?:\\\\.|[^\\\\\"])*)\"|("+M+"))|)"+L+"*\\]",O=":("+M+")(?:\$(('((?:\\\\.|[^\\\\'])*)'|\"((?:\\\\.|[^\\\\\"])*)\")|((?:\\\\.|[^\\\\()[\\]]|"+N+")*)|.*)\$|)",P=new RegExp(L+"+","g"),Q=new RegExp("^"+L+"+|((?:^|[^\\\\])(?:\\\\.)*)"+L+"+$","g"),R=new RegExp("^"+L+"*,"+L+"*"),S=new RegExp("^"+L+"*([>+~]|"+L+")"+L+"*"),T=new RegExp("="+L+"*([^\\]'\"]*?)"+L+"*\\]","g"),U=new RegExp(O),V=new RegExp("^"+M+"$"),W={ID:new RegExp("^#("+M+")"),CLASS:new RegExp("^\\.("+M+")"),TAG:new RegExp("^("+M+"|[*])"),ATTR:new RegExp("^"+N),PSEUDO:new RegExp("^"+O),CHILD:new RegExp("^:(only|first|last|nth|nth-last)-(child|of-type)(?:\$"+L+"*(even|odd|(([+-]|)(\\d*)n|)"+L+"*(?:([+-]|)"+L+"*(\\d+)|))"+L+"*\$|)","i"),bool:new RegExp("^(?:"+K+")$","i"),needsContext:new RegExp("^"+L+"*[>+~]|:(even|odd|eq|gt|lt|nth|first|last)(?:\$"+L+"*((?:-\\d)?\\d*)"+L+"*\$|)(?=[^-]|$)","i")},X=/^(?:input|select|textarea|button)$/i,Y=/^h\d$/i,Z=/^[^{]+\{\s*\[native \w/,$=/^(?:#([\w-]+)|(\w+)|\.([\w-]+))$/,_=/[+~]/,aa=/'|\\/g,ba=new RegExp("\\\\([\\da-f]{1,6}"+L+"?|("+L+")|.)","ig"),ca=function(a,b,c){var d="0x"+b-65536;return d!==d||c?b:0>d?String.fromCharCode(d+65536):String.fromCharCode(d>>10|55296,1023&d|56320)},da=function(){m()};try{H.apply(E=I.call(v.childNodes),v.childNodes),E[v.childNodes.length].nodeType}catch(ea){H={apply:E.length?function(a,b){G.apply(a,I.call(b))}:function(a,b){var c=a.length,d=0;while(a[c++]=b[d++]);a.length=c-1}}}function fa(a,b,d,e){var f,h,j,k,l,o,r,s,w=b&&b.ownerDocument,x=b?b.nodeType:9;if(d=d||[],"string"!=typeof a||!a||1!==x&&9!==x&&11!==x)return d;if(!e&&((b?b.ownerDocument||b:v)!==n&&m(b),b=b||n,p)){if(11!==x&&(o=$.exec(a)))if(f=o[1]){if(9===x){if(!(j=b.getElementById(f)))return d;if(j.id===f)return d.push(j),d}else if(w&&(j=w.getElementById(f))&&t(b,j)&&j.id===f)return d.push(j),d}else{if(o[2])return H.apply(d,b.getElementsByTagName(a)),d;if((f=o[3])&&c.getElementsByClassName&&b.getElementsByClassName)return H.apply(d,b.getElementsByClassName(f)),d}if(c.qsa&&!A[a+" "]&&(!q||!q.test(a))){if(1!==x)w=b,s=a;else if("object"!==b.nodeName.toLowerCase()){(k=b.getAttribute("id"))?k=k.replace(aa,"\\$&"):b.setAttribute("id",k=u),r=g(a),h=r.length,l=V.test(k)?"#"+k:"[id='"+k+"']";while(h--)r[h]=l+" "+qa(r[h]);s=r.join(","),w=_.test(a)&&oa(b.parentNode)||b}if(s)try{return H.apply(d,w.querySelectorAll(s)),d}catch(y){}finally{k===u&&b.removeAttribute("id")}}}return i(a.replace(Q,"$1"),b,d,e)}function ga(){var a=[];function b(c,e){return a.push(c+" ")>d.cacheLength&&delete b[a.shift()],b[c+" "]=e}return b}function ha(a){return a[u]=!0,a}function ia(a){var b=n.createElement("div");try{return!!a(b)}catch(c){return!1}finally{b.parentNode&&b.parentNode.removeChild(b),b=null}}function ja(a,b){var c=a.split("|"),e=c.length;while(e--)d.attrHandle[c[e]]=b}function ka(a,b){var c=b&&a,d=c&&1===a.nodeType&&1===b.nodeType&&(~b.sourceIndex||C)-(~a.sourceIndex||C);if(d)return d;if(c)while(c=c.nextSibling)if(c===b)return-1;return a?1:-1}function la(a){return function(b){var c=b.nodeName.toLowerCase();return"input"===c&&b.type===a}}function ma(a){return function(b){var c=b.nodeName.toLowerCase();return("input"===c||"button"===c)&&b.type===a}}function na(a){return ha(function(b){return b=+b,ha(function(c,d){var e,f=a([],c.length,b),g=f.length;while(g--)c[e=f[g]]&&(c[e]=!(d[e]=c[e]))})})}function oa(a){return a&&"undefined"!=typeof a.getElementsByTagName&&a}c=fa.support={},f=fa.isXML=function(a){var b=a&&(a.ownerDocument||a).documentElement;return b?"HTML"!==b.nodeName:!1},m=fa.setDocument=function(a){var b,e,g=a?a.ownerDocument||a:v;return g!==n&&9===g.nodeType&&g.documentElement?(n=g,o=n.documentElement,p=!f(n),(e=n.defaultView)&&e.top!==e&&(e.addEventListener?e.addEventListener("unload",da,!1):e.attachEvent&&e.attachEvent("onunload",da)),c.attributes=ia(function(a){return a.className="i",!a.getAttribute("className")}),c.getElementsByTagName=ia(function(a){return a.appendChild(n.createComment("")),!a.getElementsByTagName("*").length}),c.getElementsByClassName=Z.test(n.getElementsByClassName),c.getById=ia(function(a){return o.appendChild(a).id=u,!n.getElementsByName||!n.getElementsByName(u).length}),c.getById?(d.find.ID=function(a,b){if("undefined"!=typeof b.getElementById&&p){var c=b.getElementById(a);return c?[c]:[]}},d.filter.ID=function(a){var b=a.replace(ba,ca);return function(a){return a.getAttribute("id")===b}}):(delete d.find.ID,d.filter.ID=function(a){var b=a.replace(ba,ca);return function(a){var c="undefined"!=typeof a.getAttributeNode&&a.getAttributeNode("id");return c&&c.value===b}}),d.find.TAG=c.getElementsByTagName?function(a,b){return"undefined"!=typeof b.getElementsByTagName?b.getElementsByTagName(a):c.qsa?b.querySelectorAll(a):void 0}:function(a,b){var c,d=[],e=0,f=b.getElementsByTagName(a);if("*"===a){while(c=f[e++])1===c.nodeType&&d.push(c);return d}return f},d.find.CLASS=c.getElementsByClassName&&function(a,b){return"undefined"!=typeof b.getElementsByClassName&&p?b.getElementsByClassName(a):void 0},r=[],q=[],(c.qsa=Z.test(n.querySelectorAll))&&(ia(function(a){o.appendChild(a).innerHTML="<a id='"+u+"'></a><select id='"+u+"-\r\\' msallowcapture=''><option selected=''></option></select>",a.querySelectorAll("[msallowcapture^='']").length&&q.push("[*^$]="+L+"*(?:''|\"\")"),a.querySelectorAll("[selected]").length||q.push("\\["+L+"*(?:value|"+K+")"),a.querySelectorAll("[id~="+u+"-]").length||q.push("~="),a.querySelectorAll(":checked").length||q.push(":checked"),a.querySelectorAll("a#"+u+"+*").length||q.push(".#.+[+~]")}),ia(function(a){var b=n.createElement("input");b.setAttribute("type","hidden"),a.appendChild(b).setAttribute("name","D"),a.querySelectorAll("[name=d]").length&&q.push("name"+L+"*[*^$|!~]?="),a.querySelectorAll(":enabled").length||q.push(":enabled",":disabled"),a.querySelectorAll("*,:x"),q.push(",.*:")})),(c.matchesSelector=Z.test(s=o.matches||o.webkitMatchesSelector||o.mozMatchesSelector||o.oMatchesSelector||o.msMatchesSelector))&&ia(function(a){c.disconnectedMatch=s.call(a,"div"),s.call(a,"[s!='']:x"),r.push("!=",O)}),q=q.length&&new RegExp(q.join("|")),r=r.length&&new RegExp(r.join("|")),b=Z.test(o.compareDocumentPosition),t=b||Z.test(o.contains)?function(a,b){var c=9===a.nodeType?a.documentElement:a,d=b&&b.parentNode;return a===d||!(!d||1!==d.nodeType||!(c.contains?c.contains(d):a.compareDocumentPosition&&16&a.compareDocumentPosition(d)))}:function(a,b){if(b)while(b=b.parentNode)if(b===a)return!0;return!1},B=b?function(a,b){if(a===b)return l=!0,0;var d=!a.compareDocumentPosition-!b.compareDocumentPosition;return d?d:(d=(a.ownerDocument||a)===(b.ownerDocument||b)?a.compareDocumentPosition(b):1,1&d||!c.sortDetached&&b.compareDocumentPosition(a)===d?a===n||a.ownerDocument===v&&t(v,a)?-1:b===n||b.ownerDocument===v&&t(v,b)?1:k?J(k,a)-J(k,b):0:4&d?-1:1)}:function(a,b){if(a===b)return l=!0,0;var c,d=0,e=a.parentNode,f=b.parentNode,g=[a],h=[b];if(!e||!f)return a===n?-1:b===n?1:e?-1:f?1:k?J(k,a)-J(k,b):0;if(e===f)return ka(a,b);c=a;while(c=c.parentNode)g.unshift(c);c=b;while(c=c.parentNode)h.unshift(c);while(g[d]===h[d])d++;return d?ka(g[d],h[d]):g[d]===v?-1:h[d]===v?1:0},n):n},fa.matches=function(a,b){return fa(a,null,null,b)},fa.matchesSelector=function(a,b){if((a.ownerDocument||a)!==n&&m(a),b=b.replace(T,"='$1']"),c.matchesSelector&&p&&!A[b+" "]&&(!r||!r.test(b))&&(!q||!q.test(b)))try{var d=s.call(a,b);if(d||c.disconnectedMatch||a.document&&11!==a.document.nodeType)return d}catch(e){}return fa(b,n,null,[a]).length>0},fa.contains=function(a,b){return(a.ownerDocument||a)!==n&&m(a),t(a,b)},fa.attr=function(a,b){(a.ownerDocument||a)!==n&&m(a);var e=d.attrHandle[b.toLowerCase()],f=e&&D.call(d.attrHandle,b.toLowerCase())?e(a,b,!p):void 0;return void 0!==f?f:c.attributes||!p?a.getAttribute(b):(f=a.getAttributeNode(b))&&f.specified?f.value:null},fa.error=function(a){throw new Error("Syntax error, unrecognized expression: "+a)},fa.uniqueSort=function(a){var b,d=[],e=0,f=0;if(l=!c.detectDuplicates,k=!c.sortStable&&a.slice(0),a.sort(B),l){while(b=a[f++])b===a[f]&&(e=d.push(f));while(e--)a.splice(d[e],1)}return k=null,a},e=fa.getText=function(a){var b,c="",d=0,f=a.nodeType;if(f){if(1===f||9===f||11===f){if("string"==typeof a.textContent)return a.textContent;for(a=a.firstChild;a;a=a.nextSibling)c+=e(a)}else if(3===f||4===f)return a.nodeValue}else while(b=a[d++])c+=e(b);return c},d=fa.selectors={cacheLength:50,createPseudo:ha,match:W,attrHandle:{},find:{},relative:{">":{dir:"parentNode",first:!0}," ":{dir:"parentNode"},"+":{dir:"previousSibling",first:!0},"~":{dir:"previousSibling"}},preFilter:{ATTR:function(a){return a[1]=a[1].replace(ba,ca),a[3]=(a[3]||a[4]||a[5]||"").replace(ba,ca),"~="===a[2]&&(a[3]=" "+a[3]+" "),a.slice(0,4)},CHILD:function(a){return a[1]=a[1].toLowerCase(),"nth"===a[1].slice(0,3)?(a[3]||fa.error(a[0]),a[4]=+(a[4]?a[5]+(a[6]||1):2*("even"===a[3]||"odd"===a[3])),a[5]=+(a[7]+a[8]||"odd"===a[3])):a[3]&&fa.error(a[0]),a},PSEUDO:function(a){var b,c=!a[6]&&a[2];return W.CHILD.test(a[0])?null:(a[3]?a[2]=a[4]||a[5]||"":c&&U.test(c)&&(b=g(c,!0))&&(b=c.indexOf(")",c.length-b)-c.length)&&(a[0]=a[0].slice(0,b),a[2]=c.slice(0,b)),a.slice(0,3))}},filter:{TAG:function(a){var b=a.replace(ba,ca).toLowerCase();return"*"===a?function(){return!0}:function(a){return a.nodeName&&a.nodeName.toLowerCase()===b}},CLASS:function(a){var b=y[a+" "];return b||(b=new RegExp("(^|"+L+")"+a+"("+L+"|$)"))&&y(a,function(a){return b.test("string"==typeof a.className&&a.className||"undefined"!=typeof a.getAttribute&&a.getAttribute("class")||"")})},ATTR:function(a,b,c){return function(d){var e=fa.attr(d,a);return null==e?"!="===b:b?(e+="","="===b?e===c:"!="===b?e!==c:"^="===b?c&&0===e.indexOf(c):"*="===b?c&&e.indexOf(c)>-1:"$="===b?c&&e.slice(-c.length)===c:"~="===b?(" "+e.replace(P," ")+" ").indexOf(c)>-1:"|="===b?e===c||e.slice(0,c.length+1)===c+"-":!1):!0}},CHILD:function(a,b,c,d,e){var f="nth"!==a.slice(0,3),g="last"!==a.slice(-4),h="of-type"===b;return 1===d&&0===e?function(a){return!!a.parentNode}:function(b,c,i){var j,k,l,m,n,o,p=f!==g?"nextSibling":"previousSibling",q=b.parentNode,r=h&&b.nodeName.toLowerCase(),s=!i&&!h,t=!1;if(q){if(f){while(p){m=b;while(m=m[p])if(h?m.nodeName.toLowerCase()===r:1===m.nodeType)return!1;o=p="only"===a&&!o&&"nextSibling"}return!0}if(o=[g?q.firstChild:q.lastChild],g&&s){m=q,l=m[u]||(m[u]={}),k=l[m.uniqueID]||(l[m.uniqueID]={}),j=k[a]||[],n=j[0]===w&&j[1],t=n&&j[2],m=n&&q.childNodes[n];while(m=++n&&m&&m[p]||(t=n=0)||o.pop())if(1===m.nodeType&&++t&&m===b){k[a]=[w,n,t];break}}else if(s&&(m=b,l=m[u]||(m[u]={}),k=l[m.uniqueID]||(l[m.uniqueID]={}),j=k[a]||[],n=j[0]===w&&j[1],t=n),t===!1)while(m=++n&&m&&m[p]||(t=n=0)||o.pop())if((h?m.nodeName.toLowerCase()===r:1===m.nodeType)&&++t&&(s&&(l=m[u]||(m[u]={}),k=l[m.uniqueID]||(l[m.uniqueID]={}),k[a]=[w,t]),m===b))break;return t-=e,t===d||t%d===0&&t/d>=0}}},PSEUDO:function(a,b){var c,e=d.pseudos[a]||d.setFilters[a.toLowerCase()]||fa.error("unsupported pseudo: "+a);return e[u]?e(b):e.length>1?(c=[a,a,"",b],d.setFilters.hasOwnProperty(a.toLowerCase())?ha(function(a,c){var d,f=e(a,b),g=f.length;while(g--)d=J(a,f[g]),a[d]=!(c[d]=f[g])}):function(a){return e(a,0,c)}):e}},pseudos:{not:ha(function(a){var b=[],c=[],d=h(a.replace(Q,"$1"));return d[u]?ha(function(a,b,c,e){var f,g=d(a,null,e,[]),h=a.length;while(h--)(f=g[h])&&(a[h]=!(b[h]=f))}):function(a,e,f){return b[0]=a,d(b,null,f,c),b[0]=null,!c.pop()}}),has:ha(function(a){return function(b){return fa(a,b).length>0}}),contains:ha(function(a){return a=a.replace(ba,ca),function(b){return(b.textContent||b.innerText||e(b)).indexOf(a)>-1}}),lang:ha(function(a){return V.test(a||"")||fa.error("unsupported lang: "+a),a=a.replace(ba,ca).toLowerCase(),function(b){var c;do if(c=p?b.lang:b.getAttribute("xml:lang")||b.getAttribute("lang"))return c=c.toLowerCase(),c===a||0===c.indexOf(a+"-");while((b=b.parentNode)&&1===b.nodeType);return!1}}),target:function(b){var c=a.location&&a.location.hash;return c&&c.slice(1)===b.id},root:function(a){return a===o},focus:function(a){return a===n.activeElement&&(!n.hasFocus||n.hasFocus())&&!!(a.type||a.href||~a.tabIndex)},enabled:function(a){return a.disabled===!1},disabled:function(a){return a.disabled===!0},checked:function(a){var b=a.nodeName.toLowerCase();return"input"===b&&!!a.checked||"option"===b&&!!a.selected},selected:function(a){return a.parentNode&&a.parentNode.selectedIndex,a.selected===!0},empty:function(a){for(a=a.firstChild;a;a=a.nextSibling)if(a.nodeType<6)return!1;return!0},parent:function(a){return!d.pseudos.empty(a)},header:function(a){return Y.test(a.nodeName)},input:function(a){return X.test(a.nodeName)},button:function(a){var b=a.nodeName.toLowerCase();return"input"===b&&"button"===a.type||"button"===b},text:function(a){var b;return"input"===a.nodeName.toLowerCase()&&"text"===a.type&&(null==(b=a.getAttribute("type"))||"text"===b.toLowerCase())},first:na(function(){return[0]}),last:na(function(a,b){return[b-1]}),eq:na(function(a,b,c){return[0>c?c+b:c]}),even:na(function(a,b){for(var c=0;b>c;c+=2)a.push(c);return a}),odd:na(function(a,b){for(var c=1;b>c;c+=2)a.push(c);return a}),lt:na(function(a,b,c){for(var d=0>c?c+b:c;--d>=0;)a.push(d);return a}),gt:na(function(a,b,c){for(var d=0>c?c+b:c;++d<b;)a.push(d);return a})}},d.pseudos.nth=d.pseudos.eq;for(b in{radio:!0,checkbox:!0,file:!0,password:!0,image:!0})d.pseudos[b]=la(b);for(b in{submit:!0,reset:!0})d.pseudos[b]=ma(b);function pa(){}pa.prototype=d.filters=d.pseudos,d.setFilters=new pa,g=fa.tokenize=function(a,b){var c,e,f,g,h,i,j,k=z[a+" "];if(k)return b?0:k.slice(0);h=a,i=[],j=d.preFilter;while(h){c&&!(e=R.exec(h))||(e&&(h=h.slice(e[0].length)||h),i.push(f=[])),c=!1,(e=S.exec(h))&&(c=e.shift(),f.push({value:c,type:e[0].replace(Q," ")}),h=h.slice(c.length));for(g in d.filter)!(e=W[g].exec(h))||j[g]&&!(e=j[g](e))||(c=e.shift(),f.push({value:c,type:g,matches:e}),h=h.slice(c.length));if(!c)break}return b?h.length:h?fa.error(a):z(a,i).slice(0)};function qa(a){for(var b=0,c=a.length,d="";c>b;b++)d+=a[b].value;return d}function ra(a,b,c){var d=b.dir,e=c&&"parentNode"===d,f=x++;return b.first?function(b,c,f){while(b=b[d])if(1===b.nodeType||e)return a(b,c,f)}:function(b,c,g){var h,i,j,k=[w,f];if(g){while(b=b[d])if((1===b.nodeType||e)&&a(b,c,g))return!0}else while(b=b[d])if(1===b.nodeType||e){if(j=b[u]||(b[u]={}),i=j[b.uniqueID]||(j[b.uniqueID]={}),(h=i[d])&&h[0]===w&&h[1]===f)return k[2]=h[2];if(i[d]=k,k[2]=a(b,c,g))return!0}}}function sa(a){return a.length>1?function(b,c,d){var e=a.length;while(e--)if(!a[e](b,c,d))return!1;return!0}:a[0]}function ta(a,b,c){for(var d=0,e=b.length;e>d;d++)fa(a,b[d],c);return c}function ua(a,b,c,d,e){for(var f,g=[],h=0,i=a.length,j=null!=b;i>h;h++)(f=a[h])&&(c&&!c(f,d,e)||(g.push(f),j&&b.push(h)));return g}function va(a,b,c,d,e,f){return d&&!d[u]&&(d=va(d)),e&&!e[u]&&(e=va(e,f)),ha(function(f,g,h,i){var j,k,l,m=[],n=[],o=g.length,p=f||ta(b||"*",h.nodeType?[h]:h,[]),q=!a||!f&&b?p:ua(p,m,a,h,i),r=c?e||(f?a:o||d)?[]:g:q;if(c&&c(q,r,h,i),d){j=ua(r,n),d(j,[],h,i),k=j.length;while(k--)(l=j[k])&&(r[n[k]]=!(q[n[k]]=l))}if(f){if(e||a){if(e){j=[],k=r.length;while(k--)(l=r[k])&&j.push(q[k]=l);e(null,r=[],j,i)}k=r.length;while(k--)(l=r[k])&&(j=e?J(f,l):m[k])>-1&&(f[j]=!(g[j]=l))}}else r=ua(r===g?r.splice(o,r.length):r),e?e(null,g,r,i):H.apply(g,r)})}function wa(a){for(var b,c,e,f=a.length,g=d.relative[a[0].type],h=g||d.relative[" "],i=g?1:0,k=ra(function(a){return a===b},h,!0),l=ra(function(a){return J(b,a)>-1},h,!0),m=[function(a,c,d){var e=!g&&(d||c!==j)||((b=c).nodeType?k(a,c,d):l(a,c,d));return b=null,e}];f>i;i++)if(c=d.relative[a[i].type])m=[ra(sa(m),c)];else{if(c=d.filter[a[i].type].apply(null,a[i].matches),c[u]){for(e=++i;f>e;e++)if(d.relative[a[e].type])break;return va(i>1&&sa(m),i>1&&qa(a.slice(0,i-1).concat({value:" "===a[i-2].type?"*":""})).replace(Q,"$1"),c,e>i&&wa(a.slice(i,e)),f>e&&wa(a=a.slice(e)),f>e&&qa(a))}m.push(c)}return sa(m)}function xa(a,b){var c=b.length>0,e=a.length>0,f=function(f,g,h,i,k){var l,o,q,r=0,s="0",t=f&&[],u=[],v=j,x=f||e&&d.find.TAG("*",k),y=w+=null==v?1:Math.random()||.1,z=x.length;for(k&&(j=g===n||g||k);s!==z&&null!=(l=x[s]);s++){if(e&&l){o=0,g||l.ownerDocument===n||(m(l),h=!p);while(q=a[o++])if(q(l,g||n,h)){i.push(l);break}k&&(w=y)}c&&((l=!q&&l)&&r--,f&&t.push(l))}if(r+=s,c&&s!==r){o=0;while(q=b[o++])q(t,u,g,h);if(f){if(r>0)while(s--)t[s]||u[s]||(u[s]=F.call(i));u=ua(u)}H.apply(i,u),k&&!f&&u.length>0&&r+b.length>1&&fa.uniqueSort(i)}return k&&(w=y,j=v),t};return c?ha(f):f}return h=fa.compile=function(a,b){var c,d=[],e=[],f=A[a+" "];if(!f){b||(b=g(a)),c=b.length;while(c--)f=wa(b[c]),f[u]?d.push(f):e.push(f);f=A(a,xa(e,d)),f.selector=a}return f},i=fa.select=function(a,b,e,f){var i,j,k,l,m,n="function"==typeof a&&a,o=!f&&g(a=n.selector||a);if(e=e||[],1===o.length){if(j=o[0]=o[0].slice(0),j.length>2&&"ID"===(k=j[0]).type&&c.getById&&9===b.nodeType&&p&&d.relative[j[1].type]){if(b=(d.find.ID(k.matches[0].replace(ba,ca),b)||[])[0],!b)return e;n&&(b=b.parentNode),a=a.slice(j.shift().value.length)}i=W.needsContext.test(a)?0:j.length;while(i--){if(k=j[i],d.relative[l=k.type])break;if((m=d.find[l])&&(f=m(k.matches[0].replace(ba,ca),_.test(j[0].type)&&oa(b.parentNode)||b))){if(j.splice(i,1),a=f.length&&qa(j),!a)return H.apply(e,f),e;break}}}return(n||h(a,o))(f,b,!p,e,!b||_.test(a)&&oa(b.parentNode)||b),e},c.sortStable=u.split("").sort(B).join("")===u,c.detectDuplicates=!!l,m(),c.sortDetached=ia(function(a){return 1&a.compareDocumentPosition(n.createElement("div"))}),ia(function(a){return a.innerHTML="<a href='#'></a>","#"===a.firstChild.getAttribute("href")})||ja("type|href|height|width",function(a,b,c){return c?void 0:a.getAttribute(b,"type"===b.toLowerCase()?1:2)}),c.attributes&&ia(function(a){return a.innerHTML="<input/>",a.firstChild.setAttribute("value",""),""===a.firstChild.getAttribute("value")})||ja("value",function(a,b,c){return c||"input"!==a.nodeName.toLowerCase()?void 0:a.defaultValue}),ia(function(a){return null==a.getAttribute("disabled")})||ja(K,function(a,b,c){var d;return c?void 0:a[b]===!0?b.toLowerCase():(d=a.getAttributeNode(b))&&d.specified?d.value:null}),fa}(a);n.find=t,n.expr=t.selectors,n.expr[":"]=n.expr.pseudos,n.uniqueSort=n.unique=t.uniqueSort,n.text=t.getText,n.isXMLDoc=t.isXML,n.contains=t.contains;var u=function(a,b,c){var d=[],e=void 0!==c;while((a=a[b])&&9!==a.nodeType)if(1===a.nodeType){if(e&&n(a).is(c))break;d.push(a)}return d},v=function(a,b){for(var c=[];a;a=a.nextSibling)1===a.nodeType&&a!==b&&c.push(a);return c},w=n.expr.match.needsContext,x=/^<([\w-]+)\s*\/?>(?:<\/\1>|)$/,y=/^.[^:#\[\.,]*$/;function z(a,b,c){if(n.isFunction(b))return n.grep(a,function(a,d){return!!b.call(a,d,a)!==c});if(b.nodeType)return n.grep(a,function(a){return a===b!==c});if("string"==typeof b){if(y.test(b))return n.filter(b,a,c);b=n.filter(b,a)}return n.grep(a,function(a){return n.inArray(a,b)>-1!==c})}n.filter=function(a,b,c){var d=b[0];return c&&(a=":not("+a+")"),1===b.length&&1===d.nodeType?n.find.matchesSelector(d,a)?[d]:[]:n.find.matches(a,n.grep(b,function(a){return 1===a.nodeType}))},n.fn.extend({find:function(a){var b,c=[],d=this,e=d.length;if("string"!=typeof a)return this.pushStack(n(a).filter(function(){for(b=0;e>b;b++)if(n.contains(d[b],this))return!0}));for(b=0;e>b;b++)n.find(a,d[b],c);return c=this.pushStack(e>1?n.unique(c):c),c.selector=this.selector?this.selector+" "+a:a,c},filter:function(a){return this.pushStack(z(this,a||[],!1))},not:function(a){return this.pushStack(z(this,a||[],!0))},is:function(a){return!!z(this,"string"==typeof a&&w.test(a)?n(a):a||[],!1).length}});var A,B=/^(?:\s*(<[\w\W]+>)[^>]*|#([\w-]*))$/,C=n.fn.init=function(a,b,c){var e,f;if(!a)return this;if(c=c||A,"string"==typeof a){if(e="<"===a.charAt(0)&&">"===a.charAt(a.length-1)&&a.length>=3?[null,a,null]:B.exec(a),!e||!e[1]&&b)return!b||b.jquery?(b||c).find(a):this.constructor(b).find(a);if(e[1]){if(b=b instanceof n?b[0]:b,n.merge(this,n.parseHTML(e[1],b&&b.nodeType?b.ownerDocument||b:d,!0)),x.test(e[1])&&n.isPlainObject(b))for(e in b)n.isFunction(this[e])?this[e](b[e]):this.attr(e,b[e]);return this}if(f=d.getElementById(e[2]),f&&f.parentNode){if(f.id!==e[2])return A.find(a);this.length=1,this[0]=f}return this.context=d,this.selector=a,this}return a.nodeType?(this.context=this[0]=a,this.length=1,this):n.isFunction(a)?"undefined"!=typeof c.ready?c.ready(a):a(n):(void 0!==a.selector&&(this.selector=a.selector,this.context=a.context),n.makeArray(a,this))};C.prototype=n.fn,A=n(d);var D=/^(?:parents|prev(?:Until|All))/,E={children:!0,contents:!0,next:!0,prev:!0};n.fn.extend({has:function(a){var b,c=n(a,this),d=c.length;return this.filter(function(){for(b=0;d>b;b++)if(n.contains(this,c[b]))return!0})},closest:function(a,b){for(var c,d=0,e=this.length,f=[],g=w.test(a)||"string"!=typeof a?n(a,b||this.context):0;e>d;d++)for(c=this[d];c&&c!==b;c=c.parentNode)if(c.nodeType<11&&(g?g.index(c)>-1:1===c.nodeType&&n.find.matchesSelector(c,a))){f.push(c);break}return this.pushStack(f.length>1?n.uniqueSort(f):f)},index:function(a){return a?"string"==typeof a?n.inArray(this[0],n(a)):n.inArray(a.jquery?a[0]:a,this):this[0]&&this[0].parentNode?this.first().prevAll().length:-1},add:function(a,b){return this.pushStack(n.uniqueSort(n.merge(this.get(),n(a,b))))},addBack:function(a){return this.add(null==a?this.prevObject:this.prevObject.filter(a))}});function F(a,b){do a=a[b];while(a&&1!==a.nodeType);return a}n.each({parent:function(a){var b=a.parentNode;return b&&11!==b.nodeType?b:null},parents:function(a){return u(a,"parentNode")},parentsUntil:function(a,b,c){return u(a,"parentNode",c)},next:function(a){return F(a,"nextSibling")},prev:function(a){return F(a,"previousSibling")},nextAll:function(a){return u(a,"nextSibling")},prevAll:function(a){return u(a,"previousSibling")},nextUntil:function(a,b,c){return u(a,"nextSibling",c)},prevUntil:function(a,b,c){return u(a,"previousSibling",c)},siblings:function(a){return v((a.parentNode||{}).firstChild,a)},children:function(a){return v(a.firstChild)},contents:function(a){return n.nodeName(a,"iframe")?a.contentDocument||a.contentWindow.document:n.merge([],a.childNodes)}},function(a,b){n.fn[a]=function(c,d){var e=n.map(this,b,c);return"Until"!==a.slice(-5)&&(d=c),d&&"string"==typeof d&&(e=n.filter(d,e)),this.length>1&&(E[a]||(e=n.uniqueSort(e)),D.test(a)&&(e=e.reverse())),this.pushStack(e)}});var G=/\S+/g;function H(a){var b={};return n.each(a.match(G)||[],function(a,c){b[c]=!0}),b}n.Callbacks=function(a){a="string"==typeof a?H(a):n.extend({},a);var b,c,d,e,f=[],g=[],h=-1,i=function(){for(e=a.once,d=b=!0;g.length;h=-1){c=g.shift();while(++h<f.length)f[h].apply(c[0],c[1])===!1&&a.stopOnFalse&&(h=f.length,c=!1)}a.memory||(c=!1),b=!1,e&&(f=c?[]:"")},j={add:function(){return f&&(c&&!b&&(h=f.length-1,g.push(c)),function d(b){n.each(b,function(b,c){n.isFunction(c)?a.unique&&j.has(c)||f.push(c):c&&c.length&&"string"!==n.type(c)&&d(c)})}(arguments),c&&!b&&i()),this},remove:function(){return n.each(arguments,function(a,b){var c;while((c=n.inArray(b,f,c))>-1)f.splice(c,1),h>=c&&h--}),this},has:function(a){return a?n.inArray(a,f)>-1:f.length>0},empty:function(){return f&&(f=[]),this},disable:function(){return e=g=[],f=c="",this},disabled:function(){return!f},lock:function(){return e=!0,c||j.disable(),this},locked:function(){return!!e},fireWith:function(a,c){return e||(c=c||[],c=[a,c.slice?c.slice():c],g.push(c),b||i()),this},fire:function(){return j.fireWith(this,arguments),this},fired:function(){return!!d}};return j},n.extend({Deferred:function(a){var b=[["resolve","done",n.Callbacks("once memory"),"resolved"],["reject","fail",n.Callbacks("once memory"),"rejected"],["notify","progress",n.Callbacks("memory")]],c="pending",d={state:function(){return c},always:function(){return e.done(arguments).fail(arguments),this},then:function(){var a=arguments;return n.Deferred(function(c){n.each(b,function(b,f){var g=n.isFunction(a[b])&&a[b];e[f[1]](function(){var a=g&&g.apply(this,arguments);a&&n.isFunction(a.promise)?a.promise().progress(c.notify).done(c.resolve).fail(c.reject):c[f[0]+"With"](this===d?c.promise():this,g?[a]:arguments)})}),a=null}).promise()},promise:function(a){return null!=a?n.extend(a,d):d}},e={};return d.pipe=d.then,n.each(b,function(a,f){var g=f[2],h=f[3];d[f[1]]=g.add,h&&g.add(function(){c=h},b[1^a][2].disable,b[2][2].lock),e[f[0]]=function(){return e[f[0]+"With"](this===e?d:this,arguments),this},e[f[0]+"With"]=g.fireWith}),d.promise(e),a&&a.call(e,e),e},when:function(a){var b=0,c=e.call(arguments),d=c.length,f=1!==d||a&&n.isFunction(a.promise)?d:0,g=1===f?a:n.Deferred(),h=function(a,b,c){return function(d){b[a]=this,c[a]=arguments.length>1?e.call(arguments):d,c===i?g.notifyWith(b,c):--f||g.resolveWith(b,c)}},i,j,k;if(d>1)for(i=new Array(d),j=new Array(d),k=new Array(d);d>b;b++)c[b]&&n.isFunction(c[b].promise)?c[b].promise().progress(h(b,j,i)).done(h(b,k,c)).fail(g.reject):--f;return f||g.resolveWith(k,c),g.promise()}});var I;n.fn.ready=function(a){return n.ready.promise().done(a),this},n.extend({isReady:!1,readyWait:1,holdReady:function(a){a?n.readyWait++:n.ready(!0)},ready:function(a){(a===!0?--n.readyWait:n.isReady)||(n.isReady=!0,a!==!0&&--n.readyWait>0||(I.resolveWith(d,[n]),n.fn.triggerHandler&&(n(d).triggerHandler("ready"),n(d).off("ready"))))}});function J(){d.addEventListener?(d.removeEventListener("DOMContentLoaded",K),a.removeEventListener("load",K)):(d.detachEvent("onreadystatechange",K),a.detachEvent("onload",K))}function K(){(d.addEventListener||"load"===a.event.type||"complete"===d.readyState)&&(J(),n.ready())}n.ready.promise=function(b){if(!I)if(I=n.Deferred(),"complete"===d.readyState||"loading"!==d.readyState&&!d.documentElement.doScroll)a.setTimeout(n.ready);else if(d.addEventListener)d.addEventListener("DOMContentLoaded",K),a.addEventListener("load",K);else{d.attachEvent("onreadystatechange",K),a.attachEvent("onload",K);var c=!1;try{c=null==a.frameElement&&d.documentElement}catch(e){}c&&c.doScroll&&!function f(){if(!n.isReady){try{c.doScroll("left")}catch(b){return a.setTimeout(f,50)}J(),n.ready()}}()}return I.promise(b)},n.ready.promise();var L;for(L in n(l))break;l.ownFirst="0"===L,l.inlineBlockNeedsLayout=!1,n(function(){var a,b,c,e;c=d.getElementsByTagName("body")[0],c&&c.style&&(b=d.createElement("div"),e=d.createElement("div"),e.style.cssText="position:absolute;border:0;width:0;height:0;top:0;left:-9999px",c.appendChild(e).appendChild(b),"undefined"!=typeof b.style.zoom&&(b.style.cssText="display:inline;margin:0;border:0;padding:1px;width:1px;zoom:1",l.inlineBlockNeedsLayout=a=3===b.offsetWidth,a&&(c.style.zoom=1)),c.removeChild(e))}),function(){var a=d.createElement("div");l.deleteExpando=!0;try{delete a.test}catch(b){l.deleteExpando=!1}a=null}();var M=function(a){var b=n.noData[(a.nodeName+" ").toLowerCase()],c=+a.nodeType||1;return 1!==c&&9!==c?!1:!b||b!==!0&&a.getAttribute("classid")===b},N=/^(?:\{[\w\W]*\}|\[[\w\W]*\])$/,O=/([A-Z])/g;function P(a,b,c){if(void 0===c&&1===a.nodeType){var d="data-"+b.replace(O,"-$1").toLowerCase();if(c=a.getAttribute(d),"string"==typeof c){try{c="true"===c?!0:"false"===c?!1:"null"===c?null:+c+""===c?+c:N.test(c)?n.parseJSON(c):c}catch(e){}n.data(a,b,c)}else c=void 0;
>}return c}function Q(a){var b;for(b in a)if(("data"!==b||!n.isEmptyObject(a[b]))&&"toJSON"!==b)return!1;return!0}function R(a,b,d,e){if(M(a)){var f,g,h=n.expando,i=a.nodeType,j=i?n.cache:a,k=i?a[h]:a[h]&&h;if(k&&j[k]&&(e||j[k].data)||void 0!==d||"string"!=typeof b)return k||(k=i?a[h]=c.pop()||n.guid++:h),j[k]||(j[k]=i?{}:{toJSON:n.noop}),"object"!=typeof b&&"function"!=typeof b||(e?j[k]=n.extend(j[k],b):j[k].data=n.extend(j[k].data,b)),g=j[k],e||(g.data||(g.data={}),g=g.data),void 0!==d&&(g[n.camelCase(b)]=d),"string"==typeof b?(f=g[b],null==f&&(f=g[n.camelCase(b)])):f=g,f}}function S(a,b,c){if(M(a)){var d,e,f=a.nodeType,g=f?n.cache:a,h=f?a[n.expando]:n.expando;if(g[h]){if(b&&(d=c?g[h]:g[h].data)){n.isArray(b)?b=b.concat(n.map(b,n.camelCase)):b in d?b=[b]:(b=n.camelCase(b),b=b in d?[b]:b.split(" ")),e=b.length;while(e--)delete d[b[e]];if(c?!Q(d):!n.isEmptyObject(d))return}(c||(delete g[h].data,Q(g[h])))&&(f?n.cleanData([a],!0):l.deleteExpando||g!=g.window?delete g[h]:g[h]=void 0)}}}n.extend({cache:{},noData:{"applet ":!0,"embed ":!0,"object ":"clsid:D27CDB6E-AE6D-11cf-96B8-444553540000"},hasData:function(a){return a=a.nodeType?n.cache[a[n.expando]]:a[n.expando],!!a&&!Q(a)},data:function(a,b,c){return R(a,b,c)},removeData:function(a,b){return S(a,b)},_data:function(a,b,c){return R(a,b,c,!0)},_removeData:function(a,b){return S(a,b,!0)}}),n.fn.extend({data:function(a,b){var c,d,e,f=this[0],g=f&&f.attributes;if(void 0===a){if(this.length&&(e=n.data(f),1===f.nodeType&&!n._data(f,"parsedAttrs"))){c=g.length;while(c--)g[c]&&(d=g[c].name,0===d.indexOf("data-")&&(d=n.camelCase(d.slice(5)),P(f,d,e[d])));n._data(f,"parsedAttrs",!0)}return e}return"object"==typeof a?this.each(function(){n.data(this,a)}):arguments.length>1?this.each(function(){n.data(this,a,b)}):f?P(f,a,n.data(f,a)):void 0},removeData:function(a){return this.each(function(){n.removeData(this,a)})}}),n.extend({queue:function(a,b,c){var d;return a?(b=(b||"fx")+"queue",d=n._data(a,b),c&&(!d||n.isArray(c)?d=n._data(a,b,n.makeArray(c)):d.push(c)),d||[]):void 0},dequeue:function(a,b){b=b||"fx";var c=n.queue(a,b),d=c.length,e=c.shift(),f=n._queueHooks(a,b),g=function(){n.dequeue(a,b)};"inprogress"===e&&(e=c.shift(),d--),e&&("fx"===b&&c.unshift("inprogress"),delete f.stop,e.call(a,g,f)),!d&&f&&f.empty.fire()},_queueHooks:function(a,b){var c=b+"queueHooks";return n._data(a,c)||n._data(a,c,{empty:n.Callbacks("once memory").add(function(){n._removeData(a,b+"queue"),n._removeData(a,c)})})}}),n.fn.extend({queue:function(a,b){var c=2;return"string"!=typeof a&&(b=a,a="fx",c--),arguments.length<c?n.queue(this[0],a):void 0===b?this:this.each(function(){var c=n.queue(this,a,b);n._queueHooks(this,a),"fx"===a&&"inprogress"!==c[0]&&n.dequeue(this,a)})},dequeue:function(a){return this.each(function(){n.dequeue(this,a)})},clearQueue:function(a){return this.queue(a||"fx",[])},promise:function(a,b){var c,d=1,e=n.Deferred(),f=this,g=this.length,h=function(){--d||e.resolveWith(f,[f])};"string"!=typeof a&&(b=a,a=void 0),a=a||"fx";while(g--)c=n._data(f[g],a+"queueHooks"),c&&c.empty&&(d++,c.empty.add(h));return h(),e.promise(b)}}),function(){var a;l.shrinkWrapBlocks=function(){if(null!=a)return a;a=!1;var b,c,e;return c=d.getElementsByTagName("body")[0],c&&c.style?(b=d.createElement("div"),e=d.createElement("div"),e.style.cssText="position:absolute;border:0;width:0;height:0;top:0;left:-9999px",c.appendChild(e).appendChild(b),"undefined"!=typeof b.style.zoom&&(b.style.cssText="-webkit-box-sizing:content-box;-moz-box-sizing:content-box;box-sizing:content-box;display:block;margin:0;border:0;padding:1px;width:1px;zoom:1",b.appendChild(d.createElement("div")).style.width="5px",a=3!==b.offsetWidth),c.removeChild(e),a):void 0}}();var T=/[+-]?(?:\d*\.|)\d+(?:[eE][+-]?\d+|)/.source,U=new RegExp("^(?:([+-])=|)("+T+")([a-z%]*)$","i"),V=["Top","Right","Bottom","Left"],W=function(a,b){return a=b||a,"none"===n.css(a,"display")||!n.contains(a.ownerDocument,a)};function X(a,b,c,d){var e,f=1,g=20,h=d?function(){return d.cur()}:function(){return n.css(a,b,"")},i=h(),j=c&&c[3]||(n.cssNumber[b]?"":"px"),k=(n.cssNumber[b]||"px"!==j&&+i)&&U.exec(n.css(a,b));if(k&&k[3]!==j){j=j||k[3],c=c||[],k=+i||1;do f=f||".5",k/=f,n.style(a,b,k+j);while(f!==(f=h()/i)&&1!==f&&--g)}return c&&(k=+k||+i||0,e=c[1]?k+(c[1]+1)*c[2]:+c[2],d&&(d.unit=j,d.start=k,d.end=e)),e}var Y=function(a,b,c,d,e,f,g){var h=0,i=a.length,j=null==c;if("object"===n.type(c)){e=!0;for(h in c)Y(a,b,h,c[h],!0,f,g)}else if(void 0!==d&&(e=!0,n.isFunction(d)||(g=!0),j&&(g?(b.call(a,d),b=null):(j=b,b=function(a,b,c){return j.call(n(a),c)})),b))for(;i>h;h++)b(a[h],c,g?d:d.call(a[h],h,b(a[h],c)));return e?a:j?b.call(a):i?b(a[0],c):f},Z=/^(?:checkbox|radio)$/i,$=/<([\w:-]+)/,_=/^$|\/(?:java|ecma)script/i,aa=/^\s+/,ba="abbr|article|aside|audio|bdi|canvas|data|datalist|details|dialog|figcaption|figure|footer|header|hgroup|main|mark|meter|nav|output|picture|progress|section|summary|template|time|video";function ca(a){var b=ba.split("|"),c=a.createDocumentFragment();if(c.createElement)while(b.length)c.createElement(b.pop());return c}!function(){var a=d.createElement("div"),b=d.createDocumentFragment(),c=d.createElement("input");a.innerHTML="  <link/><table></table><a href='/a'>a</a><input type='checkbox'/>",l.leadingWhitespace=3===a.firstChild.nodeType,l.tbody=!a.getElementsByTagName("tbody").length,l.htmlSerialize=!!a.getElementsByTagName("link").length,l.html5Clone="<:nav></:nav>"!==d.createElement("nav").cloneNode(!0).outerHTML,c.type="checkbox",c.checked=!0,b.appendChild(c),l.appendChecked=c.checked,a.innerHTML="<textarea>x</textarea>",l.noCloneChecked=!!a.cloneNode(!0).lastChild.defaultValue,b.appendChild(a),c=d.createElement("input"),c.setAttribute("type","radio"),c.setAttribute("checked","checked"),c.setAttribute("name","t"),a.appendChild(c),l.checkClone=a.cloneNode(!0).cloneNode(!0).lastChild.checked,l.noCloneEvent=!!a.addEventListener,a[n.expando]=1,l.attributes=!a.getAttribute(n.expando)}();var da={option:[1,"<select multiple='multiple'>","</select>"],legend:[1,"<fieldset>","</fieldset>"],area:[1,"<map>","</map>"],param:[1,"<object>","</object>"],thead:[1,"<table>","</table>"],tr:[2,"<table><tbody>","</tbody></table>"],col:[2,"<table><tbody></tbody><colgroup>","</colgroup></table>"],td:[3,"<table><tbody><tr>","</tr></tbody></table>"],_default:l.htmlSerialize?[0,"",""]:[1,"X<div>","</div>"]};da.optgroup=da.option,da.tbody=da.tfoot=da.colgroup=da.caption=da.thead,da.th=da.td;function ea(a,b){var c,d,e=0,f="undefined"!=typeof a.getElementsByTagName?a.getElementsByTagName(b||"*"):"undefined"!=typeof a.querySelectorAll?a.querySelectorAll(b||"*"):void 0;if(!f)for(f=[],c=a.childNodes||a;null!=(d=c[e]);e++)!b||n.nodeName(d,b)?f.push(d):n.merge(f,ea(d,b));return void 0===b||b&&n.nodeName(a,b)?n.merge([a],f):f}function fa(a,b){for(var c,d=0;null!=(c=a[d]);d++)n._data(c,"globalEval",!b||n._data(b[d],"globalEval"))}var ga=/<|&#?\w+;/,ha=/<tbody/i;function ia(a){Z.test(a.type)&&(a.defaultChecked=a.checked)}function ja(a,b,c,d,e){for(var f,g,h,i,j,k,m,o=a.length,p=ca(b),q=[],r=0;o>r;r++)if(g=a[r],g||0===g)if("object"===n.type(g))n.merge(q,g.nodeType?[g]:g);else if(ga.test(g)){i=i||p.appendChild(b.createElement("div")),j=($.exec(g)||["",""])[1].toLowerCase(),m=da[j]||da._default,i.innerHTML=m[1]+n.htmlPrefilter(g)+m[2],f=m[0];while(f--)i=i.lastChild;if(!l.leadingWhitespace&&aa.test(g)&&q.push(b.createTextNode(aa.exec(g)[0])),!l.tbody){g="table"!==j||ha.test(g)?"<table>"!==m[1]||ha.test(g)?0:i:i.firstChild,f=g&&g.childNodes.length;while(f--)n.nodeName(k=g.childNodes[f],"tbody")&&!k.childNodes.length&&g.removeChild(k)}n.merge(q,i.childNodes),i.textContent="";while(i.firstChild)i.removeChild(i.firstChild);i=p.lastChild}else q.push(b.createTextNode(g));i&&p.removeChild(i),l.appendChecked||n.grep(ea(q,"input"),ia),r=0;while(g=q[r++])if(d&&n.inArray(g,d)>-1)e&&e.push(g);else if(h=n.contains(g.ownerDocument,g),i=ea(p.appendChild(g),"script"),h&&fa(i),c){f=0;while(g=i[f++])_.test(g.type||"")&&c.push(g)}return i=null,p}!function(){var b,c,e=d.createElement("div");for(b in{submit:!0,change:!0,focusin:!0})c="on"+b,(l[b]=c in a)||(e.setAttribute(c,"t"),l[b]=e.attributes[c].expando===!1);e=null}();var ka=/^(?:input|select|textarea)$/i,la=/^key/,ma=/^(?:mouse|pointer|contextmenu|drag|drop)|click/,na=/^(?:focusinfocus|focusoutblur)$/,oa=/^([^.]*)(?:\.(.+)|)/;function pa(){return!0}function qa(){return!1}function ra(){try{return d.activeElement}catch(a){}}function sa(a,b,c,d,e,f){var g,h;if("object"==typeof b){"string"!=typeof c&&(d=d||c,c=void 0);for(h in b)sa(a,h,c,d,b[h],f);return a}if(null==d&&null==e?(e=c,d=c=void 0):null==e&&("string"==typeof c?(e=d,d=void 0):(e=d,d=c,c=void 0)),e===!1)e=qa;else if(!e)return a;return 1===f&&(g=e,e=function(a){return n().off(a),g.apply(this,arguments)},e.guid=g.guid||(g.guid=n.guid++)),a.each(function(){n.event.add(this,b,e,d,c)})}n.event={global:{},add:function(a,b,c,d,e){var f,g,h,i,j,k,l,m,o,p,q,r=n._data(a);if(r){c.handler&&(i=c,c=i.handler,e=i.selector),c.guid||(c.guid=n.guid++),(g=r.events)||(g=r.events={}),(k=r.handle)||(k=r.handle=function(a){return"undefined"==typeof n||a&&n.event.triggered===a.type?void 0:n.event.dispatch.apply(k.elem,arguments)},k.elem=a),b=(b||"").match(G)||[""],h=b.length;while(h--)f=oa.exec(b[h])||[],o=q=f[1],p=(f[2]||"").split(".").sort(),o&&(j=n.event.special[o]||{},o=(e?j.delegateType:j.bindType)||o,j=n.event.special[o]||{},l=n.extend({type:o,origType:q,data:d,handler:c,guid:c.guid,selector:e,needsContext:e&&n.expr.match.needsContext.test(e),namespace:p.join(".")},i),(m=g[o])||(m=g[o]=[],m.delegateCount=0,j.setup&&j.setup.call(a,d,p,k)!==!1||(a.addEventListener?a.addEventListener(o,k,!1):a.attachEvent&&a.attachEvent("on"+o,k))),j.add&&(j.add.call(a,l),l.handler.guid||(l.handler.guid=c.guid)),e?m.splice(m.delegateCount++,0,l):m.push(l),n.event.global[o]=!0);a=null}},remove:function(a,b,c,d,e){var f,g,h,i,j,k,l,m,o,p,q,r=n.hasData(a)&&n._data(a);if(r&&(k=r.events)){b=(b||"").match(G)||[""],j=b.length;while(j--)if(h=oa.exec(b[j])||[],o=q=h[1],p=(h[2]||"").split(".").sort(),o){l=n.event.special[o]||{},o=(d?l.delegateType:l.bindType)||o,m=k[o]||[],h=h[2]&&new RegExp("(^|\\.)"+p.join("\\.(?:.*\\.|)")+"(\\.|$)"),i=f=m.length;while(f--)g=m[f],!e&&q!==g.origType||c&&c.guid!==g.guid||h&&!h.test(g.namespace)||d&&d!==g.selector&&("**"!==d||!g.selector)||(m.splice(f,1),g.selector&&m.delegateCount--,l.remove&&l.remove.call(a,g));i&&!m.length&&(l.teardown&&l.teardown.call(a,p,r.handle)!==!1||n.removeEvent(a,o,r.handle),delete k[o])}else for(o in k)n.event.remove(a,o+b[j],c,d,!0);n.isEmptyObject(k)&&(delete r.handle,n._removeData(a,"events"))}},trigger:function(b,c,e,f){var g,h,i,j,l,m,o,p=[e||d],q=k.call(b,"type")?b.type:b,r=k.call(b,"namespace")?b.namespace.split("."):[];if(i=m=e=e||d,3!==e.nodeType&&8!==e.nodeType&&!na.test(q+n.event.triggered)&&(q.indexOf(".")>-1&&(r=q.split("."),q=r.shift(),r.sort()),h=q.indexOf(":")<0&&"on"+q,b=b[n.expando]?b:new n.Event(q,"object"==typeof b&&b),b.isTrigger=f?2:3,b.namespace=r.join("."),b.rnamespace=b.namespace?new RegExp("(^|\\.)"+r.join("\\.(?:.*\\.|)")+"(\\.|$)"):null,b.result=void 0,b.target||(b.target=e),c=null==c?[b]:n.makeArray(c,[b]),l=n.event.special[q]||{},f||!l.trigger||l.trigger.apply(e,c)!==!1)){if(!f&&!l.noBubble&&!n.isWindow(e)){for(j=l.delegateType||q,na.test(j+q)||(i=i.parentNode);i;i=i.parentNode)p.push(i),m=i;m===(e.ownerDocument||d)&&p.push(m.defaultView||m.parentWindow||a)}o=0;while((i=p[o++])&&!b.isPropagationStopped())b.type=o>1?j:l.bindType||q,g=(n._data(i,"events")||{})[b.type]&&n._data(i,"handle"),g&&g.apply(i,c),g=h&&i[h],g&&g.apply&&M(i)&&(b.result=g.apply(i,c),b.result===!1&&b.preventDefault());if(b.type=q,!f&&!b.isDefaultPrevented()&&(!l._default||l._default.apply(p.pop(),c)===!1)&&M(e)&&h&&e[q]&&!n.isWindow(e)){m=e[h],m&&(e[h]=null),n.event.triggered=q;try{e[q]()}catch(s){}n.event.triggered=void 0,m&&(e[h]=m)}return b.result}},dispatch:function(a){a=n.event.fix(a);var b,c,d,f,g,h=[],i=e.call(arguments),j=(n._data(this,"events")||{})[a.type]||[],k=n.event.special[a.type]||{};if(i[0]=a,a.delegateTarget=this,!k.preDispatch||k.preDispatch.call(this,a)!==!1){h=n.event.handlers.call(this,a,j),b=0;while((f=h[b++])&&!a.isPropagationStopped()){a.currentTarget=f.elem,c=0;while((g=f.handlers[c++])&&!a.isImmediatePropagationStopped())a.rnamespace&&!a.rnamespace.test(g.namespace)||(a.handleObj=g,a.data=g.data,d=((n.event.special[g.origType]||{}).handle||g.handler).apply(f.elem,i),void 0!==d&&(a.result=d)===!1&&(a.preventDefault(),a.stopPropagation()))}return k.postDispatch&&k.postDispatch.call(this,a),a.result}},handlers:function(a,b){var c,d,e,f,g=[],h=b.delegateCount,i=a.target;if(h&&i.nodeType&&("click"!==a.type||isNaN(a.button)||a.button<1))for(;i!=this;i=i.parentNode||this)if(1===i.nodeType&&(i.disabled!==!0||"click"!==a.type)){for(d=[],c=0;h>c;c++)f=b[c],e=f.selector+" ",void 0===d[e]&&(d[e]=f.needsContext?n(e,this).index(i)>-1:n.find(e,this,null,[i]).length),d[e]&&d.push(f);d.length&&g.push({elem:i,handlers:d})}return h<b.length&&g.push({elem:this,handlers:b.slice(h)}),g},fix:function(a){if(a[n.expando])return a;var b,c,e,f=a.type,g=a,h=this.fixHooks[f];h||(this.fixHooks[f]=h=ma.test(f)?this.mouseHooks:la.test(f)?this.keyHooks:{}),e=h.props?this.props.concat(h.props):this.props,a=new n.Event(g),b=e.length;while(b--)c=e[b],a[c]=g[c];return a.target||(a.target=g.srcElement||d),3===a.target.nodeType&&(a.target=a.target.parentNode),a.metaKey=!!a.metaKey,h.filter?h.filter(a,g):a},props:"altKey bubbles cancelable ctrlKey currentTarget detail eventPhase metaKey relatedTarget shiftKey target timeStamp view which".split(" "),fixHooks:{},keyHooks:{props:"char charCode key keyCode".split(" "),filter:function(a,b){return null==a.which&&(a.which=null!=b.charCode?b.charCode:b.keyCode),a}},mouseHooks:{props:"button buttons clientX clientY fromElement offsetX offsetY pageX pageY screenX screenY toElement".split(" "),filter:function(a,b){var c,e,f,g=b.button,h=b.fromElement;return null==a.pageX&&null!=b.clientX&&(e=a.target.ownerDocument||d,f=e.documentElement,c=e.body,a.pageX=b.clientX+(f&&f.scrollLeft||c&&c.scrollLeft||0)-(f&&f.clientLeft||c&&c.clientLeft||0),a.pageY=b.clientY+(f&&f.scrollTop||c&&c.scrollTop||0)-(f&&f.clientTop||c&&c.clientTop||0)),!a.relatedTarget&&h&&(a.relatedTarget=h===a.target?b.toElement:h),a.which||void 0===g||(a.which=1&g?1:2&g?3:4&g?2:0),a}},special:{load:{noBubble:!0},focus:{trigger:function(){if(this!==ra()&&this.focus)try{return this.focus(),!1}catch(a){}},delegateType:"focusin"},blur:{trigger:function(){return this===ra()&&this.blur?(this.blur(),!1):void 0},delegateType:"focusout"},click:{trigger:function(){return n.nodeName(this,"input")&&"checkbox"===this.type&&this.click?(this.click(),!1):void 0},_default:function(a){return n.nodeName(a.target,"a")}},beforeunload:{postDispatch:function(a){void 0!==a.result&&a.originalEvent&&(a.originalEvent.returnValue=a.result)}}},simulate:function(a,b,c){var d=n.extend(new n.Event,c,{type:a,isSimulated:!0});n.event.trigger(d,null,b),d.isDefaultPrevented()&&c.preventDefault()}},n.removeEvent=d.removeEventListener?function(a,b,c){a.removeEventListener&&a.removeEventListener(b,c)}:function(a,b,c){var d="on"+b;a.detachEvent&&("undefined"==typeof a[d]&&(a[d]=null),a.detachEvent(d,c))},n.Event=function(a,b){return this instanceof n.Event?(a&&a.type?(this.originalEvent=a,this.type=a.type,this.isDefaultPrevented=a.defaultPrevented||void 0===a.defaultPrevented&&a.returnValue===!1?pa:qa):this.type=a,b&&n.extend(this,b),this.timeStamp=a&&a.timeStamp||n.now(),void(this[n.expando]=!0)):new n.Event(a,b)},n.Event.prototype={constructor:n.Event,isDefaultPrevented:qa,isPropagationStopped:qa,isImmediatePropagationStopped:qa,preventDefault:function(){var a=this.originalEvent;this.isDefaultPrevented=pa,a&&(a.preventDefault?a.preventDefault():a.returnValue=!1)},stopPropagation:function(){var a=this.originalEvent;this.isPropagationStopped=pa,a&&!this.isSimulated&&(a.stopPropagation&&a.stopPropagation(),a.cancelBubble=!0)},stopImmediatePropagation:function(){var a=this.originalEvent;this.isImmediatePropagationStopped=pa,a&&a.stopImmediatePropagation&&a.stopImmediatePropagation(),this.stopPropagation()}},n.each({mouseenter:"mouseover",mouseleave:"mouseout",pointerenter:"pointerover",pointerleave:"pointerout"},function(a,b){n.event.special[a]={delegateType:b,bindType:b,handle:function(a){var c,d=this,e=a.relatedTarget,f=a.handleObj;return e&&(e===d||n.contains(d,e))||(a.type=f.origType,c=f.handler.apply(this,arguments),a.type=b),c}}}),l.submit||(n.event.special.submit={setup:function(){return n.nodeName(this,"form")?!1:void n.event.add(this,"click._submit keypress._submit",function(a){var b=a.target,c=n.nodeName(b,"input")||n.nodeName(b,"button")?n.prop(b,"form"):void 0;c&&!n._data(c,"submit")&&(n.event.add(c,"submit._submit",function(a){a._submitBubble=!0}),n._data(c,"submit",!0))})},postDispatch:function(a){a._submitBubble&&(delete a._submitBubble,this.parentNode&&!a.isTrigger&&n.event.simulate("submit",this.parentNode,a))},teardown:function(){return n.nodeName(this,"form")?!1:void n.event.remove(this,"._submit")}}),l.change||(n.event.special.change={setup:function(){return ka.test(this.nodeName)?("checkbox"!==this.type&&"radio"!==this.type||(n.event.add(this,"propertychange._change",function(a){"checked"===a.originalEvent.propertyName&&(this._justChanged=!0)}),n.event.add(this,"click._change",function(a){this._justChanged&&!a.isTrigger&&(this._justChanged=!1),n.event.simulate("change",this,a)})),!1):void n.event.add(this,"beforeactivate._change",function(a){var b=a.target;ka.test(b.nodeName)&&!n._data(b,"change")&&(n.event.add(b,"change._change",function(a){!this.parentNode||a.isSimulated||a.isTrigger||n.event.simulate("change",this.parentNode,a)}),n._data(b,"change",!0))})},handle:function(a){var b=a.target;return this!==b||a.isSimulated||a.isTrigger||"radio"!==b.type&&"checkbox"!==b.type?a.handleObj.handler.apply(this,arguments):void 0},teardown:function(){return n.event.remove(this,"._change"),!ka.test(this.nodeName)}}),l.focusin||n.each({focus:"focusin",blur:"focusout"},function(a,b){var c=function(a){n.event.simulate(b,a.target,n.event.fix(a))};n.event.special[b]={setup:function(){var d=this.ownerDocument||this,e=n._data(d,b);e||d.addEventListener(a,c,!0),n._data(d,b,(e||0)+1)},teardown:function(){var d=this.ownerDocument||this,e=n._data(d,b)-1;e?n._data(d,b,e):(d.removeEventListener(a,c,!0),n._removeData(d,b))}}}),n.fn.extend({on:function(a,b,c,d){return sa(this,a,b,c,d)},one:function(a,b,c,d){return sa(this,a,b,c,d,1)},off:function(a,b,c){var d,e;if(a&&a.preventDefault&&a.handleObj)return d=a.handleObj,n(a.delegateTarget).off(d.namespace?d.origType+"."+d.namespace:d.origType,d.selector,d.handler),this;if("object"==typeof a){for(e in a)this.off(e,b,a[e]);return this}return b!==!1&&"function"!=typeof b||(c=b,b=void 0),c===!1&&(c=qa),this.each(function(){n.event.remove(this,a,c,b)})},trigger:function(a,b){return this.each(function(){n.event.trigger(a,b,this)})},triggerHandler:function(a,b){var c=this[0];return c?n.event.trigger(a,b,c,!0):void 0}});var ta=/ jQuery\d+="(?:null|\d+)"/g,ua=new RegExp("<(?:"+ba+")[\\s/>]","i"),va=/<(?!area|br|col|embed|hr|img|input|link|meta|param)(([\w:-]+)[^>]*)\/>/gi,wa=/<script|<style|<link/i,xa=/checked\s*(?:[^=]|=\s*.checked.)/i,ya=/^true\/(.*)/,za=/^\s*<!(?:\[CDATA\[|--)|(?:\]\]|--)>\s*$/g,Aa=ca(d),Ba=Aa.appendChild(d.createElement("div"));function Ca(a,b){return n.nodeName(a,"table")&&n.nodeName(11!==b.nodeType?b:b.firstChild,"tr")?a.getElementsByTagName("tbody")[0]||a.appendChild(a.ownerDocument.createElement("tbody")):a}function Da(a){return a.type=(null!==n.find.attr(a,"type"))+"/"+a.type,a}function Ea(a){var b=ya.exec(a.type);return b?a.type=b[1]:a.removeAttribute("type"),a}function Fa(a,b){if(1===b.nodeType&&n.hasData(a)){var c,d,e,f=n._data(a),g=n._data(b,f),h=f.events;if(h){delete g.handle,g.events={};for(c in h)for(d=0,e=h[c].length;e>d;d++)n.event.add(b,c,h[c][d])}g.data&&(g.data=n.extend({},g.data))}}function Ga(a,b){var c,d,e;if(1===b.nodeType){if(c=b.nodeName.toLowerCase(),!l.noCloneEvent&&b[n.expando]){e=n._data(b);for(d in e.events)n.removeEvent(b,d,e.handle);b.removeAttribute(n.expando)}"script"===c&&b.text!==a.text?(Da(b).text=a.text,Ea(b)):"object"===c?(b.parentNode&&(b.outerHTML=a.outerHTML),l.html5Clone&&a.innerHTML&&!n.trim(b.innerHTML)&&(b.innerHTML=a.innerHTML)):"input"===c&&Z.test(a.type)?(b.defaultChecked=b.checked=a.checked,b.value!==a.value&&(b.value=a.value)):"option"===c?b.defaultSelected=b.selected=a.defaultSelected:"input"!==c&&"textarea"!==c||(b.defaultValue=a.defaultValue)}}function Ha(a,b,c,d){b=f.apply([],b);var e,g,h,i,j,k,m=0,o=a.length,p=o-1,q=b[0],r=n.isFunction(q);if(r||o>1&&"string"==typeof q&&!l.checkClone&&xa.test(q))return a.each(function(e){var f=a.eq(e);r&&(b[0]=q.call(this,e,f.html())),Ha(f,b,c,d)});if(o&&(k=ja(b,a[0].ownerDocument,!1,a,d),e=k.firstChild,1===k.childNodes.length&&(k=e),e||d)){for(i=n.map(ea(k,"script"),Da),h=i.length;o>m;m++)g=k,m!==p&&(g=n.clone(g,!0,!0),h&&n.merge(i,ea(g,"script"))),c.call(a[m],g,m);if(h)for(j=i[i.length-1].ownerDocument,n.map(i,Ea),m=0;h>m;m++)g=i[m],_.test(g.type||"")&&!n._data(g,"globalEval")&&n.contains(j,g)&&(g.src?n._evalUrl&&n._evalUrl(g.src):n.globalEval((g.text||g.textContent||g.innerHTML||"").replace(za,"")));k=e=null}return a}function Ia(a,b,c){for(var d,e=b?n.filter(b,a):a,f=0;null!=(d=e[f]);f++)c||1!==d.nodeType||n.cleanData(ea(d)),d.parentNode&&(c&&n.contains(d.ownerDocument,d)&&fa(ea(d,"script")),d.parentNode.removeChild(d));return a}n.extend({htmlPrefilter:function(a){return a.replace(va,"<$1></$2>")},clone:function(a,b,c){var d,e,f,g,h,i=n.contains(a.ownerDocument,a);if(l.html5Clone||n.isXMLDoc(a)||!ua.test("<"+a.nodeName+">")?f=a.cloneNode(!0):(Ba.innerHTML=a.outerHTML,Ba.removeChild(f=Ba.firstChild)),!(l.noCloneEvent&&l.noCloneChecked||1!==a.nodeType&&11!==a.nodeType||n.isXMLDoc(a)))for(d=ea(f),h=ea(a),g=0;null!=(e=h[g]);++g)d[g]&&Ga(e,d[g]);if(b)if(c)for(h=h||ea(a),d=d||ea(f),g=0;null!=(e=h[g]);g++)Fa(e,d[g]);else Fa(a,f);return d=ea(f,"script"),d.length>0&&fa(d,!i&&ea(a,"script")),d=h=e=null,f},cleanData:function(a,b){for(var d,e,f,g,h=0,i=n.expando,j=n.cache,k=l.attributes,m=n.event.special;null!=(d=a[h]);h++)if((b||M(d))&&(f=d[i],g=f&&j[f])){if(g.events)for(e in g.events)m[e]?n.event.remove(d,e):n.removeEvent(d,e,g.handle);j[f]&&(delete j[f],k||"undefined"==typeof d.removeAttribute?d[i]=void 0:d.removeAttribute(i),c.push(f))}}}),n.fn.extend({domManip:Ha,detach:function(a){return Ia(this,a,!0)},remove:function(a){return Ia(this,a)},text:function(a){return Y(this,function(a){return void 0===a?n.text(this):this.empty().append((this[0]&&this[0].ownerDocument||d).createTextNode(a))},null,a,arguments.length)},append:function(){return Ha(this,arguments,function(a){if(1===this.nodeType||11===this.nodeType||9===this.nodeType){var b=Ca(this,a);b.appendChild(a)}})},prepend:function(){return Ha(this,arguments,function(a){if(1===this.nodeType||11===this.nodeType||9===this.nodeType){var b=Ca(this,a);b.insertBefore(a,b.firstChild)}})},before:function(){return Ha(this,arguments,function(a){this.parentNode&&this.parentNode.insertBefore(a,this)})},after:function(){return Ha(this,arguments,function(a){this.parentNode&&this.parentNode.insertBefore(a,this.nextSibling)})},empty:function(){for(var a,b=0;null!=(a=this[b]);b++){1===a.nodeType&&n.cleanData(ea(a,!1));while(a.firstChild)a.removeChild(a.firstChild);a.options&&n.nodeName(a,"select")&&(a.options.length=0)}return this},clone:function(a,b){return a=null==a?!1:a,b=null==b?a:b,this.map(function(){return n.clone(this,a,b)})},html:function(a){return Y(this,function(a){var b=this[0]||{},c=0,d=this.length;if(void 0===a)return 1===b.nodeType?b.innerHTML.replace(ta,""):void 0;if("string"==typeof a&&!wa.test(a)&&(l.htmlSerialize||!ua.test(a))&&(l.leadingWhitespace||!aa.test(a))&&!da[($.exec(a)||["",""])[1].toLowerCase()]){a=n.htmlPrefilter(a);try{for(;d>c;c++)b=this[c]||{},1===b.nodeType&&(n.cleanData(ea(b,!1)),b.innerHTML=a);b=0}catch(e){}}b&&this.empty().append(a)},null,a,arguments.length)},replaceWith:function(){var a=[];return Ha(this,arguments,function(b){var c=this.parentNode;n.inArray(this,a)<0&&(n.cleanData(ea(this)),c&&c.replaceChild(b,this))},a)}}),n.each({appendTo:"append",prependTo:"prepend",insertBefore:"before",insertAfter:"after",replaceAll:"replaceWith"},function(a,b){n.fn[a]=function(a){for(var c,d=0,e=[],f=n(a),h=f.length-1;h>=d;d++)c=d===h?this:this.clone(!0),n(f[d])[b](c),g.apply(e,c.get());return this.pushStack(e)}});var Ja,Ka={HTML:"block",BODY:"block"};function La(a,b){var c=n(b.createElement(a)).appendTo(b.body),d=n.css(c[0],"display");return c.detach(),d}function Ma(a){var b=d,c=Ka[a];return c||(c=La(a,b),"none"!==c&&c||(Ja=(Ja||n("<iframe frameborder='0' width='0' height='0'/>")).appendTo(b.documentElement),b=(Ja[0].contentWindow||Ja[0].contentDocument).document,b.write(),b.close(),c=La(a,b),Ja.detach()),Ka[a]=c),c}var Na=/^margin/,Oa=new RegExp("^("+T+")(?!px)[a-z%]+$","i"),Pa=function(a,b,c,d){var e,f,g={};for(f in b)g[f]=a.style[f],a.style[f]=b[f];e=c.apply(a,d||[]);for(f in b)a.style[f]=g[f];return e},Qa=d.documentElement;!function(){var b,c,e,f,g,h,i=d.createElement("div"),j=d.createElement("div");if(j.style){j.style.cssText="float:left;opacity:.5",l.opacity="0.5"===j.style.opacity,l.cssFloat=!!j.style.cssFloat,j.style.backgroundClip="content-box",j.cloneNode(!0).style.backgroundClip="",l.clearCloneStyle="content-box"===j.style.backgroundClip,i=d.createElement("div"),i.style.cssText="border:0;width:8px;height:0;top:0;left:-9999px;padding:0;margin-top:1px;position:absolute",j.innerHTML="",i.appendChild(j),l.boxSizing=""===j.style.boxSizing||""===j.style.MozBoxSizing||""===j.style.WebkitBoxSizing,n.extend(l,{reliableHiddenOffsets:function(){return null==b&&k(),f},boxSizingReliable:function(){return null==b&&k(),e},pixelMarginRight:function(){return null==b&&k(),c},pixelPosition:function(){return null==b&&k(),b},reliableMarginRight:function(){return null==b&&k(),g},reliableMarginLeft:function(){return null==b&&k(),h}});function k(){var k,l,m=d.documentElement;m.appendChild(i),j.style.cssText="-webkit-box-sizing:border-box;box-sizing:border-box;position:relative;display:block;margin:auto;border:1px;padding:1px;top:1%;width:50%",b=e=h=!1,c=g=!0,a.getComputedStyle&&(l=a.getComputedStyle(j),b="1%"!==(l||{}).top,h="2px"===(l||{}).marginLeft,e="4px"===(l||{width:"4px"}).width,j.style.marginRight="50%",c="4px"===(l||{marginRight:"4px"}).marginRight,k=j.appendChild(d.createElement("div")),k.style.cssText=j.style.cssText="-webkit-box-sizing:content-box;-moz-box-sizing:content-box;box-sizing:content-box;display:block;margin:0;border:0;padding:0",k.style.marginRight=k.style.width="0",j.style.width="1px",g=!parseFloat((a.getComputedStyle(k)||{}).marginRight),j.removeChild(k)),j.style.display="none",f=0===j.getClientRects().length,f&&(j.style.display="",j.innerHTML="<table><tr><td></td><td>t</td></tr></table>",j.childNodes[0].style.borderCollapse="separate",k=j.getElementsByTagName("td"),k[0].style.cssText="margin:0;border:0;padding:0;display:none",f=0===k[0].offsetHeight,f&&(k[0].style.display="",k[1].style.display="none",f=0===k[0].offsetHeight)),m.removeChild(i)}}}();var Ra,Sa,Ta=/^(top|right|bottom|left)$/;a.getComputedStyle?(Ra=function(b){var c=b.ownerDocument.defaultView;return c&&c.opener||(c=a),c.getComputedStyle(b)},Sa=function(a,b,c){var d,e,f,g,h=a.style;return c=c||Ra(a),g=c?c.getPropertyValue(b)||c[b]:void 0,""!==g&&void 0!==g||n.contains(a.ownerDocument,a)||(g=n.style(a,b)),c&&!l.pixelMarginRight()&&Oa.test(g)&&Na.test(b)&&(d=h.width,e=h.minWidth,f=h.maxWidth,h.minWidth=h.maxWidth=h.width=g,g=c.width,h.width=d,h.minWidth=e,h.maxWidth=f),void 0===g?g:g+""}):Qa.currentStyle&&(Ra=function(a){return a.currentStyle},Sa=function(a,b,c){var d,e,f,g,h=a.style;return c=c||Ra(a),g=c?c[b]:void 0,null==g&&h&&h[b]&&(g=h[b]),Oa.test(g)&&!Ta.test(b)&&(d=h.left,e=a.runtimeStyle,f=e&&e.left,f&&(e.left=a.currentStyle.left),h.left="fontSize"===b?"1em":g,g=h.pixelLeft+"px",h.left=d,f&&(e.left=f)),void 0===g?g:g+""||"auto"});function Ua(a,b){return{get:function(){return a()?void delete this.get:(this.get=b).apply(this,arguments)}}}var Va=/alpha$[^)]*$/i,Wa=/opacity\s*=\s*([^)]*)/i,Xa=/^(none|table(?!-c[ea]).+)/,Ya=new RegExp("^("+T+")(.*)$","i"),Za={position:"absolute",visibility:"hidden",display:"block"},$a={letterSpacing:"0",fontWeight:"400"},_a=["Webkit","O","Moz","ms"],ab=d.createElement("div").style;function bb(a){if(a in ab)return a;var b=a.charAt(0).toUpperCase()+a.slice(1),c=_a.length;while(c--)if(a=_a[c]+b,a in ab)return a}function cb(a,b){for(var c,d,e,f=[],g=0,h=a.length;h>g;g++)d=a[g],d.style&&(f[g]=n._data(d,"olddisplay"),c=d.style.display,b?(f[g]||"none"!==c||(d.style.display=""),""===d.style.display&&W(d)&&(f[g]=n._data(d,"olddisplay",Ma(d.nodeName)))):(e=W(d),(c&&"none"!==c||!e)&&n._data(d,"olddisplay",e?c:n.css(d,"display"))));for(g=0;h>g;g++)d=a[g],d.style&&(b&&"none"!==d.style.display&&""!==d.style.display||(d.style.display=b?f[g]||"":"none"));return a}function db(a,b,c){var d=Ya.exec(b);return d?Math.max(0,d[1]-(c||0))+(d[2]||"px"):b}function eb(a,b,c,d,e){for(var f=c===(d?"border":"content")?4:"width"===b?1:0,g=0;4>f;f+=2)"margin"===c&&(g+=n.css(a,c+V[f],!0,e)),d?("content"===c&&(g-=n.css(a,"padding"+V[f],!0,e)),"margin"!==c&&(g-=n.css(a,"border"+V[f]+"Width",!0,e))):(g+=n.css(a,"padding"+V[f],!0,e),"padding"!==c&&(g+=n.css(a,"border"+V[f]+"Width",!0,e)));return g}function fb(a,b,c){var d=!0,e="width"===b?a.offsetWidth:a.offsetHeight,f=Ra(a),g=l.boxSizing&&"border-box"===n.css(a,"boxSizing",!1,f);if(0>=e||null==e){if(e=Sa(a,b,f),(0>e||null==e)&&(e=a.style[b]),Oa.test(e))return e;d=g&&(l.boxSizingReliable()||e===a.style[b]),e=parseFloat(e)||0}return e+eb(a,b,c||(g?"border":"content"),d,f)+"px"}n.extend({cssHooks:{opacity:{get:function(a,b){if(b){var c=Sa(a,"opacity");return""===c?"1":c}}}},cssNumber:{animationIterationCount:!0,columnCount:!0,fillOpacity:!0,flexGrow:!0,flexShrink:!0,fontWeight:!0,lineHeight:!0,opacity:!0,order:!0,orphans:!0,widows:!0,zIndex:!0,zoom:!0},cssProps:{"float":l.cssFloat?"cssFloat":"styleFloat"},style:function(a,b,c,d){if(a&&3!==a.nodeType&&8!==a.nodeType&&a.style){var e,f,g,h=n.camelCase(b),i=a.style;if(b=n.cssProps[h]||(n.cssProps[h]=bb(h)||h),g=n.cssHooks[b]||n.cssHooks[h],void 0===c)return g&&"get"in g&&void 0!==(e=g.get(a,!1,d))?e:i[b];if(f=typeof c,"string"===f&&(e=U.exec(c))&&e[1]&&(c=X(a,b,e),f="number"),null!=c&&c===c&&("number"===f&&(c+=e&&e[3]||(n.cssNumber[h]?"":"px")),l.clearCloneStyle||""!==c||0!==b.indexOf("background")||(i[b]="inherit"),!(g&&"set"in g&&void 0===(c=g.set(a,c,d)))))try{i[b]=c}catch(j){}}},css:function(a,b,c,d){var e,f,g,h=n.camelCase(b);return b=n.cssProps[h]||(n.cssProps[h]=bb(h)||h),g=n.cssHooks[b]||n.cssHooks[h],g&&"get"in g&&(f=g.get(a,!0,c)),void 0===f&&(f=Sa(a,b,d)),"normal"===f&&b in $a&&(f=$a[b]),""===c||c?(e=parseFloat(f),c===!0||isFinite(e)?e||0:f):f}}),n.each(["height","width"],function(a,b){n.cssHooks[b]={get:function(a,c,d){return c?Xa.test(n.css(a,"display"))&&0===a.offsetWidth?Pa(a,Za,function(){return fb(a,b,d)}):fb(a,b,d):void 0},set:function(a,c,d){var e=d&&Ra(a);return db(a,c,d?eb(a,b,d,l.boxSizing&&"border-box"===n.css(a,"boxSizing",!1,e),e):0)}}}),l.opacity||(n.cssHooks.opacity={get:function(a,b){return Wa.test((b&&a.currentStyle?a.currentStyle.filter:a.style.filter)||"")?.01*parseFloat(RegExp.$1)+"":b?"1":""},set:function(a,b){var c=a.style,d=a.currentStyle,e=n.isNumeric(b)?"alpha(opacity="+100*b+")":"",f=d&&d.filter||c.filter||"";c.zoom=1,(b>=1||""===b)&&""===n.trim(f.replace(Va,""))&&c.removeAttribute&&(c.removeAttribute("filter"),""===b||d&&!d.filter)||(c.filter=Va.test(f)?f.replace(Va,e):f+" "+e)}}),n.cssHooks.marginRight=Ua(l.reliableMarginRight,function(a,b){return b?Pa(a,{display:"inline-block"},Sa,[a,"marginRight"]):void 0}),n.cssHooks.marginLeft=Ua(l.reliableMarginLeft,function(a,b){return b?(parseFloat(Sa(a,"marginLeft"))||(n.contains(a.ownerDocument,a)?a.getBoundingClientRect().left-Pa(a,{
>marginLeft:0},function(){return a.getBoundingClientRect().left}):0))+"px":void 0}),n.each({margin:"",padding:"",border:"Width"},function(a,b){n.cssHooks[a+b]={expand:function(c){for(var d=0,e={},f="string"==typeof c?c.split(" "):[c];4>d;d++)e[a+V[d]+b]=f[d]||f[d-2]||f[0];return e}},Na.test(a)||(n.cssHooks[a+b].set=db)}),n.fn.extend({css:function(a,b){return Y(this,function(a,b,c){var d,e,f={},g=0;if(n.isArray(b)){for(d=Ra(a),e=b.length;e>g;g++)f[b[g]]=n.css(a,b[g],!1,d);return f}return void 0!==c?n.style(a,b,c):n.css(a,b)},a,b,arguments.length>1)},show:function(){return cb(this,!0)},hide:function(){return cb(this)},toggle:function(a){return"boolean"==typeof a?a?this.show():this.hide():this.each(function(){W(this)?n(this).show():n(this).hide()})}});function gb(a,b,c,d,e){return new gb.prototype.init(a,b,c,d,e)}n.Tween=gb,gb.prototype={constructor:gb,init:function(a,b,c,d,e,f){this.elem=a,this.prop=c,this.easing=e||n.easing._default,this.options=b,this.start=this.now=this.cur(),this.end=d,this.unit=f||(n.cssNumber[c]?"":"px")},cur:function(){var a=gb.propHooks[this.prop];return a&&a.get?a.get(this):gb.propHooks._default.get(this)},run:function(a){var b,c=gb.propHooks[this.prop];return this.options.duration?this.pos=b=n.easing[this.easing](a,this.options.duration*a,0,1,this.options.duration):this.pos=b=a,this.now=(this.end-this.start)*b+this.start,this.options.step&&this.options.step.call(this.elem,this.now,this),c&&c.set?c.set(this):gb.propHooks._default.set(this),this}},gb.prototype.init.prototype=gb.prototype,gb.propHooks={_default:{get:function(a){var b;return 1!==a.elem.nodeType||null!=a.elem[a.prop]&&null==a.elem.style[a.prop]?a.elem[a.prop]:(b=n.css(a.elem,a.prop,""),b&&"auto"!==b?b:0)},set:function(a){n.fx.step[a.prop]?n.fx.step[a.prop](a):1!==a.elem.nodeType||null==a.elem.style[n.cssProps[a.prop]]&&!n.cssHooks[a.prop]?a.elem[a.prop]=a.now:n.style(a.elem,a.prop,a.now+a.unit)}}},gb.propHooks.scrollTop=gb.propHooks.scrollLeft={set:function(a){a.elem.nodeType&&a.elem.parentNode&&(a.elem[a.prop]=a.now)}},n.easing={linear:function(a){return a},swing:function(a){return.5-Math.cos(a*Math.PI)/2},_default:"swing"},n.fx=gb.prototype.init,n.fx.step={};var hb,ib,jb=/^(?:toggle|show|hide)$/,kb=/queueHooks$/;function lb(){return a.setTimeout(function(){hb=void 0}),hb=n.now()}function mb(a,b){var c,d={height:a},e=0;for(b=b?1:0;4>e;e+=2-b)c=V[e],d["margin"+c]=d["padding"+c]=a;return b&&(d.opacity=d.width=a),d}function nb(a,b,c){for(var d,e=(qb.tweeners[b]||[]).concat(qb.tweeners["*"]),f=0,g=e.length;g>f;f++)if(d=e[f].call(c,b,a))return d}function ob(a,b,c){var d,e,f,g,h,i,j,k,m=this,o={},p=a.style,q=a.nodeType&&W(a),r=n._data(a,"fxshow");c.queue||(h=n._queueHooks(a,"fx"),null==h.unqueued&&(h.unqueued=0,i=h.empty.fire,h.empty.fire=function(){h.unqueued||i()}),h.unqueued++,m.always(function(){m.always(function(){h.unqueued--,n.queue(a,"fx").length||h.empty.fire()})})),1===a.nodeType&&("height"in b||"width"in b)&&(c.overflow=[p.overflow,p.overflowX,p.overflowY],j=n.css(a,"display"),k="none"===j?n._data(a,"olddisplay")||Ma(a.nodeName):j,"inline"===k&&"none"===n.css(a,"float")&&(l.inlineBlockNeedsLayout&&"inline"!==Ma(a.nodeName)?p.zoom=1:p.display="inline-block")),c.overflow&&(p.overflow="hidden",l.shrinkWrapBlocks()||m.always(function(){p.overflow=c.overflow[0],p.overflowX=c.overflow[1],p.overflowY=c.overflow[2]}));for(d in b)if(e=b[d],jb.exec(e)){if(delete b[d],f=f||"toggle"===e,e===(q?"hide":"show")){if("show"!==e||!r||void 0===r[d])continue;q=!0}o[d]=r&&r[d]||n.style(a,d)}else j=void 0;if(n.isEmptyObject(o))"inline"===("none"===j?Ma(a.nodeName):j)&&(p.display=j);else{r?"hidden"in r&&(q=r.hidden):r=n._data(a,"fxshow",{}),f&&(r.hidden=!q),q?n(a).show():m.done(function(){n(a).hide()}),m.done(function(){var b;n._removeData(a,"fxshow");for(b in o)n.style(a,b,o[b])});for(d in o)g=nb(q?r[d]:0,d,m),d in r||(r[d]=g.start,q&&(g.end=g.start,g.start="width"===d||"height"===d?1:0))}}function pb(a,b){var c,d,e,f,g;for(c in a)if(d=n.camelCase(c),e=b[d],f=a[c],n.isArray(f)&&(e=f[1],f=a[c]=f[0]),c!==d&&(a[d]=f,delete a[c]),g=n.cssHooks[d],g&&"expand"in g){f=g.expand(f),delete a[d];for(c in f)c in a||(a[c]=f[c],b[c]=e)}else b[d]=e}function qb(a,b,c){var d,e,f=0,g=qb.prefilters.length,h=n.Deferred().always(function(){delete i.elem}),i=function(){if(e)return!1;for(var b=hb||lb(),c=Math.max(0,j.startTime+j.duration-b),d=c/j.duration||0,f=1-d,g=0,i=j.tweens.length;i>g;g++)j.tweens[g].run(f);return h.notifyWith(a,[j,f,c]),1>f&&i?c:(h.resolveWith(a,[j]),!1)},j=h.promise({elem:a,props:n.extend({},b),opts:n.extend(!0,{specialEasing:{},easing:n.easing._default},c),originalProperties:b,originalOptions:c,startTime:hb||lb(),duration:c.duration,tweens:[],createTween:function(b,c){var d=n.Tween(a,j.opts,b,c,j.opts.specialEasing[b]||j.opts.easing);return j.tweens.push(d),d},stop:function(b){var c=0,d=b?j.tweens.length:0;if(e)return this;for(e=!0;d>c;c++)j.tweens[c].run(1);return b?(h.notifyWith(a,[j,1,0]),h.resolveWith(a,[j,b])):h.rejectWith(a,[j,b]),this}}),k=j.props;for(pb(k,j.opts.specialEasing);g>f;f++)if(d=qb.prefilters[f].call(j,a,k,j.opts))return n.isFunction(d.stop)&&(n._queueHooks(j.elem,j.opts.queue).stop=n.proxy(d.stop,d)),d;return n.map(k,nb,j),n.isFunction(j.opts.start)&&j.opts.start.call(a,j),n.fx.timer(n.extend(i,{elem:a,anim:j,queue:j.opts.queue})),j.progress(j.opts.progress).done(j.opts.done,j.opts.complete).fail(j.opts.fail).always(j.opts.always)}n.Animation=n.extend(qb,{tweeners:{"*":[function(a,b){var c=this.createTween(a,b);return X(c.elem,a,U.exec(b),c),c}]},tweener:function(a,b){n.isFunction(a)?(b=a,a=["*"]):a=a.match(G);for(var c,d=0,e=a.length;e>d;d++)c=a[d],qb.tweeners[c]=qb.tweeners[c]||[],qb.tweeners[c].unshift(b)},prefilters:[ob],prefilter:function(a,b){b?qb.prefilters.unshift(a):qb.prefilters.push(a)}}),n.speed=function(a,b,c){var d=a&&"object"==typeof a?n.extend({},a):{complete:c||!c&&b||n.isFunction(a)&&a,duration:a,easing:c&&b||b&&!n.isFunction(b)&&b};return d.duration=n.fx.off?0:"number"==typeof d.duration?d.duration:d.duration in n.fx.speeds?n.fx.speeds[d.duration]:n.fx.speeds._default,null!=d.queue&&d.queue!==!0||(d.queue="fx"),d.old=d.complete,d.complete=function(){n.isFunction(d.old)&&d.old.call(this),d.queue&&n.dequeue(this,d.queue)},d},n.fn.extend({fadeTo:function(a,b,c,d){return this.filter(W).css("opacity",0).show().end().animate({opacity:b},a,c,d)},animate:function(a,b,c,d){var e=n.isEmptyObject(a),f=n.speed(b,c,d),g=function(){var b=qb(this,n.extend({},a),f);(e||n._data(this,"finish"))&&b.stop(!0)};return g.finish=g,e||f.queue===!1?this.each(g):this.queue(f.queue,g)},stop:function(a,b,c){var d=function(a){var b=a.stop;delete a.stop,b(c)};return"string"!=typeof a&&(c=b,b=a,a=void 0),b&&a!==!1&&this.queue(a||"fx",[]),this.each(function(){var b=!0,e=null!=a&&a+"queueHooks",f=n.timers,g=n._data(this);if(e)g[e]&&g[e].stop&&d(g[e]);else for(e in g)g[e]&&g[e].stop&&kb.test(e)&&d(g[e]);for(e=f.length;e--;)f[e].elem!==this||null!=a&&f[e].queue!==a||(f[e].anim.stop(c),b=!1,f.splice(e,1));!b&&c||n.dequeue(this,a)})},finish:function(a){return a!==!1&&(a=a||"fx"),this.each(function(){var b,c=n._data(this),d=c[a+"queue"],e=c[a+"queueHooks"],f=n.timers,g=d?d.length:0;for(c.finish=!0,n.queue(this,a,[]),e&&e.stop&&e.stop.call(this,!0),b=f.length;b--;)f[b].elem===this&&f[b].queue===a&&(f[b].anim.stop(!0),f.splice(b,1));for(b=0;g>b;b++)d[b]&&d[b].finish&&d[b].finish.call(this);delete c.finish})}}),n.each(["toggle","show","hide"],function(a,b){var c=n.fn[b];n.fn[b]=function(a,d,e){return null==a||"boolean"==typeof a?c.apply(this,arguments):this.animate(mb(b,!0),a,d,e)}}),n.each({slideDown:mb("show"),slideUp:mb("hide"),slideToggle:mb("toggle"),fadeIn:{opacity:"show"},fadeOut:{opacity:"hide"},fadeToggle:{opacity:"toggle"}},function(a,b){n.fn[a]=function(a,c,d){return this.animate(b,a,c,d)}}),n.timers=[],n.fx.tick=function(){var a,b=n.timers,c=0;for(hb=n.now();c<b.length;c++)a=b[c],a()||b[c]!==a||b.splice(c--,1);b.length||n.fx.stop(),hb=void 0},n.fx.timer=function(a){n.timers.push(a),a()?n.fx.start():n.timers.pop()},n.fx.interval=13,n.fx.start=function(){ib||(ib=a.setInterval(n.fx.tick,n.fx.interval))},n.fx.stop=function(){a.clearInterval(ib),ib=null},n.fx.speeds={slow:600,fast:200,_default:400},n.fn.delay=function(b,c){return b=n.fx?n.fx.speeds[b]||b:b,c=c||"fx",this.queue(c,function(c,d){var e=a.setTimeout(c,b);d.stop=function(){a.clearTimeout(e)}})},function(){var a,b=d.createElement("input"),c=d.createElement("div"),e=d.createElement("select"),f=e.appendChild(d.createElement("option"));c=d.createElement("div"),c.setAttribute("className","t"),c.innerHTML="  <link/><table></table><a href='/a'>a</a><input type='checkbox'/>",a=c.getElementsByTagName("a")[0],b.setAttribute("type","checkbox"),c.appendChild(b),a=c.getElementsByTagName("a")[0],a.style.cssText="top:1px",l.getSetAttribute="t"!==c.className,l.style=/top/.test(a.getAttribute("style")),l.hrefNormalized="/a"===a.getAttribute("href"),l.checkOn=!!b.value,l.optSelected=f.selected,l.enctype=!!d.createElement("form").enctype,e.disabled=!0,l.optDisabled=!f.disabled,b=d.createElement("input"),b.setAttribute("value",""),l.input=""===b.getAttribute("value"),b.value="t",b.setAttribute("type","radio"),l.radioValue="t"===b.value}();var rb=/\r/g,sb=/[\x20\t\r\n\f]+/g;n.fn.extend({val:function(a){var b,c,d,e=this[0];{if(arguments.length)return d=n.isFunction(a),this.each(function(c){var e;1===this.nodeType&&(e=d?a.call(this,c,n(this).val()):a,null==e?e="":"number"==typeof e?e+="":n.isArray(e)&&(e=n.map(e,function(a){return null==a?"":a+""})),b=n.valHooks[this.type]||n.valHooks[this.nodeName.toLowerCase()],b&&"set"in b&&void 0!==b.set(this,e,"value")||(this.value=e))});if(e)return b=n.valHooks[e.type]||n.valHooks[e.nodeName.toLowerCase()],b&&"get"in b&&void 0!==(c=b.get(e,"value"))?c:(c=e.value,"string"==typeof c?c.replace(rb,""):null==c?"":c)}}}),n.extend({valHooks:{option:{get:function(a){var b=n.find.attr(a,"value");return null!=b?b:n.trim(n.text(a)).replace(sb," ")}},select:{get:function(a){for(var b,c,d=a.options,e=a.selectedIndex,f="select-one"===a.type||0>e,g=f?null:[],h=f?e+1:d.length,i=0>e?h:f?e:0;h>i;i++)if(c=d[i],(c.selected||i===e)&&(l.optDisabled?!c.disabled:null===c.getAttribute("disabled"))&&(!c.parentNode.disabled||!n.nodeName(c.parentNode,"optgroup"))){if(b=n(c).val(),f)return b;g.push(b)}return g},set:function(a,b){var c,d,e=a.options,f=n.makeArray(b),g=e.length;while(g--)if(d=e[g],n.inArray(n.valHooks.option.get(d),f)>-1)try{d.selected=c=!0}catch(h){d.scrollHeight}else d.selected=!1;return c||(a.selectedIndex=-1),e}}}}),n.each(["radio","checkbox"],function(){n.valHooks[this]={set:function(a,b){return n.isArray(b)?a.checked=n.inArray(n(a).val(),b)>-1:void 0}},l.checkOn||(n.valHooks[this].get=function(a){return null===a.getAttribute("value")?"on":a.value})});var tb,ub,vb=n.expr.attrHandle,wb=/^(?:checked|selected)$/i,xb=l.getSetAttribute,yb=l.input;n.fn.extend({attr:function(a,b){return Y(this,n.attr,a,b,arguments.length>1)},removeAttr:function(a){return this.each(function(){n.removeAttr(this,a)})}}),n.extend({attr:function(a,b,c){var d,e,f=a.nodeType;if(3!==f&&8!==f&&2!==f)return"undefined"==typeof a.getAttribute?n.prop(a,b,c):(1===f&&n.isXMLDoc(a)||(b=b.toLowerCase(),e=n.attrHooks[b]||(n.expr.match.bool.test(b)?ub:tb)),void 0!==c?null===c?void n.removeAttr(a,b):e&&"set"in e&&void 0!==(d=e.set(a,c,b))?d:(a.setAttribute(b,c+""),c):e&&"get"in e&&null!==(d=e.get(a,b))?d:(d=n.find.attr(a,b),null==d?void 0:d))},attrHooks:{type:{set:function(a,b){if(!l.radioValue&&"radio"===b&&n.nodeName(a,"input")){var c=a.value;return a.setAttribute("type",b),c&&(a.value=c),b}}}},removeAttr:function(a,b){var c,d,e=0,f=b&&b.match(G);if(f&&1===a.nodeType)while(c=f[e++])d=n.propFix[c]||c,n.expr.match.bool.test(c)?yb&&xb||!wb.test(c)?a[d]=!1:a[n.camelCase("default-"+c)]=a[d]=!1:n.attr(a,c,""),a.removeAttribute(xb?c:d)}}),ub={set:function(a,b,c){return b===!1?n.removeAttr(a,c):yb&&xb||!wb.test(c)?a.setAttribute(!xb&&n.propFix[c]||c,c):a[n.camelCase("default-"+c)]=a[c]=!0,c}},n.each(n.expr.match.bool.source.match(/\w+/g),function(a,b){var c=vb[b]||n.find.attr;yb&&xb||!wb.test(b)?vb[b]=function(a,b,d){var e,f;return d||(f=vb[b],vb[b]=e,e=null!=c(a,b,d)?b.toLowerCase():null,vb[b]=f),e}:vb[b]=function(a,b,c){return c?void 0:a[n.camelCase("default-"+b)]?b.toLowerCase():null}}),yb&&xb||(n.attrHooks.value={set:function(a,b,c){return n.nodeName(a,"input")?void(a.defaultValue=b):tb&&tb.set(a,b,c)}}),xb||(tb={set:function(a,b,c){var d=a.getAttributeNode(c);return d||a.setAttributeNode(d=a.ownerDocument.createAttribute(c)),d.value=b+="","value"===c||b===a.getAttribute(c)?b:void 0}},vb.id=vb.name=vb.coords=function(a,b,c){var d;return c?void 0:(d=a.getAttributeNode(b))&&""!==d.value?d.value:null},n.valHooks.button={get:function(a,b){var c=a.getAttributeNode(b);return c&&c.specified?c.value:void 0},set:tb.set},n.attrHooks.contenteditable={set:function(a,b,c){tb.set(a,""===b?!1:b,c)}},n.each(["width","height"],function(a,b){n.attrHooks[b]={set:function(a,c){return""===c?(a.setAttribute(b,"auto"),c):void 0}}})),l.style||(n.attrHooks.style={get:function(a){return a.style.cssText||void 0},set:function(a,b){return a.style.cssText=b+""}});var zb=/^(?:input|select|textarea|button|object)$/i,Ab=/^(?:a|area)$/i;n.fn.extend({prop:function(a,b){return Y(this,n.prop,a,b,arguments.length>1)},removeProp:function(a){return a=n.propFix[a]||a,this.each(function(){try{this[a]=void 0,delete this[a]}catch(b){}})}}),n.extend({prop:function(a,b,c){var d,e,f=a.nodeType;if(3!==f&&8!==f&&2!==f)return 1===f&&n.isXMLDoc(a)||(b=n.propFix[b]||b,e=n.propHooks[b]),void 0!==c?e&&"set"in e&&void 0!==(d=e.set(a,c,b))?d:a[b]=c:e&&"get"in e&&null!==(d=e.get(a,b))?d:a[b]},propHooks:{tabIndex:{get:function(a){var b=n.find.attr(a,"tabindex");return b?parseInt(b,10):zb.test(a.nodeName)||Ab.test(a.nodeName)&&a.href?0:-1}}},propFix:{"for":"htmlFor","class":"className"}}),l.hrefNormalized||n.each(["href","src"],function(a,b){n.propHooks[b]={get:function(a){return a.getAttribute(b,4)}}}),l.optSelected||(n.propHooks.selected={get:function(a){var b=a.parentNode;return b&&(b.selectedIndex,b.parentNode&&b.parentNode.selectedIndex),null},set:function(a){var b=a.parentNode;b&&(b.selectedIndex,b.parentNode&&b.parentNode.selectedIndex)}}),n.each(["tabIndex","readOnly","maxLength","cellSpacing","cellPadding","rowSpan","colSpan","useMap","frameBorder","contentEditable"],function(){n.propFix[this.toLowerCase()]=this}),l.enctype||(n.propFix.enctype="encoding");var Bb=/[\t\r\n\f]/g;function Cb(a){return n.attr(a,"class")||""}n.fn.extend({addClass:function(a){var b,c,d,e,f,g,h,i=0;if(n.isFunction(a))return this.each(function(b){n(this).addClass(a.call(this,b,Cb(this)))});if("string"==typeof a&&a){b=a.match(G)||[];while(c=this[i++])if(e=Cb(c),d=1===c.nodeType&&(" "+e+" ").replace(Bb," ")){g=0;while(f=b[g++])d.indexOf(" "+f+" ")<0&&(d+=f+" ");h=n.trim(d),e!==h&&n.attr(c,"class",h)}}return this},removeClass:function(a){var b,c,d,e,f,g,h,i=0;if(n.isFunction(a))return this.each(function(b){n(this).removeClass(a.call(this,b,Cb(this)))});if(!arguments.length)return this.attr("class","");if("string"==typeof a&&a){b=a.match(G)||[];while(c=this[i++])if(e=Cb(c),d=1===c.nodeType&&(" "+e+" ").replace(Bb," ")){g=0;while(f=b[g++])while(d.indexOf(" "+f+" ")>-1)d=d.replace(" "+f+" "," ");h=n.trim(d),e!==h&&n.attr(c,"class",h)}}return this},toggleClass:function(a,b){var c=typeof a;return"boolean"==typeof b&&"string"===c?b?this.addClass(a):this.removeClass(a):n.isFunction(a)?this.each(function(c){n(this).toggleClass(a.call(this,c,Cb(this),b),b)}):this.each(function(){var b,d,e,f;if("string"===c){d=0,e=n(this),f=a.match(G)||[];while(b=f[d++])e.hasClass(b)?e.removeClass(b):e.addClass(b)}else void 0!==a&&"boolean"!==c||(b=Cb(this),b&&n._data(this,"__className__",b),n.attr(this,"class",b||a===!1?"":n._data(this,"__className__")||""))})},hasClass:function(a){var b,c,d=0;b=" "+a+" ";while(c=this[d++])if(1===c.nodeType&&(" "+Cb(c)+" ").replace(Bb," ").indexOf(b)>-1)return!0;return!1}}),n.each("blur focus focusin focusout load resize scroll unload click dblclick mousedown mouseup mousemove mouseover mouseout mouseenter mouseleave change select submit keydown keypress keyup error contextmenu".split(" "),function(a,b){n.fn[b]=function(a,c){return arguments.length>0?this.on(b,null,a,c):this.trigger(b)}}),n.fn.extend({hover:function(a,b){return this.mouseenter(a).mouseleave(b||a)}});var Db=a.location,Eb=n.now(),Fb=/\?/,Gb=/(,)|(\[|{)|(}|])|"(?:[^"\\\r\n]|\\["\\\/bfnrt]|\\u[\da-fA-F]{4})*"\s*:?|true|false|null|-?(?!0\d)\d+(?:\.\d+|)(?:[eE][+-]?\d+|)/g;n.parseJSON=function(b){if(a.JSON&&a.JSON.parse)return a.JSON.parse(b+"");var c,d=null,e=n.trim(b+"");return e&&!n.trim(e.replace(Gb,function(a,b,e,f){return c&&b&&(d=0),0===d?a:(c=e||b,d+=!f-!e,"")}))?Function("return "+e)():n.error("Invalid JSON: "+b)},n.parseXML=function(b){var c,d;if(!b||"string"!=typeof b)return null;try{a.DOMParser?(d=new a.DOMParser,c=d.parseFromString(b,"text/xml")):(c=new a.ActiveXObject("Microsoft.XMLDOM"),c.async="false",c.loadXML(b))}catch(e){c=void 0}return c&&c.documentElement&&!c.getElementsByTagName("parsererror").length||n.error("Invalid XML: "+b),c};var Hb=/#.*$/,Ib=/([?&])_=[^&]*/,Jb=/^(.*?):[ \t]*([^\r\n]*)\r?$/gm,Kb=/^(?:about|app|app-storage|.+-extension|file|res|widget):$/,Lb=/^(?:GET|HEAD)$/,Mb=/^\/\//,Nb=/^([\w.+-]+:)(?:\/\/(?:[^\/?#]*@|)([^\/?#:]*)(?::(\d+)|)|)/,Ob={},Pb={},Qb="*/".concat("*"),Rb=Db.href,Sb=Nb.exec(Rb.toLowerCase())||[];function Tb(a){return function(b,c){"string"!=typeof b&&(c=b,b="*");var d,e=0,f=b.toLowerCase().match(G)||[];if(n.isFunction(c))while(d=f[e++])"+"===d.charAt(0)?(d=d.slice(1)||"*",(a[d]=a[d]||[]).unshift(c)):(a[d]=a[d]||[]).push(c)}}function Ub(a,b,c,d){var e={},f=a===Pb;function g(h){var i;return e[h]=!0,n.each(a[h]||[],function(a,h){var j=h(b,c,d);return"string"!=typeof j||f||e[j]?f?!(i=j):void 0:(b.dataTypes.unshift(j),g(j),!1)}),i}return g(b.dataTypes[0])||!e["*"]&&g("*")}function Vb(a,b){var c,d,e=n.ajaxSettings.flatOptions||{};for(d in b)void 0!==b[d]&&((e[d]?a:c||(c={}))[d]=b[d]);return c&&n.extend(!0,a,c),a}function Wb(a,b,c){var d,e,f,g,h=a.contents,i=a.dataTypes;while("*"===i[0])i.shift(),void 0===e&&(e=a.mimeType||b.getResponseHeader("Content-Type"));if(e)for(g in h)if(h[g]&&h[g].test(e)){i.unshift(g);break}if(i[0]in c)f=i[0];else{for(g in c){if(!i[0]||a.converters[g+" "+i[0]]){f=g;break}d||(d=g)}f=f||d}return f?(f!==i[0]&&i.unshift(f),c[f]):void 0}function Xb(a,b,c,d){var e,f,g,h,i,j={},k=a.dataTypes.slice();if(k[1])for(g in a.converters)j[g.toLowerCase()]=a.converters[g];f=k.shift();while(f)if(a.responseFields[f]&&(c[a.responseFields[f]]=b),!i&&d&&a.dataFilter&&(b=a.dataFilter(b,a.dataType)),i=f,f=k.shift())if("*"===f)f=i;else if("*"!==i&&i!==f){if(g=j[i+" "+f]||j["* "+f],!g)for(e in j)if(h=e.split(" "),h[1]===f&&(g=j[i+" "+h[0]]||j["* "+h[0]])){g===!0?g=j[e]:j[e]!==!0&&(f=h[0],k.unshift(h[1]));break}if(g!==!0)if(g&&a["throws"])b=g(b);else try{b=g(b)}catch(l){return{state:"parsererror",error:g?l:"No conversion from "+i+" to "+f}}}return{state:"success",data:b}}n.extend({active:0,lastModified:{},etag:{},ajaxSettings:{url:Rb,type:"GET",isLocal:Kb.test(Sb[1]),global:!0,processData:!0,async:!0,contentType:"application/x-www-form-urlencoded; charset=UTF-8",accepts:{"*":Qb,text:"text/plain",html:"text/html",xml:"application/xml, text/xml",json:"application/json, text/javascript"},contents:{xml:/\bxml\b/,html:/\bhtml/,json:/\bjson\b/},responseFields:{xml:"responseXML",text:"responseText",json:"responseJSON"},converters:{"* text":String,"text html":!0,"text json":n.parseJSON,"text xml":n.parseXML},flatOptions:{url:!0,context:!0}},ajaxSetup:function(a,b){return b?Vb(Vb(a,n.ajaxSettings),b):Vb(n.ajaxSettings,a)},ajaxPrefilter:Tb(Ob),ajaxTransport:Tb(Pb),ajax:function(b,c){"object"==typeof b&&(c=b,b=void 0),c=c||{};var d,e,f,g,h,i,j,k,l=n.ajaxSetup({},c),m=l.context||l,o=l.context&&(m.nodeType||m.jquery)?n(m):n.event,p=n.Deferred(),q=n.Callbacks("once memory"),r=l.statusCode||{},s={},t={},u=0,v="canceled",w={readyState:0,getResponseHeader:function(a){var b;if(2===u){if(!k){k={};while(b=Jb.exec(g))k[b[1].toLowerCase()]=b[2]}b=k[a.toLowerCase()]}return null==b?null:b},getAllResponseHeaders:function(){return 2===u?g:null},setRequestHeader:function(a,b){var c=a.toLowerCase();return u||(a=t[c]=t[c]||a,s[a]=b),this},overrideMimeType:function(a){return u||(l.mimeType=a),this},statusCode:function(a){var b;if(a)if(2>u)for(b in a)r[b]=[r[b],a[b]];else w.always(a[w.status]);return this},abort:function(a){var b=a||v;return j&&j.abort(b),y(0,b),this}};if(p.promise(w).complete=q.add,w.success=w.done,w.error=w.fail,l.url=((b||l.url||Rb)+"").replace(Hb,"").replace(Mb,Sb[1]+"//"),l.type=c.method||c.type||l.method||l.type,l.dataTypes=n.trim(l.dataType||"*").toLowerCase().match(G)||[""],null==l.crossDomain&&(d=Nb.exec(l.url.toLowerCase()),l.crossDomain=!(!d||d[1]===Sb[1]&&d[2]===Sb[2]&&(d[3]||("http:"===d[1]?"80":"443"))===(Sb[3]||("http:"===Sb[1]?"80":"443")))),l.data&&l.processData&&"string"!=typeof l.data&&(l.data=n.param(l.data,l.traditional)),Ub(Ob,l,c,w),2===u)return w;i=n.event&&l.global,i&&0===n.active++&&n.event.trigger("ajaxStart"),l.type=l.type.toUpperCase(),l.hasContent=!Lb.test(l.type),f=l.url,l.hasContent||(l.data&&(f=l.url+=(Fb.test(f)?"&":"?")+l.data,delete l.data),l.cache===!1&&(l.url=Ib.test(f)?f.replace(Ib,"$1_="+Eb++):f+(Fb.test(f)?"&":"?")+"_="+Eb++)),l.ifModified&&(n.lastModified[f]&&w.setRequestHeader("If-Modified-Since",n.lastModified[f]),n.etag[f]&&w.setRequestHeader("If-None-Match",n.etag[f])),(l.data&&l.hasContent&&l.contentType!==!1||c.contentType)&&w.setRequestHeader("Content-Type",l.contentType),w.setRequestHeader("Accept",l.dataTypes[0]&&l.accepts[l.dataTypes[0]]?l.accepts[l.dataTypes[0]]+("*"!==l.dataTypes[0]?", "+Qb+"; q=0.01":""):l.accepts["*"]);for(e in l.headers)w.setRequestHeader(e,l.headers[e]);if(l.beforeSend&&(l.beforeSend.call(m,w,l)===!1||2===u))return w.abort();v="abort";for(e in{success:1,error:1,complete:1})w[e](l[e]);if(j=Ub(Pb,l,c,w)){if(w.readyState=1,i&&o.trigger("ajaxSend",[w,l]),2===u)return w;l.async&&l.timeout>0&&(h=a.setTimeout(function(){w.abort("timeout")},l.timeout));try{u=1,j.send(s,y)}catch(x){if(!(2>u))throw x;y(-1,x)}}else y(-1,"No Transport");function y(b,c,d,e){var k,s,t,v,x,y=c;2!==u&&(u=2,h&&a.clearTimeout(h),j=void 0,g=e||"",w.readyState=b>0?4:0,k=b>=200&&300>b||304===b,d&&(v=Wb(l,w,d)),v=Xb(l,v,w,k),k?(l.ifModified&&(x=w.getResponseHeader("Last-Modified"),x&&(n.lastModified[f]=x),x=w.getResponseHeader("etag"),x&&(n.etag[f]=x)),204===b||"HEAD"===l.type?y="nocontent":304===b?y="notmodified":(y=v.state,s=v.data,t=v.error,k=!t)):(t=y,!b&&y||(y="error",0>b&&(b=0))),w.status=b,w.statusText=(c||y)+"",k?p.resolveWith(m,[s,y,w]):p.rejectWith(m,[w,y,t]),w.statusCode(r),r=void 0,i&&o.trigger(k?"ajaxSuccess":"ajaxError",[w,l,k?s:t]),q.fireWith(m,[w,y]),i&&(o.trigger("ajaxComplete",[w,l]),--n.active||n.event.trigger("ajaxStop")))}return w},getJSON:function(a,b,c){return n.get(a,b,c,"json")},getScript:function(a,b){return n.get(a,void 0,b,"script")}}),n.each(["get","post"],function(a,b){n[b]=function(a,c,d,e){return n.isFunction(c)&&(e=e||d,d=c,c=void 0),n.ajax(n.extend({url:a,type:b,dataType:e,data:c,success:d},n.isPlainObject(a)&&a))}}),n._evalUrl=function(a){return n.ajax({url:a,type:"GET",dataType:"script",cache:!0,async:!1,global:!1,"throws":!0})},n.fn.extend({wrapAll:function(a){if(n.isFunction(a))return this.each(function(b){n(this).wrapAll(a.call(this,b))});if(this[0]){var b=n(a,this[0].ownerDocument).eq(0).clone(!0);this[0].parentNode&&b.insertBefore(this[0]),b.map(function(){var a=this;while(a.firstChild&&1===a.firstChild.nodeType)a=a.firstChild;return a}).append(this)}return this},wrapInner:function(a){return n.isFunction(a)?this.each(function(b){n(this).wrapInner(a.call(this,b))}):this.each(function(){var b=n(this),c=b.contents();c.length?c.wrapAll(a):b.append(a)})},wrap:function(a){var b=n.isFunction(a);return this.each(function(c){n(this).wrapAll(b?a.call(this,c):a)})},unwrap:function(){return this.parent().each(function(){n.nodeName(this,"body")||n(this).replaceWith(this.childNodes)}).end()}});function Yb(a){return a.style&&a.style.display||n.css(a,"display")}function Zb(a){if(!n.contains(a.ownerDocument||d,a))return!0;while(a&&1===a.nodeType){if("none"===Yb(a)||"hidden"===a.type)return!0;a=a.parentNode}return!1}n.expr.filters.hidden=function(a){return l.reliableHiddenOffsets()?a.offsetWidth<=0&&a.offsetHeight<=0&&!a.getClientRects().length:Zb(a)},n.expr.filters.visible=function(a){return!n.expr.filters.hidden(a)};var $b=/%20/g,_b=/\[\]$/,ac=/\r?\n/g,bc=/^(?:submit|button|image|reset|file)$/i,cc=/^(?:input|select|textarea|keygen)/i;function dc(a,b,c,d){var e;if(n.isArray(b))n.each(b,function(b,e){c||_b.test(a)?d(a,e):dc(a+"["+("object"==typeof e&&null!=e?b:"")+"]",e,c,d)});else if(c||"object"!==n.type(b))d(a,b);else for(e in b)dc(a+"["+e+"]",b[e],c,d)}n.param=function(a,b){var c,d=[],e=function(a,b){b=n.isFunction(b)?b():null==b?"":b,d[d.length]=encodeURIComponent(a)+"="+encodeURIComponent(b)};if(void 0===b&&(b=n.ajaxSettings&&n.ajaxSettings.traditional),n.isArray(a)||a.jquery&&!n.isPlainObject(a))n.each(a,function(){e(this.name,this.value)});else for(c in a)dc(c,a[c],b,e);return d.join("&").replace($b,"+")},n.fn.extend({serialize:function(){return n.param(this.serializeArray())},serializeArray:function(){return this.map(function(){var a=n.prop(this,"elements");return a?n.makeArray(a):this}).filter(function(){var a=this.type;return this.name&&!n(this).is(":disabled")&&cc.test(this.nodeName)&&!bc.test(a)&&(this.checked||!Z.test(a))}).map(function(a,b){var c=n(this).val();return null==c?null:n.isArray(c)?n.map(c,function(a){return{name:b.name,value:a.replace(ac,"\r\n")}}):{name:b.name,value:c.replace(ac,"\r\n")}}).get()}}),n.ajaxSettings.xhr=void 0!==a.ActiveXObject?function(){return this.isLocal?ic():d.documentMode>8?hc():/^(get|post|head|put|delete|options)$/i.test(this.type)&&hc()||ic()}:hc;var ec=0,fc={},gc=n.ajaxSettings.xhr();a.attachEvent&&a.attachEvent("onunload",function(){for(var a in fc)fc[a](void 0,!0)}),l.cors=!!gc&&"withCredentials"in gc,gc=l.ajax=!!gc,gc&&n.ajaxTransport(function(b){if(!b.crossDomain||l.cors){var c;return{send:function(d,e){var f,g=b.xhr(),h=++ec;if(g.open(b.type,b.url,b.async,b.username,b.password),b.xhrFields)for(f in b.xhrFields)g[f]=b.xhrFields[f];b.mimeType&&g.overrideMimeType&&g.overrideMimeType(b.mimeType),b.crossDomain||d["X-Requested-With"]||(d["X-Requested-With"]="XMLHttpRequest");for(f in d)void 0!==d[f]&&g.setRequestHeader(f,d[f]+"");g.send(b.hasContent&&b.data||null),c=function(a,d){var f,i,j;if(c&&(d||4===g.readyState))if(delete fc[h],c=void 0,g.onreadystatechange=n.noop,d)4!==g.readyState&&g.abort();else{j={},f=g.status,"string"==typeof g.responseText&&(j.text=g.responseText);try{i=g.statusText}catch(k){i=""}f||!b.isLocal||b.crossDomain?1223===f&&(f=204):f=j.text?200:404}j&&e(f,i,j,g.getAllResponseHeaders())},b.async?4===g.readyState?a.setTimeout(c):g.onreadystatechange=fc[h]=c:c()},abort:function(){c&&c(void 0,!0)}}}});function hc(){try{return new a.XMLHttpRequest}catch(b){}}function ic(){try{return new a.ActiveXObject("Microsoft.XMLHTTP")}catch(b){}}n.ajaxSetup({accepts:{script:"text/javascript, application/javascript, application/ecmascript, application/x-ecmascript"},contents:{script:/\b(?:java|ecma)script\b/},converters:{"text script":function(a){return n.globalEval(a),a}}}),n.ajaxPrefilter("script",function(a){void 0===a.cache&&(a.cache=!1),a.crossDomain&&(a.type="GET",a.global=!1)}),n.ajaxTransport("script",function(a){if(a.crossDomain){var b,c=d.head||n("head")[0]||d.documentElement;return{send:function(e,f){b=d.createElement("script"),b.async=!0,a.scriptCharset&&(b.charset=a.scriptCharset),b.src=a.url,b.onload=b.onreadystatechange=function(a,c){(c||!b.readyState||/loaded|complete/.test(b.readyState))&&(b.onload=b.onreadystatechange=null,b.parentNode&&b.parentNode.removeChild(b),b=null,c||f(200,"success"))},c.insertBefore(b,c.firstChild)},abort:function(){b&&b.onload(void 0,!0)}}}});var jc=[],kc=/(=)\?(?=&|$)|\?\?/;n.ajaxSetup({jsonp:"callback",jsonpCallback:function(){var a=jc.pop()||n.expando+"_"+Eb++;return this[a]=!0,a}}),n.ajaxPrefilter("json jsonp",function(b,c,d){var e,f,g,h=b.jsonp!==!1&&(kc.test(b.url)?"url":"string"==typeof b.data&&0===(b.contentType||"").indexOf("application/x-www-form-urlencoded")&&kc.test(b.data)&&"data");return h||"jsonp"===b.dataTypes[0]?(e=b.jsonpCallback=n.isFunction(b.jsonpCallback)?b.jsonpCallback():b.jsonpCallback,h?b[h]=b[h].replace(kc,"$1"+e):b.jsonp!==!1&&(b.url+=(Fb.test(b.url)?"&":"?")+b.jsonp+"="+e),b.converters["script json"]=function(){return g||n.error(e+" was not called"),g[0]},b.dataTypes[0]="json",f=a[e],a[e]=function(){g=arguments},d.always(function(){void 0===f?n(a).removeProp(e):a[e]=f,b[e]&&(b.jsonpCallback=c.jsonpCallback,jc.push(e)),g&&n.isFunction(f)&&f(g[0]),g=f=void 0}),"script"):void 0}),n.parseHTML=function(a,b,c){if(!a||"string"!=typeof a)return null;"boolean"==typeof b&&(c=b,b=!1),b=b||d;var e=x.exec(a),f=!c&&[];return e?[b.createElement(e[1])]:(e=ja([a],b,f),f&&f.length&&n(f).remove(),n.merge([],e.childNodes))};var lc=n.fn.load;n.fn.load=function(a,b,c){if("string"!=typeof a&&lc)return lc.apply(this,arguments);var d,e,f,g=this,h=a.indexOf(" ");return h>-1&&(d=n.trim(a.slice(h,a.length)),a=a.slice(0,h)),n.isFunction(b)?(c=b,b=void 0):b&&"object"==typeof b&&(e="POST"),g.length>0&&n.ajax({url:a,type:e||"GET",dataType:"html",data:b}).done(function(a){f=arguments,g.html(d?n("<div>").append(n.parseHTML(a)).find(d):a)}).always(c&&function(a,b){g.each(function(){c.apply(this,f||[a.responseText,b,a])})}),this},n.each(["ajaxStart","ajaxStop","ajaxComplete","ajaxError","ajaxSuccess","ajaxSend"],function(a,b){n.fn[b]=function(a){return this.on(b,a)}}),n.expr.filters.animated=function(a){return n.grep(n.timers,function(b){return a===b.elem}).length};function mc(a){return n.isWindow(a)?a:9===a.nodeType?a.defaultView||a.parentWindow:!1}n.offset={setOffset:function(a,b,c){var d,e,f,g,h,i,j,k=n.css(a,"position"),l=n(a),m={};"static"===k&&(a.style.position="relative"),h=l.offset(),f=n.css(a,"top"),i=n.css(a,"left"),j=("absolute"===k||"fixed"===k)&&n.inArray("auto",[f,i])>-1,j?(d=l.position(),g=d.top,e=d.left):(g=parseFloat(f)||0,e=parseFloat(i)||0),n.isFunction(b)&&(b=b.call(a,c,n.extend({},h))),null!=b.top&&(m.top=b.top-h.top+g),null!=b.left&&(m.left=b.left-h.left+e),"using"in b?b.using.call(a,m):l.css(m)}},n.fn.extend({offset:function(a){if(arguments.length)return void 0===a?this:this.each(function(b){n.offset.setOffset(this,a,b)});var b,c,d={top:0,left:0},e=this[0],f=e&&e.ownerDocument;if(f)return b=f.documentElement,n.contains(b,e)?("undefined"!=typeof e.getBoundingClientRect&&(d=e.getBoundingClientRect()),c=mc(f),{top:d.top+(c.pageYOffset||b.scrollTop)-(b.clientTop||0),left:d.left+(c.pageXOffset||b.scrollLeft)-(b.clientLeft||0)}):d},position:function(){if(this[0]){var a,b,c={top:0,left:0},d=this[0];return"fixed"===n.css(d,"position")?b=d.getBoundingClientRect():(a=this.offsetParent(),b=this.offset(),n.nodeName(a[0],"html")||(c=a.offset()),c.top+=n.css(a[0],"borderTopWidth",!0),c.left+=n.css(a[0],"borderLeftWidth",!0)),{top:b.top-c.top-n.css(d,"marginTop",!0),left:b.left-c.left-n.css(d,"marginLeft",!0)}}},offsetParent:function(){return this.map(function(){var a=this.offsetParent;while(a&&!n.nodeName(a,"html")&&"static"===n.css(a,"position"))a=a.offsetParent;return a||Qa})}}),n.each({scrollLeft:"pageXOffset",scrollTop:"pageYOffset"},function(a,b){var c=/Y/.test(b);n.fn[a]=function(d){return Y(this,function(a,d,e){var f=mc(a);return void 0===e?f?b in f?f[b]:f.document.documentElement[d]:a[d]:void(f?f.scrollTo(c?n(f).scrollLeft():e,c?e:n(f).scrollTop()):a[d]=e)},a,d,arguments.length,null)}}),n.each(["top","left"],function(a,b){n.cssHooks[b]=Ua(l.pixelPosition,function(a,c){return c?(c=Sa(a,b),Oa.test(c)?n(a).position()[b]+"px":c):void 0})}),n.each({Height:"height",Width:"width"},function(a,b){n.each({
>padding:"inner"+a,content:b,"":"outer"+a},function(c,d){n.fn[d]=function(d,e){var f=arguments.length&&(c||"boolean"!=typeof d),g=c||(d===!0||e===!0?"margin":"border");return Y(this,function(b,c,d){var e;return n.isWindow(b)?b.document.documentElement["client"+a]:9===b.nodeType?(e=b.documentElement,Math.max(b.body["scroll"+a],e["scroll"+a],b.body["offset"+a],e["offset"+a],e["client"+a])):void 0===d?n.css(b,c,g):n.style(b,c,d,g)},b,f?d:void 0,f,null)}})}),n.fn.extend({bind:function(a,b,c){return this.on(a,null,b,c)},unbind:function(a,b){return this.off(a,null,b)},delegate:function(a,b,c,d){return this.on(b,a,c,d)},undelegate:function(a,b,c){return 1===arguments.length?this.off(a,"**"):this.off(b,a||"**",c)}}),n.fn.size=function(){return this.length},n.fn.andSelf=n.fn.addBack,"function"==typeof define&&define.amd&&define("jquery",[],function(){return n});var nc=a.jQuery,oc=a.$;return n.noConflict=function(b){return a.$===n&&(a.$=oc),b&&a.jQuery===n&&(a.jQuery=nc),n},b||(a.jQuery=a.$=n),n});
>(function(c){var b,d,a;b=(function(){function e(h,f,g){var j;this.row=h;this.tree=f;this.settings=g;this.id=this.row.data(this.settings.nodeIdAttr);j=this.row.data(this.settings.parentIdAttr);if(j!=null&&j!==""){this.parentId=j}this.treeCell=c(this.row.children(this.settings.columnElType)[this.settings.column]);this.expander=c(this.settings.expanderTemplate);this.indenter=c(this.settings.indenterTemplate);this.children=[];this.initialized=false;this.treeCell.prepend(this.indenter)}e.prototype.addChild=function(f){return this.children.push(f)};e.prototype.ancestors=function(){var f,g;g=this;f=[];while(g=g.parentNode()){f.push(g)}return f};e.prototype.collapse=function(){if(this.collapsed()){return this}this.row.removeClass("expanded").addClass("collapsed");this._hideChildren();this.expander.attr("title",this.settings.stringExpand);if(this.initialized&&this.settings.onNodeCollapse!=null){this.settings.onNodeCollapse.apply(this)}return this};e.prototype.collapsed=function(){return this.row.hasClass("collapsed")};e.prototype.expand=function(){if(this.expanded()){return this}this.row.removeClass("collapsed").addClass("expanded");if(this.initialized&&this.settings.onNodeExpand!=null){this.settings.onNodeExpand.apply(this)}if(c(this.row).is(":visible")){this._showChildren()}this.expander.attr("title",this.settings.stringCollapse);return this};e.prototype.expanded=function(){return this.row.hasClass("expanded")};e.prototype.hide=function(){this._hideChildren();this.row.hide();return this};e.prototype.isBranchNode=function(){if(this.children.length>0||this.row.data(this.settings.branchAttr)===true){return true}else{return false}};e.prototype.updateBranchLeafClass=function(){this.row.removeClass("branch");this.row.removeClass("leaf");this.row.addClass(this.isBranchNode()?"branch":"leaf")};e.prototype.level=function(){return this.ancestors().length};e.prototype.parentNode=function(){if(this.parentId!=null){return this.tree[this.parentId]}else{return null}};e.prototype.removeChild=function(g){var f=c.inArray(g,this.children);return this.children.splice(f,1)};e.prototype.render=function(){var g,f=this.settings,h;if(f.expandable===true&&this.isBranchNode()){g=function(j){c(this).parents("table").treetable("node",c(this).parents("tr").data(f.nodeIdAttr)).toggle();return j.preventDefault()};this.indenter.html(this.expander);h=f.clickableNodeNames===true?this.treeCell:this.expander;h.off("click.treetable").on("click.treetable",g);h.off("keydown.treetable").on("keydown.treetable",function(j){if(j.keyCode==13){g.apply(this,[j])}})}this.indenter[0].style.paddingLeft=""+(this.level()*f.indent)+"px";return this};e.prototype.reveal=function(){if(this.parentId!=null){this.parentNode().reveal()}return this.expand()};e.prototype.setParent=function(f){if(this.parentId!=null){this.tree[this.parentId].removeChild(this)}this.parentId=f.id;this.row.data(this.settings.parentIdAttr,f.id);return f.addChild(this)};e.prototype.show=function(){if(!this.initialized){this._initialize()}this.row.show();if(this.expanded()){this._showChildren()}return this};e.prototype.toggle=function(){if(this.expanded()){this.collapse()}else{this.expand()}return this};e.prototype._hideChildren=function(){var k,j,g,h,f;h=this.children;f=[];for(j=0,g=h.length;j<g;j++){k=h[j];f.push(k.hide())}return f};e.prototype._initialize=function(){var f=this.settings;this.render();if(f.expandable===true&&f.initialState==="collapsed"){this.collapse()}else{this.expand()}if(f.onNodeInitialized!=null){f.onNodeInitialized.apply(this)}return this.initialized=true};e.prototype._showChildren=function(){var k,j,g,h,f;h=this.children;f=[];for(j=0,g=h.length;j<g;j++){k=h[j];f.push(k.show())}return f};return e})();d=(function(){function e(g,f){this.table=g;this.settings=f;this.tree={};this.nodes=[];this.roots=[]}e.prototype.collapseAll=function(){var h,k,g,j,f;j=this.nodes;f=[];for(k=0,g=j.length;k<g;k++){h=j[k];f.push(h.collapse())}return f};e.prototype.expandAll=function(){var h,k,g,j,f;j=this.nodes;f=[];for(k=0,g=j.length;k<g;k++){h=j[k];f.push(h.expand())}return f};e.prototype.findLastNode=function(f){if(f.children.length>0){return this.findLastNode(f.children[f.children.length-1])}else{return f}};e.prototype.loadRows=function(h){var g,j,f;if(h!=null){for(f=0;f<h.length;f++){j=c(h[f]);if(j.data(this.settings.nodeIdAttr)!=null){g=new b(j,this.tree,this.settings);this.nodes.push(g);this.tree[g.id]=g;if(g.parentId!=null&&this.tree[g.parentId]){this.tree[g.parentId].addChild(g)}else{this.roots.push(g)}}}}for(f=0;f<this.nodes.length;f++){g=this.nodes[f].updateBranchLeafClass()}return this};e.prototype.move=function(h,f){var g=h.parentNode();if(h!==f&&f.id!==h.parentId&&c.inArray(h,f.ancestors())===-1){h.setParent(f);this._moveRows(h,f);if(h.parentNode().children.length===1){h.parentNode().render()}}if(g){g.updateBranchLeafClass()}if(h.parentNode()){h.parentNode().updateBranchLeafClass()}h.updateBranchLeafClass();return this};e.prototype.removeNode=function(f){this.unloadBranch(f);f.row.remove();if(f.parentId!=null){f.parentNode().removeChild(f)}delete this.tree[f.id];this.nodes.splice(c.inArray(f,this.nodes),1);return this};e.prototype.render=function(){var g,j,f,h;h=this.roots;for(j=0,f=h.length;j<f;j++){g=h[j];g.show()}return this};e.prototype.sortBranch=function(g,f){g.children.sort(f);this._sortChildRows(g);return this};e.prototype.unloadBranch=function(h){var g=h.children.slice(0),f;for(f=0;f<g.length;f++){this.removeNode(g[f])}h.children=[];h.updateBranchLeafClass();return this};e.prototype._moveRows=function(j,f){var h=j.children,g;j.row.insertAfter(f.row);j.render();for(g=h.length-1;g>=0;g--){this._moveRows(h[g],j)}};e.prototype._sortChildRows=function(f){return this._moveRows(f,f)};return e})();a={init:function(e,g){var f;f=c.extend({branchAttr:"ttBranch",clickableNodeNames:false,column:0,columnElType:"td",expandable:false,expanderTemplate:"<a href='#'>&nbsp;</a>",indent:19,indenterTemplate:"<span class='indenter'></span>",initialState:"collapsed",nodeIdAttr:"ttId",parentIdAttr:"ttParentId",stringExpand:"Expand",stringCollapse:"Collapse",onInitialized:null,onNodeCollapse:null,onNodeExpand:null,onNodeInitialized:null},e);return this.each(function(){var j=c(this),h;if(g||j.data("treetable")===undefined){h=new d(this,f);h.loadRows(this.rows).render();j.addClass("treetable").data("treetable",h);if(f.onInitialized!=null){f.onInitialized.apply(h)}}return j})},destroy:function(){return this.each(function(){return c(this).removeData("treetable").removeClass("treetable")})},collapseAll:function(){this.data("treetable").collapseAll();return this},collapseNode:function(f){var e=this.data("treetable").tree[f];if(e){e.collapse()}else{throw new Error("Unknown node '"+f+"'")}return this},expandAll:function(){this.data("treetable").expandAll();return this},expandNode:function(f){var e=this.data("treetable").tree[f];if(e){if(!e.initialized){e._initialize()}e.expand()}else{throw new Error("Unknown node '"+f+"'")}return this},loadBranch:function(h,j){var f=this.data("treetable").settings,e=this.data("treetable").tree;j=c(j);if(h==null){this.append(j)}else{var g=this.data("treetable").findLastNode(h);j.insertAfter(g.row)}this.data("treetable").loadRows(j);j.filter("tr").each(function(){e[c(this).data(f.nodeIdAttr)].show()});if(h!=null){h.render().expand()}return this},move:function(h,g){var e,f;f=this.data("treetable").tree[h];e=this.data("treetable").tree[g];this.data("treetable").move(f,e);return this},node:function(e){return this.data("treetable").tree[e]},removeNode:function(f){var e=this.data("treetable").tree[f];if(e){this.data("treetable").removeNode(e)}else{throw new Error("Unknown node '"+f+"'")}return this},reveal:function(f){var e=this.data("treetable").tree[f];if(e){e.reveal()}else{throw new Error("Unknown node '"+f+"'")}return this},sortBranch:function(j,g){var h=this.data("treetable").settings,f,e;g=g||h.column;e=g;if(c.isNumeric(g)){e=function(m,k){var o,n,l;o=function(p){var q=p.row.find("td:eq("+g+")").text();return c.trim(q).toUpperCase()};n=o(m);l=o(k);if(n<l){return -1}if(n>l){return 1}return 0}}this.data("treetable").sortBranch(j,e);return this},unloadBranch:function(e){this.data("treetable").unloadBranch(e);return this}};c.fn.treetable=function(e){if(a[e]){return a[e].apply(this,Array.prototype.slice.call(arguments,1))}else{if(typeof e==="object"||!e){return a.init.apply(this,arguments)}else{return c.error("Method "+e+" does not exist on jQuery.treetable")}}};this.TreeTable||(this.TreeTable={});this.TreeTable.Node=b;this.TreeTable.Tree=d})(jQuery);
>/*!
> * Bootstrap v3.3.7 (http://getbootstrap.com)
> * Copyright 2011-2016 Twitter, Inc.
> * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE)
> */
>;
>/*!
> * Generated using the Bootstrap Customizer (https://getbootstrap.com/customize/?id=8160adef040364fa8f688f6065765caf)
> * Config saved to config.json and https://gist.github.com/8160adef040364fa8f688f6065765caf
> */
>;if("undefined"==typeof jQuery){throw new Error("Bootstrap's JavaScript requires jQuery")}+function(a){var b=a.fn.jquery.split(" ")[0].split(".");if(b[0]<2&&b[1]<9||1==b[0]&&9==b[1]&&b[2]<1||b[0]>3){throw new Error("Bootstrap's JavaScript requires jQuery version 1.9.1 or higher, but lower than version 4")}}(jQuery),+function(b){function c(g){return this.each(function(){var e=b(this),h=e.data("bs.alert");h||e.data("bs.alert",h=new f(this)),"string"==typeof g&&h[g].call(e)})}var a='[data-dismiss="alert"]',f=function(g){b(g).on("click",a,this.close)};f.VERSION="3.3.7",f.TRANSITION_DURATION=150,f.prototype.close=function(k){function h(){g.detach().trigger("closed.bs.alert").remove()}var l=b(this),j=l.attr("data-target");j||(j=l.attr("href"),j=j&&j.replace(/.*(?=#[^\s]*$)/,""));var g=b("#"===j?[]:j);k&&k.preventDefault(),g.length||(g=l.closest(".alert")),g.trigger(k=b.Event("close.bs.alert")),k.isDefaultPrevented()||(g.removeClass("in"),b.support.transition&&g.hasClass("fade")?g.one("bsTransitionEnd",h).emulateTransitionEnd(f.TRANSITION_DURATION):h())};var d=b.fn.alert;b.fn.alert=c,b.fn.alert.Constructor=f,b.fn.alert.noConflict=function(){return b.fn.alert=d,this},b(document).on("click.bs.alert.data-api",a,f.prototype.close)}(jQuery),+function(d){function h(l){var a=l.attr("data-target");a||(a=l.attr("href"),a=a&&/#[A-Za-z]/.test(a)&&a.replace(/.*(?=#[^\s]*$)/,""));var m=a&&d(a);return m&&m.length?m:l.parent()}function c(a){a&&3===a.which||(d(j).remove(),d(f).each(function(){var m=d(this),l=h(m),e={relatedTarget:this};l.hasClass("open")&&(a&&"click"==a.type&&/input|textarea/i.test(a.target.tagName)&&d.contains(l[0],a.target)||(l.trigger(a=d.Event("hide.bs.dropdown",e)),a.isDefaultPrevented()||(m.attr("aria-expanded","false"),l.removeClass("open").trigger(d.Event("hidden.bs.dropdown",e)))))}))}function k(a){return this.each(function(){var e=d(this),l=e.data("bs.dropdown");l||e.data("bs.dropdown",l=new b(this)),"string"==typeof a&&l[a].call(e)})}var j=".dropdown-backdrop",f='[data-toggle="dropdown"]',b=function(a){d(a).on("click.bs.dropdown",this.toggle)};b.VERSION="3.3.7",b.prototype.toggle=function(q){var p=d(this);if(!p.is(".disabled, :disabled")){var l=h(p),e=l.hasClass("open");if(c(),!e){"ontouchstart" in document.documentElement&&!l.closest(".navbar-nav").length&&d(document.createElement("div")).addClass("dropdown-backdrop").insertAfter(d(this)).on("click",c);var m={relatedTarget:this};if(l.trigger(q=d.Event("show.bs.dropdown",m)),q.isDefaultPrevented()){return}p.trigger("focus").attr("aria-expanded","true"),l.toggleClass("open").trigger(d.Event("shown.bs.dropdown",m))}return !1}},b.prototype.keydown=function(p){if(/(38|40|27|32)/.test(p.which)&&!/input|textarea/i.test(p.target.tagName)){var u=d(this);if(p.preventDefault(),p.stopPropagation(),!u.is(".disabled, :disabled")){var t=h(u),m=t.hasClass("open");if(!m&&27!=p.which||m&&27==p.which){return 27==p.which&&t.find(f).trigger("focus"),u.trigger("click")}var q=" li:not(.disabled):visible a",s=t.find(".dropdown-menu"+q);if(s.length){var e=s.index(p.target);38==p.which&&e>0&&e--,40==p.which&&e<s.length-1&&e++,~e||(e=0),s.eq(e).trigger("focus")}}}};var g=d.fn.dropdown;d.fn.dropdown=k,d.fn.dropdown.Constructor=b,d.fn.dropdown.noConflict=function(){return d.fn.dropdown=g,this},d(document).on("click.bs.dropdown.data-api",c).on("click.bs.dropdown.data-api",".dropdown form",function(a){a.stopPropagation()}).on("click.bs.dropdown.data-api",f,b.prototype.toggle).on("keydown.bs.dropdown.data-api",f,b.prototype.keydown).on("keydown.bs.dropdown.data-api",".dropdown-menu",b.prototype.keydown)}(jQuery),+function(b){function c(f,g){return this.each(function(){var j=b(this),h=j.data("bs.modal"),e=b.extend({},a.DEFAULTS,j.data(),"object"==typeof f&&f);h||j.data("bs.modal",h=new a(this,e)),"string"==typeof f?h[f](g):e.show&&h.show(g)})}var a=function(g,f){this.options=f,this.$body=b(document.body),this.$element=b(g),this.$dialog=this.$element.find(".modal-dialog"),this.$backdrop=null,this.isShown=null,this.originalBodyPad=null,this.scrollbarWidth=0,this.ignoreBackdropClick=!1,this.options.remote&&this.$element.find(".modal-content").load(this.options.remote,b.proxy(function(){this.$element.trigger("loaded.bs.modal")},this))};a.VERSION="3.3.7",a.TRANSITION_DURATION=300,a.BACKDROP_TRANSITION_DURATION=150,a.DEFAULTS={backdrop:!0,keyboard:!0,show:!0},a.prototype.toggle=function(e){return this.isShown?this.hide():this.show(e)},a.prototype.show=function(f){var h=this,g=b.Event("show.bs.modal",{relatedTarget:f});this.$element.trigger(g),this.isShown||g.isDefaultPrevented()||(this.isShown=!0,this.checkScrollbar(),this.setScrollbar(),this.$body.addClass("modal-open"),this.escape(),this.resize(),this.$element.on("click.dismiss.bs.modal",'[data-dismiss="modal"]',b.proxy(this.hide,this)),this.$dialog.on("mousedown.dismiss.bs.modal",function(){h.$element.one("mouseup.dismiss.bs.modal",function(j){b(j.target).is(h.$element)&&(h.ignoreBackdropClick=!0)})}),this.backdrop(function(){var j=b.support.transition&&h.$element.hasClass("fade");h.$element.parent().length||h.$element.appendTo(h.$body),h.$element.show().scrollTop(0),h.adjustDialog(),j&&h.$element[0].offsetWidth,h.$element.addClass("in"),h.enforceFocus();var e=b.Event("shown.bs.modal",{relatedTarget:f});j?h.$dialog.one("bsTransitionEnd",function(){h.$element.trigger("focus").trigger(e)}).emulateTransitionEnd(a.TRANSITION_DURATION):h.$element.trigger("focus").trigger(e)}))},a.prototype.hide=function(f){f&&f.preventDefault(),f=b.Event("hide.bs.modal"),this.$element.trigger(f),this.isShown&&!f.isDefaultPrevented()&&(this.isShown=!1,this.escape(),this.resize(),b(document).off("focusin.bs.modal"),this.$element.removeClass("in").off("click.dismiss.bs.modal").off("mouseup.dismiss.bs.modal"),this.$dialog.off("mousedown.dismiss.bs.modal"),b.support.transition&&this.$element.hasClass("fade")?this.$element.one("bsTransitionEnd",b.proxy(this.hideModal,this)).emulateTransitionEnd(a.TRANSITION_DURATION):this.hideModal())},a.prototype.enforceFocus=function(){b(document).off("focusin.bs.modal").on("focusin.bs.modal",b.proxy(function(e){document===e.target||this.$element[0]===e.target||this.$element.has(e.target).length||this.$element.trigger("focus")},this))},a.prototype.escape=function(){this.isShown&&this.options.keyboard?this.$element.on("keydown.dismiss.bs.modal",b.proxy(function(e){27==e.which&&this.hide()},this)):this.isShown||this.$element.off("keydown.dismiss.bs.modal")},a.prototype.resize=function(){this.isShown?b(window).on("resize.bs.modal",b.proxy(this.handleUpdate,this)):b(window).off("resize.bs.modal")},a.prototype.hideModal=function(){var e=this;this.$element.hide(),this.backdrop(function(){e.$body.removeClass("modal-open"),e.resetAdjustments(),e.resetScrollbar(),e.$element.trigger("hidden.bs.modal")})},a.prototype.removeBackdrop=function(){this.$backdrop&&this.$backdrop.remove(),this.$backdrop=null},a.prototype.backdrop=function(h){var k=this,j=this.$element.hasClass("fade")?"fade":"";if(this.isShown&&this.options.backdrop){var g=b.support.transition&&j;if(this.$backdrop=b(document.createElement("div")).addClass("modal-backdrop "+j).appendTo(this.$body),this.$element.on("click.dismiss.bs.modal",b.proxy(function(e){return this.ignoreBackdropClick?void (this.ignoreBackdropClick=!1):void (e.target===e.currentTarget&&("static"==this.options.backdrop?this.$element[0].focus():this.hide()))},this)),g&&this.$backdrop[0].offsetWidth,this.$backdrop.addClass("in"),!h){return}g?this.$backdrop.one("bsTransitionEnd",h).emulateTransitionEnd(a.BACKDROP_TRANSITION_DURATION):h()}else{if(!this.isShown&&this.$backdrop){this.$backdrop.removeClass("in");var f=function(){k.removeBackdrop(),h&&h()};b.support.transition&&this.$element.hasClass("fade")?this.$backdrop.one("bsTransitionEnd",f).emulateTransitionEnd(a.BACKDROP_TRANSITION_DURATION):f()}else{h&&h()}}},a.prototype.handleUpdate=function(){this.adjustDialog()},a.prototype.adjustDialog=function(){var e=this.$element[0].scrollHeight>document.documentElement.clientHeight;this.$element.css({paddingLeft:!this.bodyIsOverflowing&&e?this.scrollbarWidth:"",paddingRight:this.bodyIsOverflowing&&!e?this.scrollbarWidth:""})},a.prototype.resetAdjustments=function(){this.$element.css({paddingLeft:"",paddingRight:""})},a.prototype.checkScrollbar=function(){var f=window.innerWidth;if(!f){var g=document.documentElement.getBoundingClientRect();f=g.right-Math.abs(g.left)}this.bodyIsOverflowing=document.body.clientWidth<f,this.scrollbarWidth=this.measureScrollbar()},a.prototype.setScrollbar=function(){var e=parseInt(this.$body.css("padding-right")||0,10);this.originalBodyPad=document.body.style.paddingRight||"",this.bodyIsOverflowing&&this.$body.css("padding-right",e+this.scrollbarWidth)},a.prototype.resetScrollbar=function(){this.$body.css("padding-right",this.originalBodyPad)},a.prototype.measureScrollbar=function(){var f=document.createElement("div");f.className="modal-scrollbar-measure",this.$body.append(f);var g=f.offsetWidth-f.clientWidth;return this.$body[0].removeChild(f),g};var d=b.fn.modal;b.fn.modal=c,b.fn.modal.Constructor=a,b.fn.modal.noConflict=function(){return b.fn.modal=d,this},b(document).on("click.bs.modal.data-api",'[data-toggle="modal"]',function(f){var j=b(this),h=j.attr("href"),g=b(j.attr("data-target")||h&&h.replace(/.*(?=#[^\s]+$)/,"")),e=g.data("bs.modal")?"toggle":b.extend({remote:!/#/.test(h)&&h},g.data(),j.data());j.is("a")&&f.preventDefault(),g.one("show.bs.modal",function(k){k.isDefaultPrevented()||g.one("hidden.bs.modal",function(){j.is(":visible")&&j.trigger("focus")})}),c.call(g,e,this)})}(jQuery),+function(b){function c(h){var g,j=h.attr("data-target")||(g=h.attr("href"))&&g.replace(/.*(?=#[^\s]+$)/,"");return b(j)}function a(g){return this.each(function(){var e=b(this),j=e.data("bs.collapse"),h=b.extend({},f.DEFAULTS,e.data(),"object"==typeof g&&g);!j&&h.toggle&&/show|hide/.test(g)&&(h.toggle=!1),j||e.data("bs.collapse",j=new f(this,h)),"string"==typeof g&&j[g]()})}var f=function(h,g){this.$element=b(h),this.options=b.extend({},f.DEFAULTS,g),this.$trigger=b('[data-toggle="collapse"][href="#'+h.id+'"],[data-toggle="collapse"][data-target="#'+h.id+'"]'),this.transitioning=null,this.options.parent?this.$parent=this.getParent():this.addAriaAndCollapsedClass(this.$element,this.$trigger),this.options.toggle&&this.toggle()};f.VERSION="3.3.7",f.TRANSITION_DURATION=350,f.DEFAULTS={toggle:!0},f.prototype.dimension=function(){var e=this.$element.hasClass("width");return e?"width":"height"},f.prototype.show=function(){if(!this.transitioning&&!this.$element.hasClass("in")){var k,m=this.$parent&&this.$parent.children(".panel").children(".in, .collapsing");if(!(m&&m.length&&(k=m.data("bs.collapse"),k&&k.transitioning))){var h=b.Event("show.bs.collapse");if(this.$element.trigger(h),!h.isDefaultPrevented()){m&&m.length&&(a.call(m,"hide"),k||m.data("bs.collapse",null));var g=this.dimension();this.$element.removeClass("collapse").addClass("collapsing")[g](0).attr("aria-expanded",!0),this.$trigger.removeClass("collapsed").attr("aria-expanded",!0),this.transitioning=1;var j=function(){this.$element.removeClass("collapsing").addClass("collapse in")[g](""),this.transitioning=0,this.$element.trigger("shown.bs.collapse")};if(!b.support.transition){return j.call(this)}var l=b.camelCase(["scroll",g].join("-"));this.$element.one("bsTransitionEnd",b.proxy(j,this)).emulateTransitionEnd(f.TRANSITION_DURATION)[g](this.$element[0][l])}}}},f.prototype.hide=function(){if(!this.transitioning&&this.$element.hasClass("in")){var h=b.Event("hide.bs.collapse");if(this.$element.trigger(h),!h.isDefaultPrevented()){var g=this.dimension();this.$element[g](this.$element[g]())[0].offsetHeight,this.$element.addClass("collapsing").removeClass("collapse in").attr("aria-expanded",!1),this.$trigger.addClass("collapsed").attr("aria-expanded",!1),this.transitioning=1;var j=function(){this.transitioning=0,this.$element.removeClass("collapsing").addClass("collapse").trigger("hidden.bs.collapse")};return b.support.transition?void this.$element[g](0).one("bsTransitionEnd",b.proxy(j,this)).emulateTransitionEnd(f.TRANSITION_DURATION):j.call(this)}}},f.prototype.toggle=function(){this[this.$element.hasClass("in")?"hide":"show"]()},f.prototype.getParent=function(){return b(this.options.parent).find('[data-toggle="collapse"][data-parent="'+this.options.parent+'"]').each(b.proxy(function(e,h){var g=b(h);this.addAriaAndCollapsedClass(c(g),g)},this)).end()},f.prototype.addAriaAndCollapsedClass=function(h,j){var g=h.hasClass("in");h.attr("aria-expanded",g),j.toggleClass("collapsed",!g).attr("aria-expanded",g)};var d=b.fn.collapse;b.fn.collapse=a,b.fn.collapse.Constructor=f,b.fn.collapse.noConflict=function(){return b.fn.collapse=d,this},b(document).on("click.bs.collapse.data-api",'[data-toggle="collapse"]',function(k){var j=b(this);j.attr("data-target")||k.preventDefault();var g=c(j),e=g.data("bs.collapse"),h=e?"toggle":j.data();a.call(g,h)})}(jQuery),+function(a){function b(){var d=document.createElement("bootstrap"),f={WebkitTransition:"webkitTransitionEnd",MozTransition:"transitionend",OTransition:"oTransitionEnd otransitionend",transition:"transitionend"};for(var c in f){if(void 0!==d.style[c]){return{end:f[c]}}}return !1}a.fn.emulateTransitionEnd=function(d){var c=!1,g=this;a(this).one("bsTransitionEnd",function(){c=!0});var f=function(){c||a(g).trigger(a.support.transition.end)};return setTimeout(f,d),this},a(function(){a.support.transition=b(),a.support.transition&&(a.event.special.bsTransitionEnd={bindType:a.support.transition.end,delegateType:a.support.transition.end,handle:function(c){return a(c.target).is(this)?c.handleObj.handler.apply(this,arguments):void 0}})})}(jQuery);function openRuleDetailsDialog(d){var a=$('<button type="button" class="close btn btn-sm btn-default" data-dismiss="modal" aria-hidden="false" title="Close">&#x274c;</button>');var b=$('<div id="detail-modal" class="modal fade" tabindex="-1" role="dialog" aria-hidden="false"><div id="detail-modal-body" class="modal-body"></div></div>');$("body").prepend(b);var c=$("#rule-detail-"+d).clone();c.attr("id","");c.children(".panel-heading").append(a);a.css({"float":"right"});a.css({"margin-top":"-=23px"});$("#detail-modal-body").append(c);$("#detail-modal").on("hidden.bs.modal",function(f){$("#detail-modal").remove()});$("#detail-modal").modal();return false}function toggleRuleDisplay(b){var a=b.value;if(b.checked){$(".rule-overview-leaf-"+a).removeClass("rule-result-filtered");$(".rule-detail-"+a).removeClass("rule-result-filtered")}else{$(".rule-overview-leaf-"+a).addClass("rule-result-filtered");$(".rule-detail-"+a).addClass("rule-result-filtered")}stripeTreeTable()}function toggleResultDetails(b){var a=$("#result-details");if(a.is(":visible")){a.hide();$(b).html("Show all result details")}else{a.show();$(b).html("Hide all result details")}return false}function ruleSearchMatches(e,c){if(c.length==0){return true}var b=true;var d=e.children(".keywords").text().toLowerCase();var a;for(a=0;a<c.length;++a){if(d.indexOf(c[a].toLowerCase())<0){b=false;break}}return b}function ruleSearch(){var c=$("#search-input").val();var a=c.split(/[\s,\.;]+/);var b=0;$(".rule-detail").each(function(){var d=$(this).attr("id").substring(12);var e=$("#rule-overview-leaf-"+d);var f=$(this);if(ruleSearchMatches(f,a)){e.removeClass("search-no-match");f.removeClass("search-no-match");++b}else{e.addClass("search-no-match");f.addClass("search-no-match")}});if(!c){$("#search-matches").html("")}else{if(b>0){$("#search-matches").html(b.toString()+" rules match.")}else{$("#search-matches").html("No rules match your search criteria!")}}}var is_original=true;var original_treetable=null;$(document).ready(function(){$("#result-details").hide();$(".js-only").show();$(".form-group select").val("default");$(".toggle-rule-display").each(function(){toggleRuleDisplay(this)});original_treetable=$(".treetable").clone();$(".treetable").treetable({column:0,expandable:true,clickableNodeNames:true,initialState:"expanded",indent:0});is_original=true;stripeTreeTable()});function resetTreetable(){if(!is_original){$(".treetable").remove();$("#rule-overview").append(original_treetable.clone());$(".treetable").treetable({column:0,expandable:true,clickableNodeNames:true,initialState:"expanded",indent:0});$(".toggle-rule-display").each(function(){toggleRuleDisplay(this)});is_original=true}}function newGroupLine(a,c){var b=24;if(a.length>b){a=a.substring(0,b-1)+"â¦"}return'<tr class="rule-overview-inner-node" data-tt-id="'+c+'"><td colspan="3"><small>'+a+"</small> = <strong>"+c+"</strong></td></tr>"}var KeysEnum={DEFAULT:"default",SEVERITY:"severity",RESULT:"result",NIST:"NIST SP 800-53 ID",DISA_CCI:"DISA CCI",DISA_SRG:"DISA SRG",DISA_STIG_ID:"DISA STIG ID",PCI_DSS:"PCI DSS Requirement",CIS:"CIS Recommendation"};function getTargetGroupsList(f,d){switch(d){case KeysEnum.SEVERITY:var b=f.children(".rule-severity").text();return[b];case KeysEnum.RESULT:var a=f.children(".rule-result").text();return[a];default:try{var c=JSON.parse(f.attr("data-references"))}catch(e){return["unknown"]}if(!c.hasOwnProperty(d)){return["unknown"]}return c[d]}}function sortGroups(a,b){switch(b){case KeysEnum.SEVERITY:return["high","medium","low"];case KeysEnum.RESULT:return a.sort();default:return a.sort(function(e,d){var f=e.split(/[.()-]/);var g=d.split(/[.()-]/);var c=0;var j=Math.min(f.length,g.length);var h=/^[1-9][0-9]*$/;for(i=0;i<j&&c==0;i++){if(f[i].match(h)==null||f[i].match(h)==null){c=f[i].localeCompare(g[i])}else{c=parseInt(f[i])-parseInt(g[i])}}if(c==0){c=f.length-g.length}return c})}}function groupRulesBy(c){resetTreetable();if(c==KeysEnum.DEFAULT){return}var b={};$(".rule-overview-leaf").each(function(){$(this).children("td:first").css("padding-left","0px");var j=$(this).attr("data-tt-id");var g=getTargetGroupsList($(this),c);for(i=0;i<g.length;i++){var e=g[i];if(!b.hasOwnProperty(e)){b[e]=[newGroupLine(c,e)]}var h=$(this).clone();h.attr("data-tt-id",j+"copy"+i);h.attr("data-tt-parent-id",e);var f=h.wrap("<div>").parent().html();b[e].push(f)}});$(".treetable").remove();var a=sortGroups(Object.keys(b),c);var d="";for(i=0;i<a.length;i++){d+=b[a[i]].join("\n")}new_table='<table class="treetable table table-bordered"><thead><tr><th>Group</th> <th style="width: 120px; text-align: center">Severity</th><th style="width: 120px; text-align: center">Result</th></tr></thead><tbody>'+d+"</tbody></table>";$("#rule-overview").append(new_table);is_original=false;$(".treetable").treetable({column:0,expandable:true,clickableNodeNames:true,initialState:"expanded",indent:0});stripeTreeTable()}function stripeTreeTable(){var a=$(".rule-overview-leaf:not(.rule-result-filtered)");var b=false;$(a).each(function(){$(this).css("background-color",b?"#F9F9F9":"inherit");b=!b})};</script></head><body><nav class="navbar navbar-default"><div class="navbar-header" style="float: none"><a class="navbar-brand" href="#"><svg xmlns="http://www.w3.org/2000/svg" version="1.1" width="52" height="52" id="svg2"><g transform="matrix(0.75266991,0,0,0.75266991,-17.752968,-104.57468)" id="g32"><path d="m 24.7,173.5 c 0,-9 3.5,-17.5 9.9,-23.9 6.8,-6.8 15.7,-10.4 25,-10 8.6,0.3 16.9,3.9 22.9,9.8 6.4,6.4 9.9,14.9 10,23.8 0.1,9.1 -3.5,17.8 -10,24.3 -13.2,13.2 -34.7,13.1 -48,-0.1 -1.5,-1.5 -1.9,-4.2 0.2,-6.2 l 9,-9 c -2,-3.6 -4.9,-13.1 2.6,-20.7 7.6,-7.6 18.6,-6 24.4,-0.2 3.3,3.3 5.1,7.6 5.1,12.1 0.1,4.6 -1.8,9.1 -5.3,12.5 -4.2,4.2 -10.2,5.8 -16.1,4.4 -1.5,-0.4 -2.4,-1.9 -2.1,-3.4 0.4,-1.5 1.9,-2.4 3.4,-2.1 4.1,1 8,-0.1 10.9,-2.9 2.3,-2.3 3.6,-5.3 3.6,-8.4 0,0 0,-0.1 0,-0.1 0,-3 -1.3,-5.9 -3.5,-8.2 -3.9,-3.9 -11.3,-4.9 -16.5,0.2 -6.3,6.3 -1.6,14.1 -1.6,14.2 1.5,2.4 0.7,5 -0.9,6.3 l -8.4,8.4 c 9.9,8.9 27.2,11.2 39.1,-0.8 5.4,-5.4 8.4,-12.5 8.4,-20 0,-0.1 0,-0.2 0,-0.3 -0.1,-7.5 -3,-14.6 -8.4,-19.9 -5,-5 -11.9,-8 -19.1,-8.2 -7.8,-0.3 -15.2,2.7 -20.9,8.4 -8.7,8.7 -8.7,19 -7.9,24.3 0.3,2.4 1.1,4.9 2.2,7.3 0.6,1.4 0,3.1 -1.4,3.7 -1.4,0.6 -3.1,0 -3.7,-1.4 -1.3,-2.9 -2.2,-5.8 -2.6,-8.7 -0.3,-1.7 -0.4,-3.5 -0.4,-5.2 z" id="path34" style="fill:#12497f"></path></g></svg></a><div><h1>OpenSCAP Evaluation Report</h1></div></div></nav><div class="container"><div id="content"><div id="introduction"><div class="row"><h2>Guide to the Secure Configuration of SUSE Linux Enterprise 15</h2><blockquote>with profile <mark>Public Cloud Hardening for SUSE Linux Enterprise 15</mark><div class="col-md-12 well well-lg horizontal-scroll"><div class="description profile-description"><small>This profile contains configuration checks to be used to harden
>SUSE Linux Enterprise 15 for use with public cloud providers.</small></div></div></blockquote><div class="col-md-12 well well-lg horizontal-scroll"><div class="front-matter">The SCAP Security Guide Project<br>
>
>    <a href="https://www.open-scap.org/security-policies/scap-security-guide">https://www.open-scap.org/security-policies/scap-security-guide</a>
></div><div class="description">This guide presents a catalog of security-relevant
>configuration settings for SUSE Linux Enterprise 15. It is a rendering of
>content structured in the eXtensible Configuration Checklist Description Format (XCCDF)
>in order to support security automation.  The SCAP content is
>is available in the <code>scap-security-guide</code> package which is developed at
>
>    <a href="https://www.open-scap.org/security-policies/scap-security-guide">https://www.open-scap.org/security-policies/scap-security-guide</a>.
><br><br>
>Providing system administrators with such guidance informs them how to securely
>configure systems under their control in a variety of network roles. Policy
>makers and baseline creators can use this catalog of settings, with its
>associated references to higher-level security control catalogs, in order to
>assist them in security baseline creation. This guide is a <em>catalog, not a
>checklist</em>, and satisfaction of every item is not likely to be possible or
>sensible in many operational scenarios. However, the XCCDF format enables
>granular selection and adjustment of settings, and their association with OVAL
>and OCIL content provides an automated checking capability. Transformations of
>this document, and its associated automated checking content, are capable of
>providing baselines that meet a diverse set of policy objectives. Some example
>XCCDF <em>Profiles</em>, which are selections of items that form checklists and
>can be used as baselines, are available with this guide. They can be
>processed, in an automated fashion, with tools that support the Security
>Content Automation Protocol (SCAP). The DISA STIG, which provides required
>settings for US Department of Defense systems, is one example of a baseline
>created from this guidance.
></div><div class="top-spacer-10"><div class="alert alert-info">Do not attempt to implement any of the settings in
>this guide without first testing them in a non-operational environment. The
>creators of this guidance assume no responsibility whatsoever for its use by
>other parties, and makes no guarantees, expressed or implied, about its
>quality, reliability, or any other characteristic.
></div></div></div></div></div><div id="characteristics"><h2>Evaluation Characteristics</h2><div class="row"><div class="col-md-5 well well-lg horizontal-scroll"><table class="table table-bordered"><tr><th>Evaluation target</th><td>openqa-suse-de-3b72c31b4a85652c.hx3rjvb3hsvuzngwbiedo0hhec.dx.internal.cloudapp.net</td></tr><tr><th>Benchmark URL</th><td>#scap_org.open-scap_comp_ssg-sle15-xccdf.xml</td></tr><tr><th>Benchmark ID</th><td>xccdf_org.ssgproject.content_benchmark_SLE-15</td></tr><tr><th>Benchmark version</th><td>0.1.69</td></tr><tr><th>Profile ID</th><td>xccdf_org.ssgproject.content_profile_pcs-hardening</td></tr><tr><th>Started at</th><td>2023-10-10T09:45:06+00:00</td></tr><tr><th>Finished at</th><td>2023-10-10T09:45:07+00:00</td></tr><tr><th>Performed by</th><td>root</td></tr><tr><th>Test system</th><td>cpe:/a:redhat:openscap:1.3.6</td></tr></table></div><div class="col-md-3 horizontal-scroll"><h4>CPE Platforms</h4><ul class="list-group"><li class="list-group-item"><span class="label label-success" title="CPE platform cpe:/o:suse:linux_enterprise_desktop:15 was found applicable on the evaluated machine">cpe:/o:suse:linux_enterprise_desktop:15</span></li><li class="list-group-item"><span class="label label-success" title="CPE platform cpe:/o:suse:linux_enterprise_server:15 was found applicable on the evaluated machine">cpe:/o:suse:linux_enterprise_server:15</span></li></ul></div><div class="col-md-4 horizontal-scroll"><h4>Addresses</h4><ul class="list-group"><li class="list-group-item"><span class="label label-primary">IPv4</span>
>                            Â 127.0.0.1</li><li class="list-group-item"><span class="label label-primary">IPv4</span>
>                            Â 10.0.1.4</li><li class="list-group-item"><span class="label label-info">IPv6</span>
>                            Â 0:0:0:0:0:0:0:1</li><li class="list-group-item"><span class="label label-info">IPv6</span>
>                            Â fe80:0:0:0:6245:bdff:fe0a:183d</li><li class="list-group-item"><span class="label label-default">MAC</span>
>                            Â 00:00:00:00:00:00</li><li class="list-group-item"><span class="label label-default">MAC</span>
>                            Â 60:45:BD:0A:18:3D</li></ul></div></div></div><div id="compliance-and-scoring"><h2>Compliance and Scoring</h2><div class="alert alert-danger"><strong>The target system did not satisfy the conditions of 4 rules!</strong>
>                    Please review rule results and consider applying remediation.
>                </div><h3>Rule results</h3><div class="progress" title="Displays proportion of passed/fixed, failed/error, and other rules (in that order). There were $not_ignored_rules_count rules taken into account."><div class="progress-bar progress-bar-success" style="width: 97.5155279503106%">157 passed
>                    </div><div class="progress-bar progress-bar-danger" style="width: 2.484472049689441%">4 failed
>                    </div><div class="progress-bar progress-bar-warning" style="width: 0%">0 other
>                    </div></div><h3>Severity of failed rules</h3><div class="progress" title="Displays proportion of high, medium, low, and other severity failed rules (in that order). There were 4 total failed rules."><div class="progress-bar progress-bar-success" style="width: 0%">0 other
>                </div><div class="progress-bar progress-bar-info" style="width: 0%">0 low
>                </div><div class="progress-bar progress-bar-warning" style="width: 100%">4 medium
>                </div><div class="progress-bar progress-bar-danger" style="width: 0%">0 high
>                </div></div><h3 title="As per the XCCDF specification">Score</h3><table class="table table-striped table-bordered"><thead><tr><th>Scoring system</th><th class="text-center">Score</th><th class="text-center">Maximum</th><th class="text-center" style="width: 40%">Percent</th></tr></thead><tbody><tr><td>urn:xccdf:scoring:default</td><td class="text-center">98.680557</td><td class="text-center">100.000000</td><td><div class="progress"><div class="progress-bar progress-bar-success" style="width: 98.680557%">98.68%</div><div class="progress-bar progress-bar-danger" style="width: 1.319443000000007%"></div></div></td></tr></tbody></table></div><div id="rule-overview"><h2>Rule Overview</h2><div class="form-group js-only hidden-print"><div class="row"><div title="Filter rules by their XCCDF result"><div class="col-sm-2 toggle-rule-display-success"><div class="checkbox"><label><input class="toggle-rule-display" type="checkbox" onclick="toggleRuleDisplay(this)" checked value="pass">pass</label></div><div class="checkbox"><label><input class="toggle-rule-display" type="checkbox" onclick="toggleRuleDisplay(this)" checked value="fixed">fixed</label></div><div class="checkbox"><label><input class="toggle-rule-display" type="checkbox" onclick="toggleRuleDisplay(this)" checked value="informational">informational</label></div></div><div class="col-sm-2 toggle-rule-display-danger"><div class="checkbox"><label><input class="toggle-rule-display" type="checkbox" onclick="toggleRuleDisplay(this)" checked value="fail">fail</label></div><div class="checkbox"><label><input class="toggle-rule-display" type="checkbox" onclick="toggleRuleDisplay(this)" checked value="error">error</label></div><div class="checkbox"><label><input class="toggle-rule-display" type="checkbox" onclick="toggleRuleDisplay(this)" checked value="unknown">unknown</label></div></div><div class="col-sm-2 toggle-rule-display-other"><div class="checkbox"><label><input class="toggle-rule-display" type="checkbox" onclick="toggleRuleDisplay(this)" checked value="notchecked">notchecked</label></div><div class="checkbox"><label><input class="toggle-rule-display" type="checkbox" onclick="toggleRuleDisplay(this)" checked value="notapplicable">notapplicable</label></div></div></div><div class="col-sm-6"><div class="input-group"><input type="text" class="form-control" placeholder="Search through XCCDF rules" id="search-input" oninput="ruleSearch()"><div class="input-group-btn"><button class="btn btn-default" onclick="ruleSearch()">Search</button></div></div><p id="search-matches"></p>
>                    Group rules by:
>                    <select name="groupby" onchange="groupRulesBy(value)"><option value="default" selected>Default</option><option value="severity">Severity</option><option value="result">Result</option><option disabled>ââââââââââ</option><option value="NIST SP 800-171">NIST SP 800-171</option><option value="NIST SP 800-53">NIST SP 800-53</option><option value="ANSSI">ANSSI</option><option value="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf</option><option value="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf</option><option value="https://public.cyber.mil/stigs/cci/">https://public.cyber.mil/stigs/cci/</option><option value="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=application-servers">https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=application-servers</option><option value="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os</option><option value="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux</option><option value="https://public.cyber.mil/stigs/srg-stig-tools/">https://public.cyber.mil/stigs/srg-stig-tools/</option><option value="https://www.cisecurity.org/benchmark/suse_linux/">https://www.cisecurity.org/benchmark/suse_linux/</option><option value="https://www.cisecurity.org/controls/">https://www.cisecurity.org/controls/</option><option value="https://www.cyber.gov.au/acsc/view-all-content/ism">https://www.cyber.gov.au/acsc/view-all-content/ism</option><option value="FBI CJIS">FBI CJIS</option><option value="HIPAA">HIPAA</option><option value="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu</option><option value="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat</option><option value="https://www.isaca.org/resources/cobit">https://www.isaca.org/resources/cobit</option><option value="ISO 27001-2013">ISO 27001-2013</option><option value="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx</option><option value="https://www.niap-ccevs.org/Profile/PP.cfm">https://www.niap-ccevs.org/Profile/PP.cfm</option><option value="PCI-DSS Requirement">PCI-DSS Requirement</option></select></div></div></div><table class="treetable table table-bordered"><thead><tr><th>Title</th><th style="width: 120px; text-align: center">Severity</th><th style="width: 120px; text-align: center">Result</th></tr></thead><tbody><tr data-tt-id="xccdf_org.ssgproject.content_benchmark_SLE-15" class="rule-overview-inner-node rule-overview-inner-node-id-xccdf_org.ssgproject.content_benchmark_SLE-15"><td colspan="3" style="padding-left: 0px"><strong>Guide to the Secure Configuration of SUSE Linux Enterprise 15</strong>Â <span class="badge">4x fail</span></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_system" class="rule-overview-inner-node rule-overview-inner-node-id-xccdf_org.ssgproject.content_group_system" data-tt-parent-id="xccdf_org.ssgproject.content_benchmark_SLE-15"><td colspan="3" style="padding-left: 19px"><strong>System Settings</strong>Â <span class="badge">2x fail</span></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_software" class="rule-overview-inner-node rule-overview-inner-node-id-xccdf_org.ssgproject.content_group_software" data-tt-parent-id="xccdf_org.ssgproject.content_group_system"><td colspan="3" style="padding-left: 38px">Installing and Maintaining Software<script>$(document).ready(function(){$('.treetable').treetable("collapseNode","xccdf_org.ssgproject.content_group_software");});</script></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_integrity" class="rule-overview-inner-node rule-overview-inner-node-id-xccdf_org.ssgproject.content_group_integrity" data-tt-parent-id="xccdf_org.ssgproject.content_group_software"><td colspan="3" style="padding-left: 57px">System and Software Integrity<script>$(document).ready(function(){$('.treetable').treetable("collapseNode","xccdf_org.ssgproject.content_group_integrity");});</script></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_software-integrity" class="rule-overview-inner-node rule-overview-inner-node-id-xccdf_org.ssgproject.content_group_software-integrity" data-tt-parent-id="xccdf_org.ssgproject.content_group_integrity"><td colspan="3" style="padding-left: 76px">Software Integrity Checking<script>$(document).ready(function(){$('.treetable').treetable("collapseNode","xccdf_org.ssgproject.content_group_software-integrity");});</script></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_aide" class="rule-overview-inner-node rule-overview-inner-node-id-xccdf_org.ssgproject.content_group_aide" data-tt-parent-id="xccdf_org.ssgproject.content_group_software-integrity"><td colspan="3" style="padding-left: 95px">Verify Integrity with AIDE<script>$(document).ready(function(){$('.treetable').treetable("collapseNode","xccdf_org.ssgproject.content_group_aide");});</script></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_aide_check_audit_tools" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_aide_check_audit_tools" id="rule-overview-leaf-id34292" data-tt-parent-id="xccdf_org.ssgproject.content_group_aide" data-references='{"NIST SP 800-53":["AU-9(3)","AU-9(3).1"],"https://public.cyber.mil/stigs/cci/":["CCI-001496"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000278-GPOS-00108"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux":["SLES-15-030630"],"https://public.cyber.mil/stigs/srg-stig-tools/":["SV-234962r622137_rule"]}'><td style="padding-left: 114px"><a href="#rule-detail-id34292" onclick="return openRuleDetailsDialog('id34292')">Configure AIDE to Verify the Audit Tools</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_aide_periodic_cron_checking" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_aide_periodic_cron_checking" id="rule-overview-leaf-id34293" data-tt-parent-id="xccdf_org.ssgproject.content_group_aide" data-references='{"NIST SP 800-53":["SI-6(d)"],"ANSSI":["BP28(R51)"],"https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf":["11.5.2"],"https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf":["DE.CM-1","DE.CM-7","PR.DS-1","PR.DS-6","PR.DS-8","PR.IP-1","PR.IP-3"],"https://public.cyber.mil/stigs/cci/":["CCI-001744","CCI-002699","CCI-002702"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000363-GPOS-00150","SRG-OS-000446-GPOS-00200","SRG-OS-000447-GPOS-00201"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux":["SLES-15-010420"],"https://public.cyber.mil/stigs/srg-stig-tools/":["SV-234851r622137_rule"],"https://www.cisecurity.org/benchmark/suse_linux/":["1.4.2"],"https://www.cisecurity.org/controls/":["1","11","12","13","14","15","16","2","3","5","7","8","9"],"FBI CJIS":["5.10.1.3"],"https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu":["SR 3.1","SR 3.3","SR 3.4","SR 3.8","SR 4.1","SR 6.2","SR 7.6"],"https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat":["4.3.4.3.2","4.3.4.3.3","4.3.4.4.4"],"https://www.isaca.org/resources/cobit":["APO01.06","BAI01.06","BAI02.01","BAI03.05","BAI06.01","BAI10.01","BAI10.02","BAI10.03","BAI10.05","DSS01.03","DSS03.05","DSS04.07","DSS05.02","DSS05.03","DSS05.05","DSS05.07","DSS06.02","DSS06.06"],"ISO 27001-2013":["A.11.2.4","A.12.1.2","A.12.2.1","A.12.4.1","A.12.5.1","A.12.6.2","A.14.1.2","A.14.1.3","A.14.2.2","A.14.2.3","A.14.2.4","A.14.2.7","A.15.2.1","A.8.2.3"],"PCI-DSS Requirement":["Req-11.5"]}'><td style="padding-left: 114px"><a href="#rule-detail-id34293" onclick="return openRuleDetailsDialog('id34293')">Configure Periodic Execution of AIDE</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_aide_verify_acls" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_aide_verify_acls" id="rule-overview-leaf-id34294" data-tt-parent-id="xccdf_org.ssgproject.content_group_aide" data-references='{"NIST SP 800-53":["SI-7","SI-7(1)","CM-6(a)"],"ANSSI":["BP28(R51)"],"https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf":["PR.DS-6","PR.DS-8"],"https://public.cyber.mil/stigs/cci/":["CCI-000366"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000480-GPOS-00227"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux":["SLES-15-040040"],"https://public.cyber.mil/stigs/srg-stig-tools/":["SV-234986r622137_rule"],"https://www.cisecurity.org/controls/":["2","3"],"https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu":["SR 3.1","SR 3.3","SR 3.4","SR 3.8"],"https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat":["4.3.4.4.4"],"https://www.isaca.org/resources/cobit":["APO01.06","BAI03.05","BAI06.01","DSS06.02"],"ISO 27001-2013":["A.11.2.4","A.12.2.1","A.12.5.1","A.14.1.2","A.14.1.3","A.14.2.4"]}'><td style="padding-left: 114px"><a href="#rule-detail-id34294" onclick="return openRuleDetailsDialog('id34294')">Configure AIDE to Verify Access Control Lists (ACLs)</a></td><td class="rule-severity" style="text-align: center">low</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_aide_verify_ext_attributes" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_aide_verify_ext_attributes" id="rule-overview-leaf-id34295" data-tt-parent-id="xccdf_org.ssgproject.content_group_aide" data-references='{"NIST SP 800-53":["SI-7","SI-7(1)","CM-6(a)"],"ANSSI":["BP28(R51)"],"https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf":["PR.DS-6","PR.DS-8"],"https://public.cyber.mil/stigs/cci/":["CCI-000366"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000480-GPOS-00227"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux":["SLES-15-040050"],"https://public.cyber.mil/stigs/srg-stig-tools/":["SV-234987r622137_rule"],"https://www.cisecurity.org/controls/":["2","3"],"https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu":["SR 3.1","SR 3.3","SR 3.4","SR 3.8"],"https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat":["4.3.4.4.4"],"https://www.isaca.org/resources/cobit":["APO01.06","BAI03.05","BAI06.01","DSS06.02"],"ISO 27001-2013":["A.11.2.4","A.12.2.1","A.12.5.1","A.14.1.2","A.14.1.3","A.14.2.4"]}'><td style="padding-left: 114px"><a href="#rule-detail-id34295" onclick="return openRuleDetailsDialog('id34295')">Configure AIDE to Verify Extended Attributes</a></td><td class="rule-severity" style="text-align: center">low</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_sudo" class="rule-overview-inner-node rule-overview-inner-node-id-xccdf_org.ssgproject.content_group_sudo" data-tt-parent-id="xccdf_org.ssgproject.content_group_software"><td colspan="3" style="padding-left: 57px">Sudo<script>$(document).ready(function(){$('.treetable').treetable("collapseNode","xccdf_org.ssgproject.content_group_sudo");});</script></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_sudo_add_use_pty" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_sudo_add_use_pty" id="rule-overview-leaf-id34296" data-tt-parent-id="xccdf_org.ssgproject.content_group_sudo" data-references='{"ANSSI":["BP28(R58)"],"https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf":["10.2.1.5"],"https://www.cisecurity.org/benchmark/suse_linux/":["1.3.2"],"PCI-DSS Requirement":["Req-10.2.5"]}'><td style="padding-left: 76px"><a href="#rule-detail-id34296" onclick="return openRuleDetailsDialog('id34296')">Ensure Only Users Logged In To Real tty Can Execute Sudo - sudo use_pty</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_sudo_custom_logfile" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_sudo_custom_logfile" id="rule-overview-leaf-id34297" data-tt-parent-id="xccdf_org.ssgproject.content_group_sudo" data-references='{"https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf":["10.2.1.5"],"https://www.cisecurity.org/benchmark/suse_linux/":["1.3.3"],"PCI-DSS Requirement":["Req-10.2.5"]}'><td style="padding-left: 76px"><a href="#rule-detail-id34297" onclick="return openRuleDetailsDialog('id34297')">Ensure Sudo Logfile Exists - sudo logfile</a></td><td class="rule-severity" style="text-align: center">low</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_updating" class="rule-overview-inner-node rule-overview-inner-node-id-xccdf_org.ssgproject.content_group_updating" data-tt-parent-id="xccdf_org.ssgproject.content_group_software"><td colspan="3" style="padding-left: 57px">Updating Software<script>$(document).ready(function(){$('.treetable').treetable("collapseNode","xccdf_org.ssgproject.content_group_updating");});</script></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_ensure_gpgcheck_globally_activated" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_ensure_gpgcheck_globally_activated" id="rule-overview-leaf-id34298" data-tt-parent-id="xccdf_org.ssgproject.content_group_updating" data-references='{"NIST SP 800-171":["3.4.8"],"NIST SP 800-53":["CM-5(3)","SI-7","SC-12","SC-12(3)","CM-6(a)","SA-12","SA-12(10)","CM-11(a)","CM-11(b)"],"ANSSI":["BP28(R15)"],"https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf":["6.3.3"],"https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf":["PR.DS-6","PR.DS-8","PR.IP-1"],"https://public.cyber.mil/stigs/cci/":["CCI-001749"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000366-GPOS-00153"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux":["SLES-15-010430"],"https://public.cyber.mil/stigs/srg-stig-tools/":["SV-234852r622137_rule"],"https://www.cisecurity.org/benchmark/suse_linux/":["1.2.3"],"https://www.cisecurity.org/controls/":["11","2","3","9"],"FBI CJIS":["5.10.4.1"],"HIPAA":["164.308(a)(1)(ii)(D)","164.312(b)","164.312(c)(1)","164.312(c)(2)","164.312(e)(2)(i)"],"https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu":["SR 3.1","SR 3.3","SR 3.4","SR 3.8","SR 7.6"],"https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat":["4.3.4.3.2","4.3.4.3.3","4.3.4.4.4"],"https://www.isaca.org/resources/cobit":["APO01.06","BAI03.05","BAI06.01","BAI10.01","BAI10.02","BAI10.03","BAI10.05","DSS06.02"],"ISO 27001-2013":["A.11.2.4","A.12.1.2","A.12.2.1","A.12.5.1","A.12.6.2","A.14.1.2","A.14.1.3","A.14.2.2","A.14.2.3","A.14.2.4"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FPT_TUD_EXT.1","FPT_TUD_EXT.2"],"PCI-DSS Requirement":["Req-6.2"]}'><td style="padding-left: 76px"><a href="#rule-detail-id34298" onclick="return openRuleDetailsDialog('id34298')">Ensure gpgcheck Enabled In Main zypper Configuration</a></td><td class="rule-severity" style="text-align: center">high</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_accounts" class="rule-overview-inner-node rule-overview-inner-node-id-xccdf_org.ssgproject.content_group_accounts" data-tt-parent-id="xccdf_org.ssgproject.content_group_system"><td colspan="3" style="padding-left: 38px"><strong>Account and Access Control</strong>Â <span class="badge">2x fail</span></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_accounts-banners" class="rule-overview-inner-node rule-overview-inner-node-id-xccdf_org.ssgproject.content_group_accounts-banners" data-tt-parent-id="xccdf_org.ssgproject.content_group_accounts"><td colspan="3" style="padding-left: 57px">Warning Banners for System Accesses<script>$(document).ready(function(){$('.treetable').treetable("collapseNode","xccdf_org.ssgproject.content_group_accounts-banners");});</script></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_banner_etc_issue" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_banner_etc_issue" id="rule-overview-leaf-id34299" data-tt-parent-id="xccdf_org.ssgproject.content_group_accounts-banners" data-references='{"NIST SP 800-171":["3.1.9"],"NIST SP 800-53":["AC-8(a)","AC-8(c)"],"https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf":["PR.AC-7"],"https://public.cyber.mil/stigs/cci/":["CCI-000048","CCI-000050","CCI-001384","CCI-001385","CCI-001386","CCI-001387","CCI-001388"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000023-GPOS-00006","SRG-OS-000228-GPOS-00088"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux":["SLES-15-010020"],"https://public.cyber.mil/stigs/srg-stig-tools/":["SV-234803r622137_rule"],"https://www.cisecurity.org/benchmark/suse_linux/":["1.8.1.2"],"https://www.cisecurity.org/controls/":["1","12","15","16"],"https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu":["SR 1.1","SR 1.10","SR 1.2","SR 1.5","SR 1.7","SR 1.8","SR 1.9"],"https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat":["4.3.3.6.1","4.3.3.6.2","4.3.3.6.3","4.3.3.6.4","4.3.3.6.5","4.3.3.6.6","4.3.3.6.7","4.3.3.6.8","4.3.3.6.9"],"https://www.isaca.org/resources/cobit":["DSS05.04","DSS05.10","DSS06.10"],"ISO 27001-2013":["A.18.1.4","A.9.2.1","A.9.2.4","A.9.3.1","A.9.4.2","A.9.4.3"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FMT_MOF_EXT.1"]}'><td style="padding-left: 76px"><a href="#rule-detail-id34299" onclick="return openRuleDetailsDialog('id34299')">Modify the System Login Banner</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_banner_etc_motd" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_banner_etc_motd" id="rule-overview-leaf-id34300" data-tt-parent-id="xccdf_org.ssgproject.content_group_accounts-banners" data-references='{"https://www.cisecurity.org/benchmark/suse_linux/":["1.8.1.1"]}'><td style="padding-left: 76px"><a href="#rule-detail-id34300" onclick="return openRuleDetailsDialog('id34300')">Modify the System Message of the Day Banner</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_file_groupowner_etc_issue" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_file_groupowner_etc_issue" id="rule-overview-leaf-id34301" data-tt-parent-id="xccdf_org.ssgproject.content_group_accounts-banners" data-references='{"https://www.cisecurity.org/benchmark/suse_linux/":["1.8.1.5"]}'><td style="padding-left: 76px"><a href="#rule-detail-id34301" onclick="return openRuleDetailsDialog('id34301')">Verify Group Ownership of System Login Banner</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_file_owner_etc_issue" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_file_owner_etc_issue" id="rule-overview-leaf-id34302" data-tt-parent-id="xccdf_org.ssgproject.content_group_accounts-banners" data-references='{"https://www.cisecurity.org/benchmark/suse_linux/":["1.8.1.5"]}'><td style="padding-left: 76px"><a href="#rule-detail-id34302" onclick="return openRuleDetailsDialog('id34302')">Verify ownership of System Login Banner</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_accounts-pam" class="rule-overview-inner-node rule-overview-inner-node-id-xccdf_org.ssgproject.content_group_accounts-pam" data-tt-parent-id="xccdf_org.ssgproject.content_group_accounts"><td colspan="3" style="padding-left: 57px">Protect Accounts by Configuring PAM<script>$(document).ready(function(){$('.treetable').treetable("collapseNode","xccdf_org.ssgproject.content_group_accounts-pam");});</script></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_locking_out_password_attempts" class="rule-overview-inner-node rule-overview-inner-node-id-xccdf_org.ssgproject.content_group_locking_out_password_attempts" data-tt-parent-id="xccdf_org.ssgproject.content_group_accounts-pam"><td colspan="3" style="padding-left: 76px">Set Lockouts for Failed Password Attempts<script>$(document).ready(function(){$('.treetable').treetable("collapseNode","xccdf_org.ssgproject.content_group_locking_out_password_attempts");});</script></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_accounts_password_pam_pwhistory_remember" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_accounts_password_pam_pwhistory_remember" id="rule-overview-leaf-id34303" data-tt-parent-id="xccdf_org.ssgproject.content_group_locking_out_password_attempts" data-references='{"https://public.cyber.mil/stigs/cci/":["CCI-000200"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000077-GPOS-00045"],"https://www.cisecurity.org/benchmark/suse_linux/":["5.3.3"]}'><td style="padding-left: 95px"><a href="#rule-detail-id34303" onclick="return openRuleDetailsDialog('id34303')">Limit Password Reuse</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_accounts_passwords_pam_faildelay_delay" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_accounts_passwords_pam_faildelay_delay" id="rule-overview-leaf-id34304" data-tt-parent-id="xccdf_org.ssgproject.content_group_locking_out_password_attempts" data-references='{"https://public.cyber.mil/stigs/cci/":["CCI-000366"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000480-GPOS-00226"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux":["SLES-15-040000"],"https://public.cyber.mil/stigs/srg-stig-tools/":["SV-234982r622137_rule"]}'><td style="padding-left: 95px"><a href="#rule-detail-id34304" onclick="return openRuleDetailsDialog('id34304')">Enforce Delay After Failed Logon Attempts</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_accounts_passwords_pam_tally2" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_accounts_passwords_pam_tally2" id="rule-overview-leaf-id34305" data-tt-parent-id="xccdf_org.ssgproject.content_group_locking_out_password_attempts" data-references='{"https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf":["8.3.4"],"https://public.cyber.mil/stigs/cci/":["CCI-000044"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000021-GPOS-00005"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux":["SLES-15-020010"],"https://public.cyber.mil/stigs/srg-stig-tools/":["SV-234867r622137_rule"],"https://www.cisecurity.org/benchmark/suse_linux/":["5.3.2"],"PCI-DSS Requirement":["Req-8.1.6"]}'><td style="padding-left: 95px"><a href="#rule-detail-id34305" onclick="return openRuleDetailsDialog('id34305')">Set Deny For Failed Password Attempts</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_password_quality" class="rule-overview-inner-node rule-overview-inner-node-id-xccdf_org.ssgproject.content_group_password_quality" data-tt-parent-id="xccdf_org.ssgproject.content_group_accounts-pam"><td colspan="3" style="padding-left: 76px">Set Password Quality Requirements<script>$(document).ready(function(){$('.treetable').treetable("collapseNode","xccdf_org.ssgproject.content_group_password_quality");});</script></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_password_quality_pamcracklib" class="rule-overview-inner-node rule-overview-inner-node-id-xccdf_org.ssgproject.content_group_password_quality_pamcracklib" data-tt-parent-id="xccdf_org.ssgproject.content_group_password_quality"><td colspan="3" style="padding-left: 95px">Set Password Quality Requirements, if using
>pam_cracklib<script>$(document).ready(function(){$('.treetable').treetable("collapseNode","xccdf_org.ssgproject.content_group_password_quality_pamcracklib");});</script></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_cracklib_accounts_password_pam_dcredit" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_cracklib_accounts_password_pam_dcredit" id="rule-overview-leaf-id34306" data-tt-parent-id="xccdf_org.ssgproject.content_group_password_quality_pamcracklib" data-references='{"https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf":["8.3.6"],"https://public.cyber.mil/stigs/cci/":["CCI-000194"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000071-GPOS-00039"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux":["SLES-15-020150"],"https://public.cyber.mil/stigs/srg-stig-tools/":["SV-234884r622137_rule"],"https://www.cisecurity.org/benchmark/suse_linux/":["5.3.1"],"PCI-DSS Requirement":["Req-8.2.3"]}'><td style="padding-left: 114px"><a href="#rule-detail-id34306" onclick="return openRuleDetailsDialog('id34306')">Set Password Strength Minimum Digit Characters</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_cracklib_accounts_password_pam_difok" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_cracklib_accounts_password_pam_difok" id="rule-overview-leaf-id34307" data-tt-parent-id="xccdf_org.ssgproject.content_group_password_quality_pamcracklib" data-references='{"NIST SP 800-53":["IA-5(1).1(v)","IA-5(1)(b)"],"https://public.cyber.mil/stigs/cci/":["CCI-000195"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000072-GPOS-00040"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux":["SLES-15-020160"],"https://public.cyber.mil/stigs/srg-stig-tools/":["SV-234885r622137_rule"]}'><td style="padding-left: 114px"><a href="#rule-detail-id34307" onclick="return openRuleDetailsDialog('id34307')">Set Password Strength Minimum Different Characters</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_cracklib_accounts_password_pam_lcredit" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_cracklib_accounts_password_pam_lcredit" id="rule-overview-leaf-id34308" data-tt-parent-id="xccdf_org.ssgproject.content_group_password_quality_pamcracklib" data-references='{"NIST SP 800-53":["IA-5(1)(a)","IA-5(1).1(v)"],"https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf":["8.3.6"],"https://public.cyber.mil/stigs/cci/":["CCI-000193"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000070-GPOS-00038"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux":["SLES-15-020140"],"https://public.cyber.mil/stigs/srg-stig-tools/":["SV-234883r622137_rule"],"https://www.cisecurity.org/benchmark/suse_linux/":["5.3.1"],"PCI-DSS Requirement":["Req-8.2.3"]}'><td style="padding-left: 114px"><a href="#rule-detail-id34308" onclick="return openRuleDetailsDialog('id34308')">Set Password Strength Minimum Lowercase Characters</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_cracklib_accounts_password_pam_minlen" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_cracklib_accounts_password_pam_minlen" id="rule-overview-leaf-id34309" data-tt-parent-id="xccdf_org.ssgproject.content_group_password_quality_pamcracklib" data-references='{"https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf":["8.3.6"],"https://public.cyber.mil/stigs/cci/":["CCI-000205"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000078-GPOS-00046"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux":["SLES-15-020260"],"https://public.cyber.mil/stigs/srg-stig-tools/":["SV-234895r622137_rule"],"https://www.cisecurity.org/benchmark/suse_linux/":["5.3.1"],"PCI-DSS Requirement":["Req-8.2.3"]}'><td style="padding-left: 114px"><a href="#rule-detail-id34309" onclick="return openRuleDetailsDialog('id34309')">Set Password Minimum Length</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_cracklib_accounts_password_pam_ocredit" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_cracklib_accounts_password_pam_ocredit" id="rule-overview-leaf-id34310" data-tt-parent-id="xccdf_org.ssgproject.content_group_password_quality_pamcracklib" data-references='{"NIST SP 800-53":["IA-5(a)","IA-5(v)"],"https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf":["8.3.6"],"https://public.cyber.mil/stigs/cci/":["CCI-001619"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000266-GPOS-00101"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux":["SLES-15-020270"],"https://public.cyber.mil/stigs/srg-stig-tools/":["SV-234896r622137_rule"],"https://www.cisecurity.org/benchmark/suse_linux/":["5.3.1"],"PCI-DSS Requirement":["Req-8.2.3"]}'><td style="padding-left: 114px"><a href="#rule-detail-id34310" onclick="return openRuleDetailsDialog('id34310')">Set Password Strength Minimum Special Characters</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_cracklib_accounts_password_pam_retry" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_cracklib_accounts_password_pam_retry" id="rule-overview-leaf-id34311" data-tt-parent-id="xccdf_org.ssgproject.content_group_password_quality_pamcracklib" data-references='{"https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf":["8.3.4"],"https://public.cyber.mil/stigs/cci/":["CCI-000366"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000480-GPOS-00225"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux":["SLES-15-020290"],"https://public.cyber.mil/stigs/srg-stig-tools/":["SV-234897r622137_rule"],"https://www.cisecurity.org/benchmark/suse_linux/":["5.3.1"],"PCI-DSS Requirement":["Req-8.1.6","Req-8.1.7"]}'><td style="padding-left: 114px"><a href="#rule-detail-id34311" onclick="return openRuleDetailsDialog('id34311')">Set Password Retry Limit</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_cracklib_accounts_password_pam_ucredit" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_cracklib_accounts_password_pam_ucredit" id="rule-overview-leaf-id34312" data-tt-parent-id="xccdf_org.ssgproject.content_group_password_quality_pamcracklib" data-references='{"NIST SP 800-53":["IA-5(1)(a)","IA-5(1).1(v)"],"https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf":["8.3.6"],"https://public.cyber.mil/stigs/cci/":["CCI-000192"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000069-GPOS-00037"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux":["SLES-15-020130"],"https://public.cyber.mil/stigs/srg-stig-tools/":["SV-234882r622137_rule"],"https://www.cisecurity.org/benchmark/suse_linux/":["5.3.1"],"PCI-DSS Requirement":["Req-8.2.3"]}'><td style="padding-left: 114px"><a href="#rule-detail-id34312" onclick="return openRuleDetailsDialog('id34312')">Set Password Strength Minimum Uppercase Characters</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_set_password_hashing_algorithm" class="rule-overview-inner-node rule-overview-inner-node-id-xccdf_org.ssgproject.content_group_set_password_hashing_algorithm" data-tt-parent-id="xccdf_org.ssgproject.content_group_accounts-pam"><td colspan="3" style="padding-left: 76px">Set Password Hashing Algorithm<script>$(document).ready(function(){$('.treetable').treetable("collapseNode","xccdf_org.ssgproject.content_group_set_password_hashing_algorithm");});</script></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_set_password_hashing_algorithm_commonauth" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_set_password_hashing_algorithm_commonauth" id="rule-overview-leaf-id34313" data-tt-parent-id="xccdf_org.ssgproject.content_group_set_password_hashing_algorithm" data-references='{"NIST SP 800-53":["IA-7","IA-7.1"],"https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf":["8.3.2"],"https://public.cyber.mil/stigs/cci/":["CCI-000803"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000120-GPOS-00061"],"PCI-DSS Requirement":["Req-8.2.1"]}'><td style="padding-left: 95px"><a href="#rule-detail-id34313" onclick="return openRuleDetailsDialog('id34313')">Set PAM's Common Authentication Hashing Algorithm</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_set_password_hashing_algorithm_systemauth" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_set_password_hashing_algorithm_systemauth" id="rule-overview-leaf-id34314" data-tt-parent-id="xccdf_org.ssgproject.content_group_set_password_hashing_algorithm" data-references='{"NIST SP 800-171":["3.13.11"],"NIST SP 800-53":["IA-5(c)","IA-5(1)(c)","CM-6(a)"],"ANSSI":["BP28(R32)"],"https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf":["8.3.2"],"https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf":["PR.AC-1","PR.AC-6","PR.AC-7"],"https://public.cyber.mil/stigs/cci/":["CCI-000196","CCI-000803"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000073-GPOS-00041","SRG-OS-000120-GPOS-00061"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux":["SLES-15-020170"],"https://public.cyber.mil/stigs/srg-stig-tools/":["SV-234886r622137_rule"],"https://www.cisecurity.org/controls/":["1","12","15","16","5"],"https://www.cyber.gov.au/acsc/view-all-content/ism":["0418","1055","1402"],"FBI CJIS":["5.6.2.2"],"https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu":["SR 1.1","SR 1.10","SR 1.2","SR 1.3","SR 1.4","SR 1.5","SR 1.7","SR 1.8","SR 1.9","SR 2.1"],"https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat":["4.3.3.2.2","4.3.3.5.1","4.3.3.5.2","4.3.3.6.1","4.3.3.6.2","4.3.3.6.3","4.3.3.6.4","4.3.3.6.5","4.3.3.6.6","4.3.3.6.7","4.3.3.6.8","4.3.3.6.9","4.3.3.7.2","4.3.3.7.4"],"https://www.isaca.org/resources/cobit":["DSS05.04","DSS05.05","DSS05.07","DSS05.10","DSS06.03","DSS06.10"],"ISO 27001-2013":["A.18.1.4","A.7.1.1","A.9.2.1","A.9.2.2","A.9.2.3","A.9.2.4","A.9.2.6","A.9.3.1","A.9.4.2","A.9.4.3"],"PCI-DSS Requirement":["Req-8.2.1"]}'><td style="padding-left: 95px"><a href="#rule-detail-id34314" onclick="return openRuleDetailsDialog('id34314')">Set PAM''s Password Hashing Algorithm</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_display_login_attempts" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_display_login_attempts" id="rule-overview-leaf-id34315" data-tt-parent-id="xccdf_org.ssgproject.content_group_accounts-pam" data-references='{"NIST SP 800-53":["AC-9","AC-9(1)"],"https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf":["10.2.1.4"],"https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf":["PR.AC-7"],"https://public.cyber.mil/stigs/cci/":["CCI-000052"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000480-GPOS-00227"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux":["SLES-15-020080"],"https://public.cyber.mil/stigs/srg-stig-tools/":["SV-234873r622137_rule"],"https://www.cisecurity.org/controls/":["1","12","15","16"],"https://www.cyber.gov.au/acsc/view-all-content/ism":["0582","0584","05885","0586","0846","0957"],"FBI CJIS":["5.5.2"],"https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu":["SR 1.1","SR 1.10","SR 1.2","SR 1.5","SR 1.7","SR 1.8","SR 1.9"],"https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat":["4.3.3.6.1","4.3.3.6.2","4.3.3.6.3","4.3.3.6.4","4.3.3.6.5","4.3.3.6.6","4.3.3.6.7","4.3.3.6.8","4.3.3.6.9"],"https://www.isaca.org/resources/cobit":["DSS05.04","DSS05.10","DSS06.10"],"ISO 27001-2013":["A.18.1.4","A.9.2.1","A.9.2.4","A.9.3.1","A.9.4.2","A.9.4.3"],"PCI-DSS Requirement":["Req-10.2.4"]}'><td style="padding-left: 76px"><a href="#rule-detail-id34315" onclick="return openRuleDetailsDialog('id34315')">Ensure PAM Displays Last Logon/Access Notification</a></td><td class="rule-severity" style="text-align: center">low</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_accounts-physical" class="rule-overview-inner-node rule-overview-inner-node-id-xccdf_org.ssgproject.content_group_accounts-physical" data-tt-parent-id="xccdf_org.ssgproject.content_group_accounts"><td colspan="3" style="padding-left: 57px">Protect Physical Console Access<script>$(document).ready(function(){$('.treetable').treetable("collapseNode","xccdf_org.ssgproject.content_group_accounts-physical");});</script></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_screen_locking" class="rule-overview-inner-node rule-overview-inner-node-id-xccdf_org.ssgproject.content_group_screen_locking" data-tt-parent-id="xccdf_org.ssgproject.content_group_accounts-physical"><td colspan="3" style="padding-left: 76px">Configure Screen Locking<script>$(document).ready(function(){$('.treetable').treetable("collapseNode","xccdf_org.ssgproject.content_group_screen_locking");});</script></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_smart_card_login" class="rule-overview-inner-node rule-overview-inner-node-id-xccdf_org.ssgproject.content_group_smart_card_login" data-tt-parent-id="xccdf_org.ssgproject.content_group_screen_locking"><td colspan="3" style="padding-left: 95px">Hardware Tokens for Authentication<script>$(document).ready(function(){$('.treetable').treetable("collapseNode","xccdf_org.ssgproject.content_group_smart_card_login");});</script></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_smartcard_configure_ca" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_smartcard_configure_ca" id="rule-overview-leaf-id34316" data-tt-parent-id="xccdf_org.ssgproject.content_group_smart_card_login" data-references='{"https://public.cyber.mil/stigs/cci/":["CCI-000185","CCI-001991"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000066-GPOS-00034","SRG-OS-000384-GPOS-00167"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux":["SLES-15-010170"],"https://public.cyber.mil/stigs/srg-stig-tools/":["SV-234817r622137_rule"]}'><td style="padding-left: 114px"><a href="#rule-detail-id34316" onclick="return openRuleDetailsDialog('id34316')">Configure Smart Card Certificate Authority Validation</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_smartcard_configure_cert_checking" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_smartcard_configure_cert_checking" id="rule-overview-leaf-id34317" data-tt-parent-id="xccdf_org.ssgproject.content_group_smart_card_login" data-references='{"https://public.cyber.mil/stigs/cci/":["CCI-001948","CCI-001953","CCI-001954"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000375-GPOS-00160","SRG-OS-000376-GPOS-00161","SRG-OS-000377-GPOS-00162","SRG-OS-000384-GPOS-00167"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux":["SLES-15-010470"],"https://public.cyber.mil/stigs/srg-stig-tools/":["SV-234855r622137_rule"]}'><td style="padding-left: 114px"><a href="#rule-detail-id34317" onclick="return openRuleDetailsDialog('id34317')">Configure Smart Card Certificate Status Checking</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_disable_ctrlaltdel_burstaction" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_disable_ctrlaltdel_burstaction" id="rule-overview-leaf-id34318" data-tt-parent-id="xccdf_org.ssgproject.content_group_accounts-physical" data-references='{"NIST SP 800-171":["3.4.5"],"NIST SP 800-53":["CM-6(b)","CM-6.1(iv)"],"https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf":["PR.AC-4","PR.DS-5"],"https://public.cyber.mil/stigs/cci/":["CCI-000366"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000324-GPOS-00125","SRG-OS-000480-GPOS-00227"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux":["SLES-15-040062"],"https://public.cyber.mil/stigs/srg-stig-tools/":["SV-234990r622137_rule"],"https://www.cisecurity.org/controls/":["12","13","14","15","16","18","3","5"],"HIPAA":["164.308(a)(1)(ii)(B)","164.308(a)(7)(i)","164.308(a)(7)(ii)(A)","164.310(a)(1)","164.310(a)(2)(i)","164.310(a)(2)(ii)","164.310(a)(2)(iii)","164.310(b)","164.310(c)","164.310(d)(1)","164.310(d)(2)(iii)"],"https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu":["SR 2.1","SR 5.2"],"https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat":["4.3.3.7.3"],"https://www.isaca.org/resources/cobit":["APO01.06","DSS05.04","DSS05.07","DSS06.02"],"ISO 27001-2013":["A.10.1.1","A.11.1.4","A.11.1.5","A.11.2.1","A.13.1.1","A.13.1.3","A.13.2.1","A.13.2.3","A.13.2.4","A.14.1.2","A.14.1.3","A.6.1.2","A.7.1.1","A.7.1.2","A.7.3.1","A.8.2.2","A.8.2.3","A.9.1.1","A.9.1.2","A.9.2.3","A.9.4.1","A.9.4.4","A.9.4.5"],"https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx":["CIP-003-8 R5.1.1","CIP-003-8 R5.3","CIP-004-6 R2.3","CIP-007-3 R2.1","CIP-007-3 R2.2","CIP-007-3 R2.3","CIP-007-3 R5.1","CIP-007-3 R5.1.1","CIP-007-3 R5.1.2"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.2"]}'><td style="padding-left: 76px"><a href="#rule-detail-id34318" onclick="return openRuleDetailsDialog('id34318')">Disable Ctrl-Alt-Del Burst Action</a></td><td class="rule-severity" style="text-align: center">high</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_accounts-restrictions" class="rule-overview-inner-node rule-overview-inner-node-id-xccdf_org.ssgproject.content_group_accounts-restrictions" data-tt-parent-id="xccdf_org.ssgproject.content_group_accounts"><td colspan="3" style="padding-left: 57px"><strong>Protect Accounts by Restricting Password-Based Login</strong>Â <span class="badge">2x fail</span></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_account_expiration" class="rule-overview-inner-node rule-overview-inner-node-id-xccdf_org.ssgproject.content_group_account_expiration" data-tt-parent-id="xccdf_org.ssgproject.content_group_accounts-restrictions"><td colspan="3" style="padding-left: 76px">Set Account Expiration Parameters<script>$(document).ready(function(){$('.treetable').treetable("collapseNode","xccdf_org.ssgproject.content_group_account_expiration");});</script></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_account_disable_post_pw_expiration" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_account_disable_post_pw_expiration" id="rule-overview-leaf-id34319" data-tt-parent-id="xccdf_org.ssgproject.content_group_account_expiration" data-references='{"NIST SP 800-171":["3.5.6"],"NIST SP 800-53":["IA-4(e)","AC-2(3)","CM-6(a)"],"https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf":["8.2.6"],"https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf":["DE.CM-1","DE.CM-3","PR.AC-1","PR.AC-4","PR.AC-6","PR.AC-7"],"https://public.cyber.mil/stigs/cci/":["CCI-000017","CCI-000795"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000118-GPOS-00060"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux":["SLES-15-020050"],"https://public.cyber.mil/stigs/srg-stig-tools/":["SV-234871r622137_rule"],"https://www.cisecurity.org/benchmark/suse_linux/":["5.4.1.5"],"https://www.cisecurity.org/controls/":["1","12","13","14","15","16","18","3","5","7","8"],"FBI CJIS":["5.6.2.1.1"],"https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu":["SR 1.1","SR 1.10","SR 1.2","SR 1.3","SR 1.4","SR 1.5","SR 1.7","SR 1.8","SR 1.9","SR 2.1","SR 6.2"],"https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat":["4.3.3.2.2","4.3.3.5.1","4.3.3.5.2","4.3.3.6.1","4.3.3.6.2","4.3.3.6.3","4.3.3.6.4","4.3.3.6.5","4.3.3.6.6","4.3.3.6.7","4.3.3.6.8","4.3.3.6.9","4.3.3.7.2","4.3.3.7.3","4.3.3.7.4"],"https://www.isaca.org/resources/cobit":["DSS01.03","DSS03.05","DSS05.04","DSS05.05","DSS05.07","DSS05.10","DSS06.03","DSS06.10"],"ISO 27001-2013":["A.12.4.1","A.12.4.3","A.18.1.4","A.6.1.2","A.7.1.1","A.9.1.2","A.9.2.1","A.9.2.2","A.9.2.3","A.9.2.4","A.9.2.6","A.9.3.1","A.9.4.1","A.9.4.2","A.9.4.3","A.9.4.4","A.9.4.5"],"https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx":["CIP-004-6 R2.2.2","CIP-004-6 R2.2.3","CIP-007-3 R.1.3","CIP-007-3 R5","CIP-007-3 R5.1.1","CIP-007-3 R5.1.3","CIP-007-3 R5.2.1","CIP-007-3 R5.2.3"],"PCI-DSS Requirement":["Req-8.1.4"]}'><td style="padding-left: 95px"><a href="#rule-detail-id34319" onclick="return openRuleDetailsDialog('id34319')">Set Account Expiration Following Inactivity</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_password_expiration" class="rule-overview-inner-node rule-overview-inner-node-id-xccdf_org.ssgproject.content_group_password_expiration" data-tt-parent-id="xccdf_org.ssgproject.content_group_accounts-restrictions"><td colspan="3" style="padding-left: 76px"><strong>Set Password Expiration Parameters</strong>Â <span class="badge">2x fail</span></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_accounts_maximum_age_login_defs" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_accounts_maximum_age_login_defs" id="rule-overview-leaf-id34320" data-tt-parent-id="xccdf_org.ssgproject.content_group_password_expiration" data-references='{"NIST SP 800-171":["3.5.6"],"NIST SP 800-53":["IA-5(f)","IA-5(1)(d)","CM-6(a)"],"ANSSI":["BP28(R18)"],"https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf":["8.3.10.1"],"https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf":["PR.AC-1","PR.AC-6","PR.AC-7"],"https://public.cyber.mil/stigs/cci/":["CCI-000199"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000076-GPOS-00044"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux":["SLES-15-020220"],"https://public.cyber.mil/stigs/srg-stig-tools/":["SV-234891r622137_rule"],"https://www.cisecurity.org/benchmark/suse_linux/":["5.4.1.2"],"https://www.cisecurity.org/controls/":["1","12","15","16","5"],"https://www.cyber.gov.au/acsc/view-all-content/ism":["0418","1055","1402"],"FBI CJIS":["5.6.2.1"],"https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu":["SR 1.1","SR 1.10","SR 1.2","SR 1.3","SR 1.4","SR 1.5","SR 1.7","SR 1.8","SR 1.9","SR 2.1"],"https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat":["4.3.3.2.2","4.3.3.5.1","4.3.3.5.2","4.3.3.6.1","4.3.3.6.2","4.3.3.6.3","4.3.3.6.4","4.3.3.6.5","4.3.3.6.6","4.3.3.6.7","4.3.3.6.8","4.3.3.6.9","4.3.3.7.2","4.3.3.7.4"],"https://www.isaca.org/resources/cobit":["DSS05.04","DSS05.05","DSS05.07","DSS05.10","DSS06.03","DSS06.10"],"ISO 27001-2013":["A.18.1.4","A.7.1.1","A.9.2.1","A.9.2.2","A.9.2.3","A.9.2.4","A.9.2.6","A.9.3.1","A.9.4.2","A.9.4.3"],"PCI-DSS Requirement":["Req-8.2.4"]}'><td style="padding-left: 95px"><a href="#rule-detail-id34320" onclick="return openRuleDetailsDialog('id34320')">Set Password Maximum Age</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_accounts_minimum_age_login_defs" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_accounts_minimum_age_login_defs" id="rule-overview-leaf-id34321" data-tt-parent-id="xccdf_org.ssgproject.content_group_password_expiration" data-references='{"NIST SP 800-171":["3.5.8"],"NIST SP 800-53":["IA-5(1)(d)","IA-5(1).1(v)"],"https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf":["8.3.9"],"https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf":["PR.AC-1","PR.AC-6","PR.AC-7"],"https://public.cyber.mil/stigs/cci/":["CCI-000198"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000075-GPOS-00043"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux":["SLES-15-020200"],"https://public.cyber.mil/stigs/srg-stig-tools/":["SV-234889r622137_rule"],"https://www.cisecurity.org/benchmark/suse_linux/":["5.4.1.3"],"https://www.cisecurity.org/controls/":["1","12","15","16","5"],"https://www.cyber.gov.au/acsc/view-all-content/ism":["0418","1055","1402"],"FBI CJIS":["5.6.2.1.1"],"https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu":["SR 1.1","SR 1.10","SR 1.2","SR 1.3","SR 1.4","SR 1.5","SR 1.7","SR 1.8","SR 1.9","SR 2.1"],"https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat":["4.3.3.2.2","4.3.3.5.1","4.3.3.5.2","4.3.3.6.1","4.3.3.6.2","4.3.3.6.3","4.3.3.6.4","4.3.3.6.5","4.3.3.6.6","4.3.3.6.7","4.3.3.6.8","4.3.3.6.9","4.3.3.7.2","4.3.3.7.4"],"https://www.isaca.org/resources/cobit":["DSS05.04","DSS05.05","DSS05.07","DSS05.10","DSS06.03","DSS06.10"],"ISO 27001-2013":["A.18.1.4","A.7.1.1","A.9.2.1","A.9.2.2","A.9.2.3","A.9.2.4","A.9.2.6","A.9.3.1","A.9.4.2","A.9.4.3"]}'><td style="padding-left: 95px"><a href="#rule-detail-id34321" onclick="return openRuleDetailsDialog('id34321')">Set Password Minimum Age</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_accounts_password_set_max_life_existing" class="rule-overview-leaf rule-overview-leaf-fail rule-overview-needs-attention" id="rule-overview-leaf-id34322" data-tt-parent-id="xccdf_org.ssgproject.content_group_password_expiration" data-references='{"NIST SP 800-53":["IA-5(f)","IA-5(1)(d)","CM-6(a)"],"https://public.cyber.mil/stigs/cci/":["CCI-000199"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000076-GPOS-00044"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux":["SLES-15-020230"],"https://public.cyber.mil/stigs/srg-stig-tools/":["SV-234892r622137_rule"],"https://www.cisecurity.org/benchmark/suse_linux/":["5.4.1.2"]}'><td style="padding-left: 95px"><a href="#rule-detail-id34322" onclick="return openRuleDetailsDialog('id34322')">Set Existing Passwords Maximum Age</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-fail"><div><abbr title="The target system or system component did not satisfy at least one condition of the rule.">fail</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_accounts_password_set_min_life_existing" class="rule-overview-leaf rule-overview-leaf-fail rule-overview-needs-attention" id="rule-overview-leaf-id34323" data-tt-parent-id="xccdf_org.ssgproject.content_group_password_expiration" data-references='{"NIST SP 800-53":["IA-5(1).1(v)"],"https://public.cyber.mil/stigs/cci/":["CCI-000198"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000075-GPOS-00043"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux":["SLES-15-020210"],"https://public.cyber.mil/stigs/srg-stig-tools/":["SV-234890r622137_rule"],"https://www.cisecurity.org/benchmark/suse_linux/":["5.4.1.3"]}'><td style="padding-left: 95px"><a href="#rule-detail-id34323" onclick="return openRuleDetailsDialog('id34323')">Set Existing Passwords Minimum Age</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-fail"><div><abbr title="The target system or system component did not satisfy at least one condition of the rule.">fail</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_root_logins" class="rule-overview-inner-node rule-overview-inner-node-id-xccdf_org.ssgproject.content_group_root_logins" data-tt-parent-id="xccdf_org.ssgproject.content_group_accounts-restrictions"><td colspan="3" style="padding-left: 76px">Restrict Root Logins<script>$(document).ready(function(){$('.treetable').treetable("collapseNode","xccdf_org.ssgproject.content_group_root_logins");});</script></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_no_direct_root_logins" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_no_direct_root_logins" id="rule-overview-leaf-id34324" data-tt-parent-id="xccdf_org.ssgproject.content_group_root_logins" data-references='{"NIST SP 800-171":["3.1.1","3.1.6"],"NIST SP 800-53":["IA-2","CM-6(a)"],"ANSSI":["BP28(R19)"],"https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf":["8.6.1"],"https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf":["PR.AC-1","PR.AC-6","PR.AC-7"],"https://www.cisecurity.org/benchmark/suse_linux/":["5.5"],"https://www.cisecurity.org/controls/":["1","12","15","16","5"],"HIPAA":["164.308(a)(1)(ii)(B)","164.308(a)(7)(i)","164.308(a)(7)(ii)(A)","164.310(a)(1)","164.310(a)(2)(i)","164.310(a)(2)(ii)","164.310(a)(2)(iii)","164.310(b)","164.310(c)","164.310(d)(1)","164.310(d)(2)(iii)"],"https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu":["SR 1.1","SR 1.10","SR 1.2","SR 1.3","SR 1.4","SR 1.5","SR 1.7","SR 1.8","SR 1.9","SR 2.1"],"https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat":["4.3.3.2.2","4.3.3.5.1","4.3.3.5.2","4.3.3.6.1","4.3.3.6.2","4.3.3.6.3","4.3.3.6.4","4.3.3.6.5","4.3.3.6.6","4.3.3.6.7","4.3.3.6.8","4.3.3.6.9","4.3.3.7.2","4.3.3.7.4"],"https://www.isaca.org/resources/cobit":["DSS05.04","DSS05.05","DSS05.07","DSS05.10","DSS06.03","DSS06.10"],"ISO 27001-2013":["A.18.1.4","A.7.1.1","A.9.2.1","A.9.2.2","A.9.2.3","A.9.2.4","A.9.2.6","A.9.3.1","A.9.4.2","A.9.4.3"],"https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx":["CIP-003-8 R5.1.1","CIP-003-8 R5.3","CIP-004-6 R2.2.3","CIP-004-6 R2.3","CIP-007-3 R5.1","CIP-007-3 R5.1.2","CIP-007-3 R5.2","CIP-007-3 R5.3.1","CIP-007-3 R5.3.2","CIP-007-3 R5.3.3"]}'><td style="padding-left: 95px"><a href="#rule-detail-id34324" onclick="return openRuleDetailsDialog('id34324')">Direct root Logins Not Allowed</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_accounts-session" class="rule-overview-inner-node rule-overview-inner-node-id-xccdf_org.ssgproject.content_group_accounts-session" data-tt-parent-id="xccdf_org.ssgproject.content_group_accounts"><td colspan="3" style="padding-left: 57px">Secure Session Configuration Files for Login Accounts<script>$(document).ready(function(){$('.treetable').treetable("collapseNode","xccdf_org.ssgproject.content_group_accounts-session");});</script></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_user_umask" class="rule-overview-inner-node rule-overview-inner-node-id-xccdf_org.ssgproject.content_group_user_umask" data-tt-parent-id="xccdf_org.ssgproject.content_group_accounts-session"><td colspan="3" style="padding-left: 76px">Ensure that Users Have Sensible Umask Values<script>$(document).ready(function(){$('.treetable').treetable("collapseNode","xccdf_org.ssgproject.content_group_user_umask");});</script></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_accounts_umask_etc_login_defs" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_accounts_umask_etc_login_defs" id="rule-overview-leaf-id34325" data-tt-parent-id="xccdf_org.ssgproject.content_group_user_umask" data-references='{"NIST SP 800-53":["AC-6(1)","CM-6(a)"],"ANSSI":["BP28(R35)"],"https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf":["8.6.1"],"https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf":["PR.IP-1","PR.IP-2"],"https://public.cyber.mil/stigs/cci/":["CCI-000366"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000480-GPOS-00228"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux":["SLES-15-040420"],"https://public.cyber.mil/stigs/srg-stig-tools/":["SV-235030r622137_rule"],"https://www.cisecurity.org/benchmark/suse_linux/":["5.4.5"],"https://www.cisecurity.org/controls/":["11","18","3","9"],"https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu":["SR 7.6"],"https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat":["4.3.4.3.2","4.3.4.3.3"],"https://www.isaca.org/resources/cobit":["APO13.01","BAI03.01","BAI03.02","BAI03.03","BAI10.01","BAI10.02","BAI10.03","BAI10.05"],"ISO 27001-2013":["A.12.1.2","A.12.5.1","A.12.6.2","A.14.1.1","A.14.2.1","A.14.2.2","A.14.2.3","A.14.2.4","A.14.2.5","A.6.1.5"],"https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx":["CIP-003-8 R5.1.1","CIP-003-8 R5.3","CIP-004-6 R2.3","CIP-007-3 R2.1","CIP-007-3 R2.2","CIP-007-3 R2.3","CIP-007-3 R5.1","CIP-007-3 R5.1.1","CIP-007-3 R5.1.2"]}'><td style="padding-left: 95px"><a href="#rule-detail-id34325" onclick="return openRuleDetailsDialog('id34325')">Ensure the Default Umask is Set Correctly in login.defs</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_accounts_umask_etc_profile" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_accounts_umask_etc_profile" id="rule-overview-leaf-id34326" data-tt-parent-id="xccdf_org.ssgproject.content_group_user_umask" data-references='{"NIST SP 800-53":["AC-6(1)","CM-6(a)"],"ANSSI":["BP28(R35)"],"https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf":["8.6.1"],"https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf":["PR.IP-2"],"https://public.cyber.mil/stigs/cci/":["CCI-000366"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000480-GPOS-00228","SRG-OS-000480-GPOS-00227"],"https://www.cisecurity.org/benchmark/suse_linux/":["5.4.5"],"https://www.cisecurity.org/controls/":["18"],"https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat":["4.3.4.3.3"],"https://www.isaca.org/resources/cobit":["APO13.01","BAI03.01","BAI03.02","BAI03.03"],"ISO 27001-2013":["A.14.1.1","A.14.2.1","A.14.2.5","A.6.1.5"],"https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx":["CIP-003-8 R5.1.1","CIP-003-8 R5.3","CIP-004-6 R2.3","CIP-007-3 R2.1","CIP-007-3 R2.2","CIP-007-3 R2.3","CIP-007-3 R5.1","CIP-007-3 R5.1.1","CIP-007-3 R5.1.2"]}'><td style="padding-left: 95px"><a href="#rule-detail-id34326" onclick="return openRuleDetailsDialog('id34326')">Ensure the Default Umask is Set Correctly in /etc/profile</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_accounts_have_homedir_login_defs" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_accounts_have_homedir_login_defs" id="rule-overview-leaf-id34327" data-tt-parent-id="xccdf_org.ssgproject.content_group_accounts-session" data-references='{"https://public.cyber.mil/stigs/cci/":["CCI-000366"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000480-GPOS-00227"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux":["SLES-15-020110"],"https://public.cyber.mil/stigs/srg-stig-tools/":["SV-234880r622137_rule"]}'><td style="padding-left: 76px"><a href="#rule-detail-id34327" onclick="return openRuleDetailsDialog('id34327')">Ensure Home Directories are Created for New Users</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_accounts_tmout" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_accounts_tmout" id="rule-overview-leaf-id34328" data-tt-parent-id="xccdf_org.ssgproject.content_group_accounts-session" data-references='{"NIST SP 800-171":["3.1.11"],"NIST SP 800-53":["AC-12","SC-10","AC-2(5)","CM-6(a)"],"ANSSI":["BP28(R29)"],"https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf":["8.6.1"],"https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf":["PR.AC-7"],"https://public.cyber.mil/stigs/cci/":["CCI-000057","CCI-001133","CCI-002361"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000163-GPOS-00072","SRG-OS-000029-GPOS-00010"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux":["SLES-15-010130"],"https://public.cyber.mil/stigs/srg-stig-tools/":["SV-234813r622137_rule"],"https://www.cisecurity.org/benchmark/suse_linux/":["5.4.4"],"https://www.cisecurity.org/controls/":["1","12","15","16"],"https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu":["SR 1.1","SR 1.10","SR 1.2","SR 1.5","SR 1.7","SR 1.8","SR 1.9"],"https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat":["4.3.3.6.1","4.3.3.6.2","4.3.3.6.3","4.3.3.6.4","4.3.3.6.5","4.3.3.6.6","4.3.3.6.7","4.3.3.6.8","4.3.3.6.9"],"https://www.isaca.org/resources/cobit":["DSS05.04","DSS05.10","DSS06.10"],"ISO 27001-2013":["A.18.1.4","A.9.2.1","A.9.2.4","A.9.3.1","A.9.4.2","A.9.4.3"],"https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx":["CIP-004-6 R2.2.3","CIP-007-3 R5.1","CIP-007-3 R5.2","CIP-007-3 R5.3.1","CIP-007-3 R5.3.2","CIP-007-3 R5.3.3"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FMT_MOF_EXT.1"]}'><td style="padding-left: 76px"><a href="#rule-detail-id34328" onclick="return openRuleDetailsDialog('id34328')">Set Interactive Session Timeout</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_file_permissions_home_directories" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_file_permissions_home_directories" id="rule-overview-leaf-id34329" data-tt-parent-id="xccdf_org.ssgproject.content_group_accounts-session" data-references='{"https://public.cyber.mil/stigs/cci/":["CCI-000366"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000480-GPOS-00227"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux":["SLES-15-040090"],"https://public.cyber.mil/stigs/srg-stig-tools/":["SV-234993r622137_rule"],"https://www.cisecurity.org/benchmark/suse_linux/":["6.2.6"]}'><td style="padding-left: 76px"><a href="#rule-detail-id34329" onclick="return openRuleDetailsDialog('id34329')">All Interactive User Home Directories Must Have mode 0750 Or Less Permissive</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_auditing" class="rule-overview-inner-node rule-overview-inner-node-id-xccdf_org.ssgproject.content_group_auditing" data-tt-parent-id="xccdf_org.ssgproject.content_group_system"><td colspan="3" style="padding-left: 38px">System Accounting with auditd<script>$(document).ready(function(){$('.treetable').treetable("collapseNode","xccdf_org.ssgproject.content_group_auditing");});</script></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_auditd_configure_rules" class="rule-overview-inner-node rule-overview-inner-node-id-xccdf_org.ssgproject.content_group_auditd_configure_rules" data-tt-parent-id="xccdf_org.ssgproject.content_group_auditing"><td colspan="3" style="padding-left: 57px">Configure auditd Rules for Comprehensive Auditing<script>$(document).ready(function(){$('.treetable').treetable("collapseNode","xccdf_org.ssgproject.content_group_auditd_configure_rules");});</script></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_audit_dac_actions" class="rule-overview-inner-node rule-overview-inner-node-id-xccdf_org.ssgproject.content_group_audit_dac_actions" data-tt-parent-id="xccdf_org.ssgproject.content_group_auditd_configure_rules"><td colspan="3" style="padding-left: 76px">Record Events that Modify the System's Discretionary Access Controls<script>$(document).ready(function(){$('.treetable').treetable("collapseNode","xccdf_org.ssgproject.content_group_audit_dac_actions");});</script></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_chmod" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_chmod" id="rule-overview-leaf-id34330" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_dac_actions" data-references='{"NIST SP 800-171":["3.1.7"],"NIST SP 800-53":["AU-3","AU-3.1","AU-12(c)","AU-12.1(iv)","AU-12(a)","AU-12.1(ii)","MA-4(1)(a)"],"ANSSI":["BP28(R73)"],"https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf":["10.3.4"],"https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf":["DE.AE-3","DE.AE-5","DE.CM-1","DE.CM-3","DE.CM-7","ID.SC-4","PR.AC-3","PR.PT-1","PR.PT-4","RS.AN-1","RS.AN-4"],"https://public.cyber.mil/stigs/cci/":["CCI-000126","CCI-000130","CCI-000135","CCI-000169","CCI-000172","CCI-002884"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000037-GPOS-00015","SRG-OS-000042-GPOS-00020","SRG-OS-000062-GPOS-00031","SRG-OS-000392-GPOS-00172","SRG-OS-000462-GPOS-00206","SRG-OS-000471-GPOS-00215","SRG-OS-000064-GPOS-00033","SRG-OS-000466-GPOS-00210","SRG-OS-000458-GPOS-00203"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux":["SLES-15-030290"],"https://public.cyber.mil/stigs/srg-stig-tools/":["SV-234928r622137_rule"],"https://www.cisecurity.org/benchmark/suse_linux/":["4.1.9"],"https://www.cisecurity.org/controls/":["1","11","12","13","14","15","16","19","2","3","4","5","6","7","8","9"],"FBI CJIS":["5.4.1.1"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)(ii)(A)","164.308(a)(5)(ii)(C)","164.312(a)(2)(i)","164.312(b)","164.312(d)","164.312(e)"],"https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu":["SR 1.13","SR 2.10","SR 2.11","SR 2.12","SR 2.6","SR 2.8","SR 2.9","SR 3.1","SR 3.5","SR 3.8","SR 4.1","SR 4.3","SR 5.1","SR 5.2","SR 5.3","SR 6.1","SR 6.2","SR 7.1","SR 7.6"],"https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat":["4.2.3.10","4.3.2.6.7","4.3.3.3.9","4.3.3.5.8","4.3.3.6.6","4.3.4.4.7","4.3.4.5.6","4.3.4.5.7","4.3.4.5.8","4.4.2.1","4.4.2.2","4.4.2.4"],"https://www.isaca.org/resources/cobit":["APO10.01","APO10.03","APO10.04","APO10.05","APO11.04","APO12.06","APO13.01","BAI03.05","BAI08.02","DSS01.03","DSS01.04","DSS02.02","DSS02.04","DSS02.07","DSS03.01","DSS03.05","DSS05.02","DSS05.03","DSS05.04","DSS05.05","DSS05.07","MEA01.01","MEA01.02","MEA01.03","MEA01.04","MEA01.05","MEA02.01"],"ISO 27001-2013":["A.11.2.6","A.12.4.1","A.12.4.2","A.12.4.3","A.12.4.4","A.12.7.1","A.13.1.1","A.13.2.1","A.14.1.3","A.14.2.7","A.15.2.1","A.15.2.2","A.16.1.4","A.16.1.5","A.16.1.7","A.6.2.1","A.6.2.2"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"],"PCI-DSS Requirement":["Req-10.5.5"]}'><td style="padding-left: 95px"><a href="#rule-detail-id34330" onclick="return openRuleDetailsDialog('id34330')">Record Events that Modify the System's Discretionary Access Controls - chmod</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_chown" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_chown" id="rule-overview-leaf-id34331" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_dac_actions" data-references='{"NIST SP 800-171":["3.1.7"],"NIST SP 800-53":["AU-3","AU-3.1","AU-12(c)","AU-12.1(iv)","AU-12(a)","AU-12.1(ii)","MA-4(1)(a)"],"ANSSI":["BP28(R73)"],"https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf":["10.3.4"],"https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf":["DE.AE-3","DE.AE-5","DE.CM-1","DE.CM-3","DE.CM-7","ID.SC-4","PR.AC-3","PR.PT-1","PR.PT-4","RS.AN-1","RS.AN-4"],"https://public.cyber.mil/stigs/cci/":["CCI-000126","CCI-000130","CCI-000135","CCI-000169","CCI-000172","CCI-002884"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000037-GPOS-00015","SRG-OS-000042-GPOS-00020","SRG-OS-000062-GPOS-00031","SRG-OS-000392-GPOS-00172","SRG-OS-000462-GPOS-00206","SRG-OS-000471-GPOS-00215","SRG-OS-000064-GPOS-00033","SRG-OS-000466-GPOS-00210","SRG-OS-000458-GPOS-00203","SRG-OS-000474-GPOS-00219"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux":["SLES-15-030250"],"https://public.cyber.mil/stigs/srg-stig-tools/":["SV-234924r622137_rule"],"https://www.cisecurity.org/benchmark/suse_linux/":["4.1.9"],"https://www.cisecurity.org/controls/":["1","11","12","13","14","15","16","19","2","3","4","5","6","7","8","9"],"FBI CJIS":["5.4.1.1"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)(ii)(A)","164.308(a)(5)(ii)(C)","164.312(a)(2)(i)","164.312(b)","164.312(d)","164.312(e)"],"https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu":["SR 1.13","SR 2.10","SR 2.11","SR 2.12","SR 2.6","SR 2.8","SR 2.9","SR 3.1","SR 3.5","SR 3.8","SR 4.1","SR 4.3","SR 5.1","SR 5.2","SR 5.3","SR 6.1","SR 6.2","SR 7.1","SR 7.6"],"https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat":["4.2.3.10","4.3.2.6.7","4.3.3.3.9","4.3.3.5.8","4.3.3.6.6","4.3.4.4.7","4.3.4.5.6","4.3.4.5.7","4.3.4.5.8","4.4.2.1","4.4.2.2","4.4.2.4"],"https://www.isaca.org/resources/cobit":["APO10.01","APO10.03","APO10.04","APO10.05","APO11.04","APO12.06","APO13.01","BAI03.05","BAI08.02","DSS01.03","DSS01.04","DSS02.02","DSS02.04","DSS02.07","DSS03.01","DSS03.05","DSS05.02","DSS05.03","DSS05.04","DSS05.05","DSS05.07","MEA01.01","MEA01.02","MEA01.03","MEA01.04","MEA01.05","MEA02.01"],"ISO 27001-2013":["A.11.2.6","A.12.4.1","A.12.4.2","A.12.4.3","A.12.4.4","A.12.7.1","A.13.1.1","A.13.2.1","A.14.1.3","A.14.2.7","A.15.2.1","A.15.2.2","A.16.1.4","A.16.1.5","A.16.1.7","A.6.2.1","A.6.2.2"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"],"PCI-DSS Requirement":["Req-10.5.5"]}'><td style="padding-left: 95px"><a href="#rule-detail-id34331" onclick="return openRuleDetailsDialog('id34331')">Record Events that Modify the System's Discretionary Access Controls - chown</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_fchmod" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_fchmod" id="rule-overview-leaf-id34332" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_dac_actions" data-references='{"NIST SP 800-171":["3.1.7"],"NIST SP 800-53":["AU-3","AU-3.1","AU-12(c)","AU-12.1(iv)","AU-12(a)","AU-12.1(ii)","MA-4(1)(a)"],"ANSSI":["BP28(R73)"],"https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf":["10.3.4"],"https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf":["DE.AE-3","DE.AE-5","DE.CM-1","DE.CM-3","DE.CM-7","ID.SC-4","PR.AC-3","PR.PT-1","PR.PT-4","RS.AN-1","RS.AN-4"],"https://public.cyber.mil/stigs/cci/":["CCI-000126","CCI-000130","CCI-000135","CCI-000169","CCI-000172","CCI-002884"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000037-GPOS-00015","SRG-OS-000042-GPOS-00020","SRG-OS-000062-GPOS-00031","SRG-OS-000392-GPOS-00172","SRG-OS-000462-GPOS-00206","SRG-OS-000471-GPOS-00215","SRG-OS-000064-GPOS-00033","SRG-OS-000466-GPOS-00210","SRG-OS-000458-GPOS-00203"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux":["SLES-15-030290"],"https://public.cyber.mil/stigs/srg-stig-tools/":["SV-234928r622137_rule"],"https://www.cisecurity.org/benchmark/suse_linux/":["4.1.9"],"https://www.cisecurity.org/controls/":["1","11","12","13","14","15","16","19","2","3","4","5","6","7","8","9"],"FBI CJIS":["5.4.1.1"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)(ii)(A)","164.308(a)(5)(ii)(C)","164.312(a)(2)(i)","164.312(b)","164.312(d)","164.312(e)"],"https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu":["SR 1.13","SR 2.10","SR 2.11","SR 2.12","SR 2.6","SR 2.8","SR 2.9","SR 3.1","SR 3.5","SR 3.8","SR 4.1","SR 4.3","SR 5.1","SR 5.2","SR 5.3","SR 6.1","SR 6.2","SR 7.1","SR 7.6"],"https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat":["4.2.3.10","4.3.2.6.7","4.3.3.3.9","4.3.3.5.8","4.3.3.6.6","4.3.4.4.7","4.3.4.5.6","4.3.4.5.7","4.3.4.5.8","4.4.2.1","4.4.2.2","4.4.2.4"],"https://www.isaca.org/resources/cobit":["APO10.01","APO10.03","APO10.04","APO10.05","APO11.04","APO12.06","APO13.01","BAI03.05","BAI08.02","DSS01.03","DSS01.04","DSS02.02","DSS02.04","DSS02.07","DSS03.01","DSS03.05","DSS05.02","DSS05.03","DSS05.04","DSS05.05","DSS05.07","MEA01.01","MEA01.02","MEA01.03","MEA01.04","MEA01.05","MEA02.01"],"ISO 27001-2013":["A.11.2.6","A.12.4.1","A.12.4.2","A.12.4.3","A.12.4.4","A.12.7.1","A.13.1.1","A.13.2.1","A.14.1.3","A.14.2.7","A.15.2.1","A.15.2.2","A.16.1.4","A.16.1.5","A.16.1.7","A.6.2.1","A.6.2.2"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"],"PCI-DSS Requirement":["Req-10.5.5"]}'><td style="padding-left: 95px"><a href="#rule-detail-id34332" onclick="return openRuleDetailsDialog('id34332')">Record Events that Modify the System's Discretionary Access Controls - fchmod</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_fchmodat" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_fchmodat" id="rule-overview-leaf-id34333" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_dac_actions" data-references='{"NIST SP 800-171":["3.1.7"],"NIST SP 800-53":["AU-3","AU-3.1","AU-12(c)","AU-12.1(iv)","AU-12(a)","AU-12.1(ii)","MA-4(1)(a)"],"ANSSI":["BP28(R73)"],"https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf":["10.3.4"],"https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf":["DE.AE-3","DE.AE-5","DE.CM-1","DE.CM-3","DE.CM-7","ID.SC-4","PR.AC-3","PR.PT-1","PR.PT-4","RS.AN-1","RS.AN-4"],"https://public.cyber.mil/stigs/cci/":["CCI-000126","CCI-000130","CCI-000135","CCI-000169","CCI-000172","CCI-002884"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000037-GPOS-00015","SRG-OS-000042-GPOS-00020","SRG-OS-000062-GPOS-00031","SRG-OS-000392-GPOS-00172","SRG-OS-000462-GPOS-00206","SRG-OS-000471-GPOS-00215","SRG-OS-000064-GPOS-00033","SRG-OS-000466-GPOS-00210","SRG-OS-000458-GPOS-00203"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux":["SLES-15-030290"],"https://public.cyber.mil/stigs/srg-stig-tools/":["SV-234928r622137_rule"],"https://www.cisecurity.org/benchmark/suse_linux/":["4.1.9"],"https://www.cisecurity.org/controls/":["1","11","12","13","14","15","16","19","2","3","4","5","6","7","8","9"],"FBI CJIS":["5.4.1.1"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)(ii)(A)","164.308(a)(5)(ii)(C)","164.312(a)(2)(i)","164.312(b)","164.312(d)","164.312(e)"],"https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu":["SR 1.13","SR 2.10","SR 2.11","SR 2.12","SR 2.6","SR 2.8","SR 2.9","SR 3.1","SR 3.5","SR 3.8","SR 4.1","SR 4.3","SR 5.1","SR 5.2","SR 5.3","SR 6.1","SR 6.2","SR 7.1","SR 7.6"],"https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat":["4.2.3.10","4.3.2.6.7","4.3.3.3.9","4.3.3.5.8","4.3.3.6.6","4.3.4.4.7","4.3.4.5.6","4.3.4.5.7","4.3.4.5.8","4.4.2.1","4.4.2.2","4.4.2.4"],"https://www.isaca.org/resources/cobit":["APO10.01","APO10.03","APO10.04","APO10.05","APO11.04","APO12.06","APO13.01","BAI03.05","BAI08.02","DSS01.03","DSS01.04","DSS02.02","DSS02.04","DSS02.07","DSS03.01","DSS03.05","DSS05.02","DSS05.03","DSS05.04","DSS05.05","DSS05.07","MEA01.01","MEA01.02","MEA01.03","MEA01.04","MEA01.05","MEA02.01"],"ISO 27001-2013":["A.11.2.6","A.12.4.1","A.12.4.2","A.12.4.3","A.12.4.4","A.12.7.1","A.13.1.1","A.13.2.1","A.14.1.3","A.14.2.7","A.15.2.1","A.15.2.2","A.16.1.4","A.16.1.5","A.16.1.7","A.6.2.1","A.6.2.2"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"],"PCI-DSS Requirement":["Req-10.5.5"]}'><td style="padding-left: 95px"><a href="#rule-detail-id34333" onclick="return openRuleDetailsDialog('id34333')">Record Events that Modify the System's Discretionary Access Controls - fchmodat</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_fchown" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_fchown" id="rule-overview-leaf-id34334" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_dac_actions" data-references='{"NIST SP 800-171":["3.1.7"],"NIST SP 800-53":["AU-3","AU-3.1","AU-12(c)","AU-12.1(iv)","AU-12(a)","AU-12.1(ii)","MA-4(1)(a)"],"ANSSI":["BP28(R73)"],"https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf":["10.3.4"],"https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf":["DE.AE-3","DE.AE-5","DE.CM-1","DE.CM-3","DE.CM-7","ID.SC-4","PR.AC-3","PR.PT-1","PR.PT-4","RS.AN-1","RS.AN-4"],"https://public.cyber.mil/stigs/cci/":["CCI-000126","CCI-000130","CCI-000135","CCI-000169","CCI-000172","CCI-002884"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000037-GPOS-00015","SRG-OS-000042-GPOS-00020","SRG-OS-000062-GPOS-00031","SRG-OS-000392-GPOS-00172","SRG-OS-000462-GPOS-00206","SRG-OS-000471-GPOS-00215","SRG-OS-000064-GPOS-00033","SRG-OS-000466-GPOS-00210","SRG-OS-000458-GPOS-00203","SRG-OS-000474-GPOS-00219"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux":["SLES-15-030250"],"https://public.cyber.mil/stigs/srg-stig-tools/":["SV-234924r622137_rule"],"https://www.cisecurity.org/benchmark/suse_linux/":["4.1.9"],"https://www.cisecurity.org/controls/":["1","11","12","13","14","15","16","19","2","3","4","5","6","7","8","9"],"FBI CJIS":["5.4.1.1"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)(ii)(A)","164.308(a)(5)(ii)(C)","164.312(a)(2)(i)","164.312(b)","164.312(d)","164.312(e)"],"https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu":["SR 1.13","SR 2.10","SR 2.11","SR 2.12","SR 2.6","SR 2.8","SR 2.9","SR 3.1","SR 3.5","SR 3.8","SR 4.1","SR 4.3","SR 5.1","SR 5.2","SR 5.3","SR 6.1","SR 6.2","SR 7.1","SR 7.6"],"https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat":["4.2.3.10","4.3.2.6.7","4.3.3.3.9","4.3.3.5.8","4.3.3.6.6","4.3.4.4.7","4.3.4.5.6","4.3.4.5.7","4.3.4.5.8","4.4.2.1","4.4.2.2","4.4.2.4"],"https://www.isaca.org/resources/cobit":["APO10.01","APO10.03","APO10.04","APO10.05","APO11.04","APO12.06","APO13.01","BAI03.05","BAI08.02","DSS01.03","DSS01.04","DSS02.02","DSS02.04","DSS02.07","DSS03.01","DSS03.05","DSS05.02","DSS05.03","DSS05.04","DSS05.05","DSS05.07","MEA01.01","MEA01.02","MEA01.03","MEA01.04","MEA01.05","MEA02.01"],"ISO 27001-2013":["A.11.2.6","A.12.4.1","A.12.4.2","A.12.4.3","A.12.4.4","A.12.7.1","A.13.1.1","A.13.2.1","A.14.1.3","A.14.2.7","A.15.2.1","A.15.2.2","A.16.1.4","A.16.1.5","A.16.1.7","A.6.2.1","A.6.2.2"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"],"PCI-DSS Requirement":["Req-10.5.5"]}'><td style="padding-left: 95px"><a href="#rule-detail-id34334" onclick="return openRuleDetailsDialog('id34334')">Record Events that Modify the System's Discretionary Access Controls - fchown</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_fchownat" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_fchownat" id="rule-overview-leaf-id34335" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_dac_actions" data-references='{"NIST SP 800-171":["3.1.7"],"NIST SP 800-53":["AU-3","AU-3.1","AU-12(c)","AU-12.1(iv)","AU-12(a)","AU-12.1(ii)","MA-4(1)(a)"],"ANSSI":["BP28(R73)"],"https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf":["10.3.4"],"https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf":["DE.AE-3","DE.AE-5","DE.CM-1","DE.CM-3","DE.CM-7","ID.SC-4","PR.AC-3","PR.PT-1","PR.PT-4","RS.AN-1","RS.AN-4"],"https://public.cyber.mil/stigs/cci/":["CCI-000126","CCI-000130","CCI-000135","CCI-000169","CCI-000172","CCI-002884"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000037-GPOS-00015","SRG-OS-000042-GPOS-00020","SRG-OS-000062-GPOS-00031","SRG-OS-000392-GPOS-00172","SRG-OS-000462-GPOS-00206","SRG-OS-000471-GPOS-00215","SRG-OS-000064-GPOS-00033","SRG-OS-000466-GPOS-00210","SRG-OS-000458-GPOS-00203","SRG-OS-000474-GPOS-00219"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux":["SLES-15-030250"],"https://public.cyber.mil/stigs/srg-stig-tools/":["SV-234924r622137_rule"],"https://www.cisecurity.org/benchmark/suse_linux/":["4.1.9"],"https://www.cisecurity.org/controls/":["1","11","12","13","14","15","16","19","2","3","4","5","6","7","8","9"],"FBI CJIS":["5.4.1.1"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)(ii)(A)","164.308(a)(5)(ii)(C)","164.312(a)(2)(i)","164.312(b)","164.312(d)","164.312(e)"],"https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu":["SR 1.13","SR 2.10","SR 2.11","SR 2.12","SR 2.6","SR 2.8","SR 2.9","SR 3.1","SR 3.5","SR 3.8","SR 4.1","SR 4.3","SR 5.1","SR 5.2","SR 5.3","SR 6.1","SR 6.2","SR 7.1","SR 7.6"],"https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat":["4.2.3.10","4.3.2.6.7","4.3.3.3.9","4.3.3.5.8","4.3.3.6.6","4.3.4.4.7","4.3.4.5.6","4.3.4.5.7","4.3.4.5.8","4.4.2.1","4.4.2.2","4.4.2.4"],"https://www.isaca.org/resources/cobit":["APO10.01","APO10.03","APO10.04","APO10.05","APO11.04","APO12.06","APO13.01","BAI03.05","BAI08.02","DSS01.03","DSS01.04","DSS02.02","DSS02.04","DSS02.07","DSS03.01","DSS03.05","DSS05.02","DSS05.03","DSS05.04","DSS05.05","DSS05.07","MEA01.01","MEA01.02","MEA01.03","MEA01.04","MEA01.05","MEA02.01"],"ISO 27001-2013":["A.11.2.6","A.12.4.1","A.12.4.2","A.12.4.3","A.12.4.4","A.12.7.1","A.13.1.1","A.13.2.1","A.14.1.3","A.14.2.7","A.15.2.1","A.15.2.2","A.16.1.4","A.16.1.5","A.16.1.7","A.6.2.1","A.6.2.2"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"],"PCI-DSS Requirement":["Req-10.5.5"]}'><td style="padding-left: 95px"><a href="#rule-detail-id34335" onclick="return openRuleDetailsDialog('id34335')">Record Events that Modify the System's Discretionary Access Controls - fchownat</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_fremovexattr" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_fremovexattr" id="rule-overview-leaf-id34336" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_dac_actions" data-references='{"NIST SP 800-171":["3.1.7"],"NIST SP 800-53":["AU-12(a)","AU-12.1(ii)","AU-12(c)","AU-12.1(iv)","AU-3","AU-3.1","MA-4(1)(a)"],"ANSSI":["BP28(R73)"],"https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf":["10.3.4"],"https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf":["DE.AE-3","DE.AE-5","DE.CM-1","DE.CM-3","DE.CM-7","ID.SC-4","PR.AC-3","PR.PT-1","PR.PT-4","RS.AN-1","RS.AN-4"],"https://public.cyber.mil/stigs/cci/":["CCI-000130","CCI-000135","CCI-000169","CCI-000172","CCI-002884"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000037-GPOS-00015","SRG-OS-000042-GPOS-00020","SRG-OS-000062-GPOS-00031","SRG-OS-000392-GPOS-00172","SRG-OS-000458-GPOS-00203","SRG-OS-000462-GPOS-00206","SRG-OS-000463-GPOS-00207","SRG-OS-000471-GPOS-00215","SRG-OS-000474-GPOS-00219","SRG-OS-000466-GPOS-00210","SRG-OS-000468-GPOS-00212","SRG-OS-000064-GPOS-00033"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux":["SLES-15-030190"],"https://public.cyber.mil/stigs/srg-stig-tools/":["SV-234918r622137_rule"],"https://www.cisecurity.org/benchmark/suse_linux/":["4.1.9"],"https://www.cisecurity.org/controls/":["1","11","12","13","14","15","16","19","2","3","4","5","6","7","8","9"],"FBI CJIS":["5.4.1.1"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)(ii)(A)","164.308(a)(5)(ii)(C)","164.312(a)(2)(i)","164.312(b)","164.312(d)","164.312(e)"],"https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu":["SR 1.13","SR 2.10","SR 2.11","SR 2.12","SR 2.6","SR 2.8","SR 2.9","SR 3.1","SR 3.5","SR 3.8","SR 4.1","SR 4.3","SR 5.1","SR 5.2","SR 5.3","SR 6.1","SR 6.2","SR 7.1","SR 7.6"],"https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat":["4.2.3.10","4.3.2.6.7","4.3.3.3.9","4.3.3.5.8","4.3.3.6.6","4.3.4.4.7","4.3.4.5.6","4.3.4.5.7","4.3.4.5.8","4.4.2.1","4.4.2.2","4.4.2.4"],"https://www.isaca.org/resources/cobit":["APO10.01","APO10.03","APO10.04","APO10.05","APO11.04","APO12.06","APO13.01","BAI03.05","BAI08.02","DSS01.03","DSS01.04","DSS02.02","DSS02.04","DSS02.07","DSS03.01","DSS03.05","DSS05.02","DSS05.03","DSS05.04","DSS05.05","DSS05.07","MEA01.01","MEA01.02","MEA01.03","MEA01.04","MEA01.05","MEA02.01"],"ISO 27001-2013":["A.11.2.6","A.12.4.1","A.12.4.2","A.12.4.3","A.12.4.4","A.12.7.1","A.13.1.1","A.13.2.1","A.14.1.3","A.14.2.7","A.15.2.1","A.15.2.2","A.16.1.4","A.16.1.5","A.16.1.7","A.6.2.1","A.6.2.2"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"],"PCI-DSS Requirement":["Req-10.5.5"]}'><td style="padding-left: 95px"><a href="#rule-detail-id34336" onclick="return openRuleDetailsDialog('id34336')">Record Events that Modify the System's Discretionary Access Controls - fremovexattr</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_fsetxattr" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_fsetxattr" id="rule-overview-leaf-id34337" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_dac_actions" data-references='{"NIST SP 800-171":["3.1.7"],"NIST SP 800-53":["AU-12(a)","AU-12.1(ii)","AU-12(c)","AU-12.1(iv)","AU-3","AU-3.1","MA-4(1)(a)"],"ANSSI":["BP28(R73)"],"https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf":["10.3.4"],"https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf":["DE.AE-3","DE.AE-5","DE.CM-1","DE.CM-3","DE.CM-7","ID.SC-4","PR.AC-3","PR.PT-1","PR.PT-4","RS.AN-1","RS.AN-4"],"https://public.cyber.mil/stigs/cci/":["CCI-000126","CCI-000130","CCI-000135","CCI-000169","CCI-000172","CCI-002884"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000037-GPOS-00015","SRG-OS-000042-GPOS-00020","SRG-OS-000062-GPOS-00031","SRG-OS-000392-GPOS-00172","SRG-OS-000458-GPOS-00203","SRG-OS-000462-GPOS-00206","SRG-OS-000463-GPOS-00207","SRG-OS-000466-GPOS-00210","SRG-OS-000468-GPOS-00212","SRG-OS-000471-GPOS-00215","SRG-OS-000474-GPOS-00219","SRG-OS-000064-GPOS-00033"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux":["SLES-15-030190"],"https://public.cyber.mil/stigs/srg-stig-tools/":["SV-234918r622137_rule"],"https://www.cisecurity.org/benchmark/suse_linux/":["4.1.9"],"https://www.cisecurity.org/controls/":["1","11","12","13","14","15","16","19","2","3","4","5","6","7","8","9"],"FBI CJIS":["5.4.1.1"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)(ii)(A)","164.308(a)(5)(ii)(C)","164.312(a)(2)(i)","164.312(b)","164.312(d)","164.312(e)"],"https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu":["SR 1.13","SR 2.10","SR 2.11","SR 2.12","SR 2.6","SR 2.8","SR 2.9","SR 3.1","SR 3.5","SR 3.8","SR 4.1","SR 4.3","SR 5.1","SR 5.2","SR 5.3","SR 6.1","SR 6.2","SR 7.1","SR 7.6"],"https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat":["4.2.3.10","4.3.2.6.7","4.3.3.3.9","4.3.3.5.8","4.3.3.6.6","4.3.4.4.7","4.3.4.5.6","4.3.4.5.7","4.3.4.5.8","4.4.2.1","4.4.2.2","4.4.2.4"],"https://www.isaca.org/resources/cobit":["APO10.01","APO10.03","APO10.04","APO10.05","APO11.04","APO12.06","APO13.01","BAI03.05","BAI08.02","DSS01.03","DSS01.04","DSS02.02","DSS02.04","DSS02.07","DSS03.01","DSS03.05","DSS05.02","DSS05.03","DSS05.04","DSS05.05","DSS05.07","MEA01.01","MEA01.02","MEA01.03","MEA01.04","MEA01.05","MEA02.01"],"ISO 27001-2013":["A.11.2.6","A.12.4.1","A.12.4.2","A.12.4.3","A.12.4.4","A.12.7.1","A.13.1.1","A.13.2.1","A.14.1.3","A.14.2.7","A.15.2.1","A.15.2.2","A.16.1.4","A.16.1.5","A.16.1.7","A.6.2.1","A.6.2.2"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"],"PCI-DSS Requirement":["Req-10.5.5"]}'><td style="padding-left: 95px"><a href="#rule-detail-id34337" onclick="return openRuleDetailsDialog('id34337')">Record Events that Modify the System's Discretionary Access Controls - fsetxattr</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_lchown" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_lchown" id="rule-overview-leaf-id34338" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_dac_actions" data-references='{"NIST SP 800-171":["3.1.7"],"NIST SP 800-53":["AU-3","AU-3.1","AU-12(c)","AU-12.1(iv)","AU-12(a)","AU-12.1(ii)","MA-4(1)(a)"],"ANSSI":["BP28(R73)"],"https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf":["10.3.4"],"https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf":["DE.AE-3","DE.AE-5","DE.CM-1","DE.CM-3","DE.CM-7","ID.SC-4","PR.AC-3","PR.PT-1","PR.PT-4","RS.AN-1","RS.AN-4"],"https://public.cyber.mil/stigs/cci/":["CCI-000126","CCI-000130","CCI-000135","CCI-000169","CCI-000172","CCI-002884"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000037-GPOS-00015","SRG-OS-000042-GPOS-00020","SRG-OS-000062-GPOS-00031","SRG-OS-000392-GPOS-00172","SRG-OS-000462-GPOS-00206","SRG-OS-000471-GPOS-00215","SRG-OS-000064-GPOS-00033","SRG-OS-000466-GPOS-00210","SRG-OS-000458-GPOS-00203","SRG-OS-000474-GPOS-00219"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux":["SLES-15-030250"],"https://public.cyber.mil/stigs/srg-stig-tools/":["SV-234924r622137_rule"],"https://www.cisecurity.org/benchmark/suse_linux/":["4.1.9"],"https://www.cisecurity.org/controls/":["1","11","12","13","14","15","16","19","2","3","4","5","6","7","8","9"],"FBI CJIS":["5.4.1.1"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)(ii)(A)","164.308(a)(5)(ii)(C)","164.312(a)(2)(i)","164.312(b)","164.312(d)","164.312(e)"],"https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu":["SR 1.13","SR 2.10","SR 2.11","SR 2.12","SR 2.6","SR 2.8","SR 2.9","SR 3.1","SR 3.5","SR 3.8","SR 4.1","SR 4.3","SR 5.1","SR 5.2","SR 5.3","SR 6.1","SR 6.2","SR 7.1","SR 7.6"],"https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat":["4.2.3.10","4.3.2.6.7","4.3.3.3.9","4.3.3.5.8","4.3.3.6.6","4.3.4.4.7","4.3.4.5.6","4.3.4.5.7","4.3.4.5.8","4.4.2.1","4.4.2.2","4.4.2.4"],"https://www.isaca.org/resources/cobit":["APO10.01","APO10.03","APO10.04","APO10.05","APO11.04","APO12.06","APO13.01","BAI03.05","BAI08.02","DSS01.03","DSS01.04","DSS02.02","DSS02.04","DSS02.07","DSS03.01","DSS03.05","DSS05.02","DSS05.03","DSS05.04","DSS05.05","DSS05.07","MEA01.01","MEA01.02","MEA01.03","MEA01.04","MEA01.05","MEA02.01"],"ISO 27001-2013":["A.11.2.6","A.12.4.1","A.12.4.2","A.12.4.3","A.12.4.4","A.12.7.1","A.13.1.1","A.13.2.1","A.14.1.3","A.14.2.7","A.15.2.1","A.15.2.2","A.16.1.4","A.16.1.5","A.16.1.7","A.6.2.1","A.6.2.2"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"],"PCI-DSS Requirement":["Req-10.5.5"]}'><td style="padding-left: 95px"><a href="#rule-detail-id34338" onclick="return openRuleDetailsDialog('id34338')">Record Events that Modify the System's Discretionary Access Controls - lchown</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_lremovexattr" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_lremovexattr" id="rule-overview-leaf-id34339" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_dac_actions" data-references='{"NIST SP 800-171":["3.1.7"],"NIST SP 800-53":["AU-3","AU-3.1","AU-12(c)","AU-12.1(iv)","AU-12(a)","AU-12.1(ii)","MA-4(1)(a)"],"ANSSI":["BP28(R73)"],"https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf":["10.3.4"],"https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf":["DE.AE-3","DE.AE-5","DE.CM-1","DE.CM-3","DE.CM-7","ID.SC-4","PR.AC-3","PR.PT-1","PR.PT-4","RS.AN-1","RS.AN-4"],"https://public.cyber.mil/stigs/cci/":["CCI-000130","CCI-000135","CCI-000169","CCI-000172","CCI-002884"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000037-GPOS-00015","SRG-OS-000042-GPOS-00020","SRG-OS-000062-GPOS-00031","SRG-OS-000392-GPOS-00172","SRG-OS-000458-GPOS-00203","SRG-OS-000462-GPOS-00206","SRG-OS-000463-GPOS-00207","SRG-OS-000468-GPOS-00212","SRG-OS-000471-GPOS-00215","SRG-OS-000474-GPOS-00219","SRG-OS-000466-GPOS-00210","SRG-OS-000064-GPOS-00033"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux":["SLES-15-030190"],"https://public.cyber.mil/stigs/srg-stig-tools/":["SV-234918r622137_rule"],"https://www.cisecurity.org/benchmark/suse_linux/":["4.1.9"],"https://www.cisecurity.org/controls/":["1","11","12","13","14","15","16","19","2","3","4","5","6","7","8","9"],"FBI CJIS":["5.4.1.1"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)(ii)(A)","164.308(a)(5)(ii)(C)","164.312(a)(2)(i)","164.312(b)","164.312(d)","164.312(e)"],"https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu":["SR 1.13","SR 2.10","SR 2.11","SR 2.12","SR 2.6","SR 2.8","SR 2.9","SR 3.1","SR 3.5","SR 3.8","SR 4.1","SR 4.3","SR 5.1","SR 5.2","SR 5.3","SR 6.1","SR 6.2","SR 7.1","SR 7.6"],"https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat":["4.2.3.10","4.3.2.6.7","4.3.3.3.9","4.3.3.5.8","4.3.3.6.6","4.3.4.4.7","4.3.4.5.6","4.3.4.5.7","4.3.4.5.8","4.4.2.1","4.4.2.2","4.4.2.4"],"https://www.isaca.org/resources/cobit":["APO10.01","APO10.03","APO10.04","APO10.05","APO11.04","APO12.06","APO13.01","BAI03.05","BAI08.02","DSS01.03","DSS01.04","DSS02.02","DSS02.04","DSS02.07","DSS03.01","DSS03.05","DSS05.02","DSS05.03","DSS05.04","DSS05.05","DSS05.07","MEA01.01","MEA01.02","MEA01.03","MEA01.04","MEA01.05","MEA02.01"],"ISO 27001-2013":["A.11.2.6","A.12.4.1","A.12.4.2","A.12.4.3","A.12.4.4","A.12.7.1","A.13.1.1","A.13.2.1","A.14.1.3","A.14.2.7","A.15.2.1","A.15.2.2","A.16.1.4","A.16.1.5","A.16.1.7","A.6.2.1","A.6.2.2"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"],"PCI-DSS Requirement":["Req-10.5.5"]}'><td style="padding-left: 95px"><a href="#rule-detail-id34339" onclick="return openRuleDetailsDialog('id34339')">Record Events that Modify the System's Discretionary Access Controls - lremovexattr</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_lsetxattr" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_lsetxattr" id="rule-overview-leaf-id34340" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_dac_actions" data-references='{"NIST SP 800-171":["3.1.7"],"NIST SP 800-53":["AU-12(a)","AU-12.1(ii)","AU-12(c)","AU-12.1(iv)","AU-3","AU-3.1","MA-4(1)(a)"],"ANSSI":["BP28(R73)"],"https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf":["10.3.4"],"https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf":["DE.AE-3","DE.AE-5","DE.CM-1","DE.CM-3","DE.CM-7","ID.SC-4","PR.AC-3","PR.PT-1","PR.PT-4","RS.AN-1","RS.AN-4"],"https://public.cyber.mil/stigs/cci/":["CCI-000126","CCI-000130","CCI-000135","CCI-000169","CCI-000172","CCI-002884"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000037-GPOS-00015","SRG-OS-000042-GPOS-00020","SRG-OS-000062-GPOS-00031","SRG-OS-000392-GPOS-00172","SRG-OS-000458-GPOS-00203","SRG-OS-000462-GPOS-00206","SRG-OS-000463-GPOS-00207","SRG-OS-000466-GPOS-00210","SRG-OS-000468-GPOS-00212","SRG-OS-000471-GPOS-00215","SRG-OS-000474-GPOS-00219","SRG-OS-000064-GPOS-00033"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux":["SLES-15-030190"],"https://public.cyber.mil/stigs/srg-stig-tools/":["SV-234918r622137_rule"],"https://www.cisecurity.org/benchmark/suse_linux/":["4.1.9"],"https://www.cisecurity.org/controls/":["1","11","12","13","14","15","16","19","2","3","4","5","6","7","8","9"],"FBI CJIS":["5.4.1.1"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)(ii)(A)","164.308(a)(5)(ii)(C)","164.312(a)(2)(i)","164.312(b)","164.312(d)","164.312(e)"],"https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu":["SR 1.13","SR 2.10","SR 2.11","SR 2.12","SR 2.6","SR 2.8","SR 2.9","SR 3.1","SR 3.5","SR 3.8","SR 4.1","SR 4.3","SR 5.1","SR 5.2","SR 5.3","SR 6.1","SR 6.2","SR 7.1","SR 7.6"],"https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat":["4.2.3.10","4.3.2.6.7","4.3.3.3.9","4.3.3.5.8","4.3.3.6.6","4.3.4.4.7","4.3.4.5.6","4.3.4.5.7","4.3.4.5.8","4.4.2.1","4.4.2.2","4.4.2.4"],"https://www.isaca.org/resources/cobit":["APO10.01","APO10.03","APO10.04","APO10.05","APO11.04","APO12.06","APO13.01","BAI03.05","BAI08.02","DSS01.03","DSS01.04","DSS02.02","DSS02.04","DSS02.07","DSS03.01","DSS03.05","DSS05.02","DSS05.03","DSS05.04","DSS05.05","DSS05.07","MEA01.01","MEA01.02","MEA01.03","MEA01.04","MEA01.05","MEA02.01"],"ISO 27001-2013":["A.11.2.6","A.12.4.1","A.12.4.2","A.12.4.3","A.12.4.4","A.12.7.1","A.13.1.1","A.13.2.1","A.14.1.3","A.14.2.7","A.15.2.1","A.15.2.2","A.16.1.4","A.16.1.5","A.16.1.7","A.6.2.1","A.6.2.2"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"],"PCI-DSS Requirement":["Req-10.5.5"]}'><td style="padding-left: 95px"><a href="#rule-detail-id34340" onclick="return openRuleDetailsDialog('id34340')">Record Events that Modify the System's Discretionary Access Controls - lsetxattr</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_removexattr" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_removexattr" id="rule-overview-leaf-id34341" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_dac_actions" data-references='{"NIST SP 800-171":["3.1.7"],"NIST SP 800-53":["AU-12(a)","AU-12.1(ii)","AU-12(c)","AU-12.1(iv)","AU-3","AU-3.1","MA-4(1)(a)"],"ANSSI":["BP28(R73)"],"https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf":["10.3.4"],"https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf":["DE.AE-3","DE.AE-5","DE.CM-1","DE.CM-3","DE.CM-7","ID.SC-4","PR.AC-3","PR.PT-1","PR.PT-4","RS.AN-1","RS.AN-4"],"https://public.cyber.mil/stigs/cci/":["CCI-000130","CCI-000135","CCI-000169","CCI-000172","CCI-002884"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000037-GPOS-00015","SRG-OS-000042-GPOS-00020","SRG-OS-000062-GPOS-00031","SRG-OS-000392-GPOS-00172","SRG-OS-000458-GPOS-00203","SRG-OS-000462-GPOS-00206","SRG-OS-000463-GPOS-00207","SRG-OS-000468-GPOS-00212","SRG-OS-000471-GPOS-00215","SRG-OS-000474-GPOS-00219","SRG-OS-000466-GPOS-00210","SRG-OS-000064-GPOS-00033"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux":["SLES-15-030190"],"https://public.cyber.mil/stigs/srg-stig-tools/":["SV-234918r622137_rule"],"https://www.cisecurity.org/benchmark/suse_linux/":["4.1.9"],"https://www.cisecurity.org/controls/":["1","11","12","13","14","15","16","19","2","3","4","5","6","7","8","9"],"FBI CJIS":["5.4.1.1"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)(ii)(A)","164.308(a)(5)(ii)(C)","164.312(a)(2)(i)","164.312(b)","164.312(d)","164.312(e)"],"https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu":["SR 1.13","SR 2.10","SR 2.11","SR 2.12","SR 2.6","SR 2.8","SR 2.9","SR 3.1","SR 3.5","SR 3.8","SR 4.1","SR 4.3","SR 5.1","SR 5.2","SR 5.3","SR 6.1","SR 6.2","SR 7.1","SR 7.6"],"https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat":["4.2.3.10","4.3.2.6.7","4.3.3.3.9","4.3.3.5.8","4.3.3.6.6","4.3.4.4.7","4.3.4.5.6","4.3.4.5.7","4.3.4.5.8","4.4.2.1","4.4.2.2","4.4.2.4"],"https://www.isaca.org/resources/cobit":["APO10.01","APO10.03","APO10.04","APO10.05","APO11.04","APO12.06","APO13.01","BAI03.05","BAI08.02","DSS01.03","DSS01.04","DSS02.02","DSS02.04","DSS02.07","DSS03.01","DSS03.05","DSS05.02","DSS05.03","DSS05.04","DSS05.05","DSS05.07","MEA01.01","MEA01.02","MEA01.03","MEA01.04","MEA01.05","MEA02.01"],"ISO 27001-2013":["A.11.2.6","A.12.4.1","A.12.4.2","A.12.4.3","A.12.4.4","A.12.7.1","A.13.1.1","A.13.2.1","A.14.1.3","A.14.2.7","A.15.2.1","A.15.2.2","A.16.1.4","A.16.1.5","A.16.1.7","A.6.2.1","A.6.2.2"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"],"PCI-DSS Requirement":["Req-10.5.5"]}'><td style="padding-left: 95px"><a href="#rule-detail-id34341" onclick="return openRuleDetailsDialog('id34341')">Record Events that Modify the System's Discretionary Access Controls - removexattr</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_setxattr" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_setxattr" id="rule-overview-leaf-id34342" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_dac_actions" data-references='{"NIST SP 800-171":["3.1.7"],"NIST SP 800-53":["AU-3","AU-3.1","AU-12(c)","AU-12.1(iv)","AU-12(a)","AU-12.1(ii)","MA-4(1)(a)"],"ANSSI":["BP28(R73)"],"https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf":["10.3.4"],"https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf":["DE.AE-3","DE.AE-5","DE.CM-1","DE.CM-3","DE.CM-7","ID.SC-4","PR.AC-3","PR.PT-1","PR.PT-4","RS.AN-1","RS.AN-4"],"https://public.cyber.mil/stigs/cci/":["CCI-000126","CCI-000130","CCI-000135","CCI-000169","CCI-000172","CCI-002884"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000037-GPOS-00015","SRG-OS-000042-GPOS-00020","SRG-OS-000062-GPOS-00031","SRG-OS-000392-GPOS-00172","SRG-OS-000462-GPOS-00206","SRG-OS-000466-GPOS-00210","SRG-OS-000471-GPOS-00215","SRG-OS-000064-GPOS-00033","SRG-OS-000458-GPOS-00203"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux":["SLES-15-030190"],"https://public.cyber.mil/stigs/srg-stig-tools/":["SV-234918r622137_rule"],"https://www.cisecurity.org/benchmark/suse_linux/":["4.1.9"],"https://www.cisecurity.org/controls/":["1","11","12","13","14","15","16","19","2","3","4","5","6","7","8","9"],"FBI CJIS":["5.4.1.1"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)(ii)(A)","164.308(a)(5)(ii)(C)","164.312(a)(2)(i)","164.312(b)","164.312(d)","164.312(e)"],"https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu":["SR 1.13","SR 2.10","SR 2.11","SR 2.12","SR 2.6","SR 2.8","SR 2.9","SR 3.1","SR 3.5","SR 3.8","SR 4.1","SR 4.3","SR 5.1","SR 5.2","SR 5.3","SR 6.1","SR 6.2","SR 7.1","SR 7.6"],"https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat":["4.2.3.10","4.3.2.6.7","4.3.3.3.9","4.3.3.5.8","4.3.3.6.6","4.3.4.4.7","4.3.4.5.6","4.3.4.5.7","4.3.4.5.8","4.4.2.1","4.4.2.2","4.4.2.4"],"https://www.isaca.org/resources/cobit":["APO10.01","APO10.03","APO10.04","APO10.05","APO11.04","APO12.06","APO13.01","BAI03.05","BAI08.02","DSS01.03","DSS01.04","DSS02.02","DSS02.04","DSS02.07","DSS03.01","DSS03.05","DSS05.02","DSS05.03","DSS05.04","DSS05.05","DSS05.07","MEA01.01","MEA01.02","MEA01.03","MEA01.04","MEA01.05","MEA02.01"],"ISO 27001-2013":["A.11.2.6","A.12.4.1","A.12.4.2","A.12.4.3","A.12.4.4","A.12.7.1","A.13.1.1","A.13.2.1","A.14.1.3","A.14.2.7","A.15.2.1","A.15.2.2","A.16.1.4","A.16.1.5","A.16.1.7","A.6.2.1","A.6.2.2"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"],"PCI-DSS Requirement":["Req-10.5.5"]}'><td style="padding-left: 95px"><a href="#rule-detail-id34342" onclick="return openRuleDetailsDialog('id34342')">Record Events that Modify the System's Discretionary Access Controls - setxattr</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_umount" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_umount" id="rule-overview-leaf-id34343" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_dac_actions" data-references='{"https://public.cyber.mil/stigs/cci/":["CCI-000130","CCI-000169","CCI-000172","CCI-002884"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000037-GPOS-00015","SRG-OS-000062-GPOS-00031","SRG-OS-000392-GPOS-00172","SRG-OS-000462-GPOS-00206","SRG-OS-000471-GPOS-00215"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux":["SLES-15-030360"],"https://public.cyber.mil/stigs/srg-stig-tools/":["SV-234935r622137_rule"]}'><td style="padding-left: 95px"><a href="#rule-detail-id34343" onclick="return openRuleDetailsDialog('id34343')">Record Events that Modify the System's Discretionary Access Controls - umount</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_umount2" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_umount2" id="rule-overview-leaf-id34344" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_dac_actions" data-references='{"ANSSI":["BP28(R73)"],"https://public.cyber.mil/stigs/cci/":["CCI-000130","CCI-000169","CCI-000172","CCI-002884"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000037-GPOS-00015","SRG-OS-000062-GPOS-00031","SRG-OS-000392-GPOS-00172","SRG-OS-000462-GPOS-00206","SRG-OS-000471-GPOS-00215"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux":["SLES-15-030360"],"https://public.cyber.mil/stigs/srg-stig-tools/":["SV-234935r622137_rule"]}'><td style="padding-left: 95px"><a href="#rule-detail-id34344" onclick="return openRuleDetailsDialog('id34344')">Record Events that Modify the System's Discretionary Access Controls - umount2</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_audit_execution_acl_commands" class="rule-overview-inner-node rule-overview-inner-node-id-xccdf_org.ssgproject.content_group_audit_execution_acl_commands" data-tt-parent-id="xccdf_org.ssgproject.content_group_auditd_configure_rules"><td colspan="3" style="padding-left: 76px">Record Execution Attempts to Run ACL Privileged Commands<script>$(document).ready(function(){$('.treetable').treetable("collapseNode","xccdf_org.ssgproject.content_group_audit_execution_acl_commands");});</script></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_execution_chacl" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_execution_chacl" id="rule-overview-leaf-id34345" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_execution_acl_commands" data-references='{"https://public.cyber.mil/stigs/cci/":["CCI-000130","CCI-000135","CCI-000169","CCI-000172","CCI-002884"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000037-GPOS-00015","SRG-OS-000042-GPOS-00020","SRG-OS-000062-GPOS-00031","SRG-OS-000392-GPOS-00172","SRG-OS-000462-GPOS-00206","SRG-OS-000471-GPOS-00215","SRG-OS-000466-GPOS-00210"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux":["SLES-15-030440"],"https://public.cyber.mil/stigs/srg-stig-tools/":["SV-234943r622137_rule"]}'><td style="padding-left: 95px"><a href="#rule-detail-id34345" onclick="return openRuleDetailsDialog('id34345')">Record Any Attempts to Run chacl</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_execution_chmod" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_execution_chmod" id="rule-overview-leaf-id34346" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_execution_acl_commands" data-references='{"https://public.cyber.mil/stigs/cci/":["CCI-000130","CCI-000169","CCI-000172","CCI-002884"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000037-GPOS-00015","SRG-OS-000062-GPOS-00031","SRG-OS-000392-GPOS-00172","SRG-OS-000462-GPOS-00206","SRG-OS-000471-GPOS-00215"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux":["SLES-15-030420"],"https://public.cyber.mil/stigs/srg-stig-tools/":["SV-234941r622137_rule"]}'><td style="padding-left: 95px"><a href="#rule-detail-id34346" onclick="return openRuleDetailsDialog('id34346')">Record Any Attempts to Run chmod</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_execution_setfacl" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_execution_setfacl" id="rule-overview-leaf-id34347" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_execution_acl_commands" data-references='{"https://public.cyber.mil/stigs/cci/":["CCI-000130","CCI-000135","CCI-000169","CCI-000172","CCI-002884"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000037-GPOS-00015","SRG-OS-000042-GPOS-00020","SRG-OS-000062-GPOS-00031","SRG-OS-000392-GPOS-00172","SRG-OS-000462-GPOS-00206","SRG-OS-000471-GPOS-00215"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux":["SLES-15-030430"],"https://public.cyber.mil/stigs/srg-stig-tools/":["SV-234942r622137_rule"]}'><td style="padding-left: 95px"><a href="#rule-detail-id34347" onclick="return openRuleDetailsDialog('id34347')">Record Any Attempts to Run setfacl</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_audit_execution_selinux_commands" class="rule-overview-inner-node rule-overview-inner-node-id-xccdf_org.ssgproject.content_group_audit_execution_selinux_commands" data-tt-parent-id="xccdf_org.ssgproject.content_group_auditd_configure_rules"><td colspan="3" style="padding-left: 76px">Record Execution Attempts to Run SELinux Privileged Commands<script>$(document).ready(function(){$('.treetable').treetable("collapseNode","xccdf_org.ssgproject.content_group_audit_execution_selinux_commands");});</script></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_execution_chcon" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_execution_chcon" id="rule-overview-leaf-id34348" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_execution_selinux_commands" data-references='{"NIST SP 800-171":["3.1.7"],"NIST SP 800-53":["AU-3","AU-3.1","AU-12(a)","AU-12.1(ii)AU-12.1(iv)","MA-4(1)(a)"],"https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf":["DE.CM-1","DE.CM-3","DE.CM-7","ID.SC-4","PR.PT-1"],"https://public.cyber.mil/stigs/cci/":["CCI-000130","CCI-000135","CCI-000169","CCI-000172","CCI-002884"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000037-GPOS-00015","SRG-OS-000042-GPOS-00020","SRG-OS-000062-GPOS-00031","SRG-OS-000392-GPOS-00172","SRG-OS-000462-GPOS-00206","SRG-OS-000468-GPOS-00212","SRG-OS-000471-GPOS-00215","SRG-OS-000463-GPOS-00207","SRG-OS-000465-GPOS-00209"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux":["SLES-15-030450"],"https://public.cyber.mil/stigs/srg-stig-tools/":["SV-234944r622137_rule"],"https://www.cisecurity.org/controls/":["1","12","13","14","15","16","2","3","5","6","7","8","9"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)(ii)(A)","164.308(a)(5)(ii)(C)","164.312(a)(2)(i)","164.312(b)","164.312(d)","164.312(e)"],"https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu":["SR 2.10","SR 2.11","SR 2.12","SR 2.8","SR 2.9","SR 6.1","SR 6.2"],"https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat":["4.3.2.6.7","4.3.3.3.9","4.3.3.5.8","4.3.4.4.7","4.4.2.1","4.4.2.2","4.4.2.4"],"https://www.isaca.org/resources/cobit":["APO10.01","APO10.03","APO10.04","APO10.05","APO11.04","BAI03.05","DSS01.03","DSS03.05","DSS05.02","DSS05.04","DSS05.05","DSS05.07","MEA01.01","MEA01.02","MEA01.03","MEA01.04","MEA01.05","MEA02.01"],"ISO 27001-2013":["A.12.4.1","A.12.4.2","A.12.4.3","A.12.4.4","A.12.7.1","A.14.2.7","A.15.2.1","A.15.2.2"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"]}'><td style="padding-left: 95px"><a href="#rule-detail-id34348" onclick="return openRuleDetailsDialog('id34348')">Record Any Attempts to Run chcon</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_execution_rm" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_execution_rm" id="rule-overview-leaf-id34349" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_execution_selinux_commands" data-references='{"https://public.cyber.mil/stigs/cci/":["CCI-000130","CCI-000169","CCI-000172","CCI-002884"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000037-GPOS-00015","SRG-OS-000062-GPOS-00031","SRG-OS-000392-GPOS-00172","SRG-OS-000462-GPOS-00206","SRG-OS-000471-GPOS-00215"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux":["SLES-15-030460"],"https://public.cyber.mil/stigs/srg-stig-tools/":["SV-234945r622137_rule"]}'><td style="padding-left: 95px"><a href="#rule-detail-id34349" onclick="return openRuleDetailsDialog('id34349')">Record Any Attempts to Run rm</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_audit_file_deletion_events" class="rule-overview-inner-node rule-overview-inner-node-id-xccdf_org.ssgproject.content_group_audit_file_deletion_events" data-tt-parent-id="xccdf_org.ssgproject.content_group_auditd_configure_rules"><td colspan="3" style="padding-left: 76px">Record File Deletion Events by User<script>$(document).ready(function(){$('.treetable').treetable("collapseNode","xccdf_org.ssgproject.content_group_audit_file_deletion_events");});</script></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_file_deletion_events_rename" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_file_deletion_events_rename" id="rule-overview-leaf-id34350" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_file_deletion_events" data-references='{"NIST SP 800-171":["3.1.7"],"NIST SP 800-53":["AU-2(d)","AU-12(c)","CM-6(a)"],"ANSSI":["BP28(R73)"],"https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf":["10.2.1.7"],"https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf":["DE.AE-3","DE.AE-5","DE.CM-1","DE.CM-3","DE.CM-7","ID.SC-4","PR.AC-3","PR.MA-2","PR.PT-1","PR.PT-4","RS.AN-1","RS.AN-4"],"https://public.cyber.mil/stigs/cci/":["CCI-000130","CCI-000135","CCI-000169","CCI-000172","CCI-000366","CCI-002884"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000037-GPOS-00015","SRG-OS-000042-GPOS-00020","SRG-OS-000062-GPOS-00031","SRG-OS-000392-GPOS-00172","SRG-OS-000462-GPOS-00206","SRG-OS-000471-GPOS-00215","SRG-OS-000466-GPOS-00210","SRG-OS-000467-GPOS-00211","SRG-OS-000468-GPOS-00212"],"https://www.cisecurity.org/benchmark/suse_linux/":["4.1.13"],"https://www.cisecurity.org/controls/":["1","11","12","13","14","15","16","19","2","3","4","5","6","7","8","9"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)(ii)(A)","164.308(a)(5)(ii)(C)","164.312(a)(2)(i)","164.312(b)","164.312(d)","164.312(e)"],"https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu":["SR 1.13","SR 2.10","SR 2.11","SR 2.12","SR 2.6","SR 2.8","SR 2.9","SR 3.1","SR 3.5","SR 3.8","SR 4.1","SR 4.3","SR 5.1","SR 5.2","SR 5.3","SR 6.1","SR 6.2","SR 7.1","SR 7.6"],"https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat":["4.2.3.10","4.3.2.6.7","4.3.3.3.9","4.3.3.5.8","4.3.3.6.5","4.3.3.6.6","4.3.3.6.7","4.3.3.6.8","4.3.4.4.7","4.3.4.5.6","4.3.4.5.7","4.3.4.5.8","4.4.2.1","4.4.2.2","4.4.2.4"],"https://www.isaca.org/resources/cobit":["APO10.01","APO10.03","APO10.04","APO10.05","APO11.04","APO12.06","APO13.01","BAI03.05","BAI08.02","DSS01.03","DSS01.04","DSS02.02","DSS02.04","DSS02.07","DSS03.01","DSS03.05","DSS05.02","DSS05.03","DSS05.04","DSS05.05","DSS05.07","MEA01.01","MEA01.02","MEA01.03","MEA01.04","MEA01.05","MEA02.01"],"ISO 27001-2013":["A.11.2.4","A.11.2.6","A.12.4.1","A.12.4.2","A.12.4.3","A.12.4.4","A.12.7.1","A.13.1.1","A.13.2.1","A.14.1.3","A.14.2.7","A.15.1.1","A.15.2.1","A.15.2.2","A.16.1.4","A.16.1.5","A.16.1.7","A.6.2.1","A.6.2.2"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"],"PCI-DSS Requirement":["Req-10.2.7"]}'><td style="padding-left: 95px"><a href="#rule-detail-id34350" onclick="return openRuleDetailsDialog('id34350')">Ensure auditd Collects File Deletion Events by User - rename</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_file_deletion_events_renameat" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_file_deletion_events_renameat" id="rule-overview-leaf-id34351" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_file_deletion_events" data-references='{"NIST SP 800-171":["3.1.7"],"NIST SP 800-53":["AU-2(d)","AU-12(c)","CM-6(a)"],"ANSSI":["BP28(R73)"],"https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf":["10.2.1.7"],"https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf":["DE.AE-3","DE.AE-5","DE.CM-1","DE.CM-3","DE.CM-7","ID.SC-4","PR.AC-3","PR.MA-2","PR.PT-1","PR.PT-4","RS.AN-1","RS.AN-4"],"https://public.cyber.mil/stigs/cci/":["CCI-000130","CCI-000135","CCI-000169","CCI-000172","CCI-000366","CCI-002884"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000037-GPOS-00015","SRG-OS-000042-GPOS-00020","SRG-OS-000062-GPOS-00031","SRG-OS-000392-GPOS-00172","SRG-OS-000462-GPOS-00206","SRG-OS-000471-GPOS-00215","SRG-OS-000466-GPOS-00210","SRG-OS-000467-GPOS-00211","SRG-OS-000468-GPOS-00212"],"https://www.cisecurity.org/benchmark/suse_linux/":["4.1.13"],"https://www.cisecurity.org/controls/":["1","11","12","13","14","15","16","19","2","3","4","5","6","7","8","9"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)(ii)(A)","164.308(a)(5)(ii)(C)","164.312(a)(2)(i)","164.312(b)","164.312(d)","164.312(e)"],"https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu":["SR 1.13","SR 2.10","SR 2.11","SR 2.12","SR 2.6","SR 2.8","SR 2.9","SR 3.1","SR 3.5","SR 3.8","SR 4.1","SR 4.3","SR 5.1","SR 5.2","SR 5.3","SR 6.1","SR 6.2","SR 7.1","SR 7.6"],"https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat":["4.2.3.10","4.3.2.6.7","4.3.3.3.9","4.3.3.5.8","4.3.3.6.5","4.3.3.6.6","4.3.3.6.7","4.3.3.6.8","4.3.4.4.7","4.3.4.5.6","4.3.4.5.7","4.3.4.5.8","4.4.2.1","4.4.2.2","4.4.2.4"],"https://www.isaca.org/resources/cobit":["APO10.01","APO10.03","APO10.04","APO10.05","APO11.04","APO12.06","APO13.01","BAI03.05","BAI08.02","DSS01.03","DSS01.04","DSS02.02","DSS02.04","DSS02.07","DSS03.01","DSS03.05","DSS05.02","DSS05.03","DSS05.04","DSS05.05","DSS05.07","MEA01.01","MEA01.02","MEA01.03","MEA01.04","MEA01.05","MEA02.01"],"ISO 27001-2013":["A.11.2.4","A.11.2.6","A.12.4.1","A.12.4.2","A.12.4.3","A.12.4.4","A.12.7.1","A.13.1.1","A.13.2.1","A.14.1.3","A.14.2.7","A.15.1.1","A.15.2.1","A.15.2.2","A.16.1.4","A.16.1.5","A.16.1.7","A.6.2.1","A.6.2.2"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"],"PCI-DSS Requirement":["Req-10.2.7"]}'><td style="padding-left: 95px"><a href="#rule-detail-id34351" onclick="return openRuleDetailsDialog('id34351')">Ensure auditd Collects File Deletion Events by User - renameat</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_file_deletion_events_unlink" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_file_deletion_events_unlink" id="rule-overview-leaf-id34352" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_file_deletion_events" data-references='{"NIST SP 800-171":["3.1.7"],"NIST SP 800-53":["AU-2(d)","AU-12(c)","CM-6(a)"],"ANSSI":["BP28(R73)"],"https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf":["10.2.1.7"],"https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf":["DE.AE-3","DE.AE-5","DE.CM-1","DE.CM-3","DE.CM-7","ID.SC-4","PR.AC-3","PR.MA-2","PR.PT-1","PR.PT-4","RS.AN-1","RS.AN-4"],"https://public.cyber.mil/stigs/cci/":["CCI-000130","CCI-000135","CCI-000169","CCI-000172","CCI-000366","CCI-002884"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000037-GPOS-00015","SRG-OS-000042-GPOS-00020","SRG-OS-000062-GPOS-00031","SRG-OS-000392-GPOS-00172","SRG-OS-000462-GPOS-00206","SRG-OS-000471-GPOS-00215","SRG-OS-000466-GPOS-00210","SRG-OS-000467-GPOS-00211","SRG-OS-000468-GPOS-00212"],"https://www.cisecurity.org/benchmark/suse_linux/":["4.1.13"],"https://www.cisecurity.org/controls/":["1","11","12","13","14","15","16","19","2","3","4","5","6","7","8","9"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)(ii)(A)","164.308(a)(5)(ii)(C)","164.312(a)(2)(i)","164.312(b)","164.312(d)","164.312(e)"],"https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu":["SR 1.13","SR 2.10","SR 2.11","SR 2.12","SR 2.6","SR 2.8","SR 2.9","SR 3.1","SR 3.5","SR 3.8","SR 4.1","SR 4.3","SR 5.1","SR 5.2","SR 5.3","SR 6.1","SR 6.2","SR 7.1","SR 7.6"],"https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat":["4.2.3.10","4.3.2.6.7","4.3.3.3.9","4.3.3.5.8","4.3.3.6.5","4.3.3.6.6","4.3.3.6.7","4.3.3.6.8","4.3.4.4.7","4.3.4.5.6","4.3.4.5.7","4.3.4.5.8","4.4.2.1","4.4.2.2","4.4.2.4"],"https://www.isaca.org/resources/cobit":["APO10.01","APO10.03","APO10.04","APO10.05","APO11.04","APO12.06","APO13.01","BAI03.05","BAI08.02","DSS01.03","DSS01.04","DSS02.02","DSS02.04","DSS02.07","DSS03.01","DSS03.05","DSS05.02","DSS05.03","DSS05.04","DSS05.05","DSS05.07","MEA01.01","MEA01.02","MEA01.03","MEA01.04","MEA01.05","MEA02.01"],"ISO 27001-2013":["A.11.2.4","A.11.2.6","A.12.4.1","A.12.4.2","A.12.4.3","A.12.4.4","A.12.7.1","A.13.1.1","A.13.2.1","A.14.1.3","A.14.2.7","A.15.1.1","A.15.2.1","A.15.2.2","A.16.1.4","A.16.1.5","A.16.1.7","A.6.2.1","A.6.2.2"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"],"PCI-DSS Requirement":["Req-10.2.7"]}'><td style="padding-left: 95px"><a href="#rule-detail-id34352" onclick="return openRuleDetailsDialog('id34352')">Ensure auditd Collects File Deletion Events by User - unlink</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_file_deletion_events_unlinkat" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_file_deletion_events_unlinkat" id="rule-overview-leaf-id34353" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_file_deletion_events" data-references='{"NIST SP 800-171":["3.1.7"],"NIST SP 800-53":["AU-2(d)","AU-12(c)","CM-6(a)"],"ANSSI":["BP28(R73)"],"https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf":["10.2.1.7"],"https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf":["DE.AE-3","DE.AE-5","DE.CM-1","DE.CM-3","DE.CM-7","ID.SC-4","PR.AC-3","PR.MA-2","PR.PT-1","PR.PT-4","RS.AN-1","RS.AN-4"],"https://public.cyber.mil/stigs/cci/":["CCI-000130","CCI-000135","CCI-000169","CCI-000172","CCI-000366","CCI-002884"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000037-GPOS-00015","SRG-OS-000042-GPOS-00020","SRG-OS-000062-GPOS-00031","SRG-OS-000392-GPOS-00172","SRG-OS-000462-GPOS-00206","SRG-OS-000471-GPOS-00215","SRG-OS-000466-GPOS-00210","SRG-OS-000467-GPOS-00211","SRG-OS-000468-GPOS-00212"],"https://www.cisecurity.org/benchmark/suse_linux/":["4.1.13"],"https://www.cisecurity.org/controls/":["1","11","12","13","14","15","16","19","2","3","4","5","6","7","8","9"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)(ii)(A)","164.308(a)(5)(ii)(C)","164.312(a)(2)(i)","164.312(b)","164.312(d)","164.312(e)"],"https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu":["SR 1.13","SR 2.10","SR 2.11","SR 2.12","SR 2.6","SR 2.8","SR 2.9","SR 3.1","SR 3.5","SR 3.8","SR 4.1","SR 4.3","SR 5.1","SR 5.2","SR 5.3","SR 6.1","SR 6.2","SR 7.1","SR 7.6"],"https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat":["4.2.3.10","4.3.2.6.7","4.3.3.3.9","4.3.3.5.8","4.3.3.6.5","4.3.3.6.6","4.3.3.6.7","4.3.3.6.8","4.3.4.4.7","4.3.4.5.6","4.3.4.5.7","4.3.4.5.8","4.4.2.1","4.4.2.2","4.4.2.4"],"https://www.isaca.org/resources/cobit":["APO10.01","APO10.03","APO10.04","APO10.05","APO11.04","APO12.06","APO13.01","BAI03.05","BAI08.02","DSS01.03","DSS01.04","DSS02.02","DSS02.04","DSS02.07","DSS03.01","DSS03.05","DSS05.02","DSS05.03","DSS05.04","DSS05.05","DSS05.07","MEA01.01","MEA01.02","MEA01.03","MEA01.04","MEA01.05","MEA02.01"],"ISO 27001-2013":["A.11.2.4","A.11.2.6","A.12.4.1","A.12.4.2","A.12.4.3","A.12.4.4","A.12.7.1","A.13.1.1","A.13.2.1","A.14.1.3","A.14.2.7","A.15.1.1","A.15.2.1","A.15.2.2","A.16.1.4","A.16.1.5","A.16.1.7","A.6.2.1","A.6.2.2"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"],"PCI-DSS Requirement":["Req-10.2.7"]}'><td style="padding-left: 95px"><a href="#rule-detail-id34353" onclick="return openRuleDetailsDialog('id34353')">Ensure auditd Collects File Deletion Events by User - unlinkat</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_audit_file_modification" class="rule-overview-inner-node rule-overview-inner-node-id-xccdf_org.ssgproject.content_group_audit_file_modification" data-tt-parent-id="xccdf_org.ssgproject.content_group_auditd_configure_rules"><td colspan="3" style="padding-left: 76px">Record Unauthorized Access Attempts Events to Files (unsuccessful)<script>$(document).ready(function(){$('.treetable').treetable("collapseNode","xccdf_org.ssgproject.content_group_audit_file_modification");});</script></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_creat" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_creat" id="rule-overview-leaf-id34354" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_file_modification" data-references='{"NIST SP 800-171":["3.1.7"],"NIST SP 800-53":["AU-3","AU-3.1","AU-12(a)","AU-12.1(ii)","AU-12(c)","AU-12.1(iv)","MA-4(1)(a)"],"ANSSI":["BP28(R73)"],"https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf":["10.2.1.1","10.2.1.4"],"https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf":["DE.AE-3","DE.AE-5","DE.CM-1","DE.CM-3","DE.CM-7","ID.SC-4","PR.AC-3","PR.PT-1","PR.PT-4","RS.AN-1","RS.AN-4"],"https://public.cyber.mil/stigs/cci/":["CCI-000130","CCI-000135","CCI-000169","CCI-000172","CCI-002884"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000037-GPOS-00015","SRG-OS-000042-GPOS-00020","SRG-OS-000062-GPOS-00031","SRG-OS-000392-GPOS-00172","SRG-OS-000462-GPOS-00206","SRG-OS-000471-GPOS-00215","SRG-OS-000064-GPOS-00033","SRG-OS-000458-GPOS-00203","SRG-OS-000461-GPOS-00205"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux":["SLES-15-030150"],"https://public.cyber.mil/stigs/srg-stig-tools/":["SV-234914r622137_rule"],"https://www.cisecurity.org/benchmark/suse_linux/":["4.1.10"],"https://www.cisecurity.org/controls/":["1","11","12","13","14","15","16","19","2","3","4","5","6","7","8","9"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)(ii)(A)","164.308(a)(5)(ii)(C)","164.312(a)(2)(i)","164.312(b)","164.312(d)","164.312(e)"],"https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu":["SR 1.13","SR 2.10","SR 2.11","SR 2.12","SR 2.6","SR 2.8","SR 2.9","SR 3.1","SR 3.5","SR 3.8","SR 4.1","SR 4.3","SR 5.1","SR 5.2","SR 5.3","SR 6.1","SR 6.2","SR 7.1","SR 7.6"],"https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat":["4.2.3.10","4.3.2.6.7","4.3.3.3.9","4.3.3.5.8","4.3.3.6.6","4.3.4.4.7","4.3.4.5.6","4.3.4.5.7","4.3.4.5.8","4.4.2.1","4.4.2.2","4.4.2.4"],"https://www.isaca.org/resources/cobit":["APO10.01","APO10.03","APO10.04","APO10.05","APO11.04","APO12.06","APO13.01","BAI03.05","BAI08.02","DSS01.03","DSS01.04","DSS02.02","DSS02.04","DSS02.07","DSS03.01","DSS03.05","DSS05.02","DSS05.03","DSS05.04","DSS05.05","DSS05.07","MEA01.01","MEA01.02","MEA01.03","MEA01.04","MEA01.05","MEA02.01"],"ISO 27001-2013":["A.11.2.6","A.12.4.1","A.12.4.2","A.12.4.3","A.12.4.4","A.12.7.1","A.13.1.1","A.13.2.1","A.14.1.3","A.14.2.7","A.15.2.1","A.15.2.2","A.16.1.4","A.16.1.5","A.16.1.7","A.6.2.1","A.6.2.2"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"],"PCI-DSS Requirement":["Req-10.2.4","Req-10.2.1"]}'><td style="padding-left: 95px"><a href="#rule-detail-id34354" onclick="return openRuleDetailsDialog('id34354')">Record Unsuccessful Access Attempts to Files - creat</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_ftruncate" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_ftruncate" id="rule-overview-leaf-id34355" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_file_modification" data-references='{"NIST SP 800-171":["3.1.7"],"NIST SP 800-53":["AU-3","AU-3.1","AU-12(c)","AU-12.1(iv)","AU-12(a)","AU-12.1(ii)","MA-4(1)(a)"],"ANSSI":["BP28(R73)"],"https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf":["10.2.1.1","10.2.1.4"],"https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf":["DE.AE-3","DE.AE-5","DE.CM-1","DE.CM-3","DE.CM-7","ID.SC-4","PR.AC-3","PR.PT-1","PR.PT-4","RS.AN-1","RS.AN-4"],"https://public.cyber.mil/stigs/cci/":["CCI-000130","CCI-000135","CCI-000169","CCI-000172","CCI-002884"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000037-GPOS-00015","SRG-OS-000042-GPOS-00020","SRG-OS-000062-GPOS-00031","SRG-OS-000392-GPOS-00172","SRG-OS-000462-GPOS-00206","SRG-OS-000471-GPOS-00215","SRG-OS-000064-GPOS-00033","SRG-OS-000458-GPOS-00203","SRG-OS-000461-GPOS-00205"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux":["SLES-15-030150"],"https://public.cyber.mil/stigs/srg-stig-tools/":["SV-234914r622137_rule"],"https://www.cisecurity.org/benchmark/suse_linux/":["4.1.10"],"https://www.cisecurity.org/controls/":["1","11","12","13","14","15","16","19","2","3","4","5","6","7","8","9"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)(ii)(A)","164.308(a)(5)(ii)(C)","164.312(a)(2)(i)","164.312(b)","164.312(d)","164.312(e)"],"https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu":["SR 1.13","SR 2.10","SR 2.11","SR 2.12","SR 2.6","SR 2.8","SR 2.9","SR 3.1","SR 3.5","SR 3.8","SR 4.1","SR 4.3","SR 5.1","SR 5.2","SR 5.3","SR 6.1","SR 6.2","SR 7.1","SR 7.6"],"https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat":["4.2.3.10","4.3.2.6.7","4.3.3.3.9","4.3.3.5.8","4.3.3.6.6","4.3.4.4.7","4.3.4.5.6","4.3.4.5.7","4.3.4.5.8","4.4.2.1","4.4.2.2","4.4.2.4"],"https://www.isaca.org/resources/cobit":["APO10.01","APO10.03","APO10.04","APO10.05","APO11.04","APO12.06","APO13.01","BAI03.05","BAI08.02","DSS01.03","DSS01.04","DSS02.02","DSS02.04","DSS02.07","DSS03.01","DSS03.05","DSS05.02","DSS05.03","DSS05.04","DSS05.05","DSS05.07","MEA01.01","MEA01.02","MEA01.03","MEA01.04","MEA01.05","MEA02.01"],"ISO 27001-2013":["A.11.2.6","A.12.4.1","A.12.4.2","A.12.4.3","A.12.4.4","A.12.7.1","A.13.1.1","A.13.2.1","A.14.1.3","A.14.2.7","A.15.2.1","A.15.2.2","A.16.1.4","A.16.1.5","A.16.1.7","A.6.2.1","A.6.2.2"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"],"PCI-DSS Requirement":["Req-10.2.4","Req-10.2.1"]}'><td style="padding-left: 95px"><a href="#rule-detail-id34355" onclick="return openRuleDetailsDialog('id34355')">Record Unsuccessful Access Attempts to Files - ftruncate</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_open" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_open" id="rule-overview-leaf-id34356" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_file_modification" data-references='{"NIST SP 800-171":["3.1.7"],"NIST SP 800-53":["AU-12(c)","AU-12.1(iv)","AU-12(a)","AU-12.1(ii)","AU-3","AU-3.1","MA-4(1)(a)"],"ANSSI":["BP28(R73)"],"https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf":["10.2.1.1","10.2.1.4"],"https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf":["DE.AE-3","DE.AE-5","DE.CM-1","DE.CM-3","DE.CM-7","ID.SC-4","PR.AC-3","PR.PT-1","PR.PT-4","RS.AN-1","RS.AN-4"],"https://public.cyber.mil/stigs/cci/":["CCI-000130","CCI-000135","CCI-000169","CCI-000172","CCI-002884"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000037-GPOS-00015","SRG-OS-000042-GPOS-00020","SRG-OS-000062-GPOS-00031","SRG-OS-000392-GPOS-00172","SRG-OS-000462-GPOS-00206","SRG-OS-000471-GPOS-00215","SRG-OS-000064-GPOS-00033","SRG-OS-000458-GPOS-00203","SRG-OS-000461-GPOS-00205"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux":["SLES-15-030150"],"https://public.cyber.mil/stigs/srg-stig-tools/":["SV-234914r622137_rule"],"https://www.cisecurity.org/benchmark/suse_linux/":["4.1.10"],"https://www.cisecurity.org/controls/":["1","11","12","13","14","15","16","19","2","3","4","5","6","7","8","9"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)(ii)(A)","164.308(a)(5)(ii)(C)","164.312(a)(2)(i)","164.312(b)","164.312(d)","164.312(e)"],"https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu":["SR 1.13","SR 2.10","SR 2.11","SR 2.12","SR 2.6","SR 2.8","SR 2.9","SR 3.1","SR 3.5","SR 3.8","SR 4.1","SR 4.3","SR 5.1","SR 5.2","SR 5.3","SR 6.1","SR 6.2","SR 7.1","SR 7.6"],"https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat":["4.2.3.10","4.3.2.6.7","4.3.3.3.9","4.3.3.5.8","4.3.3.6.6","4.3.4.4.7","4.3.4.5.6","4.3.4.5.7","4.3.4.5.8","4.4.2.1","4.4.2.2","4.4.2.4"],"https://www.isaca.org/resources/cobit":["APO10.01","APO10.03","APO10.04","APO10.05","APO11.04","APO12.06","APO13.01","BAI03.05","BAI08.02","DSS01.03","DSS01.04","DSS02.02","DSS02.04","DSS02.07","DSS03.01","DSS03.05","DSS05.02","DSS05.03","DSS05.04","DSS05.05","DSS05.07","MEA01.01","MEA01.02","MEA01.03","MEA01.04","MEA01.05","MEA02.01"],"ISO 27001-2013":["A.11.2.6","A.12.4.1","A.12.4.2","A.12.4.3","A.12.4.4","A.12.7.1","A.13.1.1","A.13.2.1","A.14.1.3","A.14.2.7","A.15.2.1","A.15.2.2","A.16.1.4","A.16.1.5","A.16.1.7","A.6.2.1","A.6.2.2"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"],"PCI-DSS Requirement":["Req-10.2.4","Req-10.2.1"]}'><td style="padding-left: 95px"><a href="#rule-detail-id34356" onclick="return openRuleDetailsDialog('id34356')">Record Unsuccessful Access Attempts to Files - open</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_open_by_handle_at" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_open_by_handle_at" id="rule-overview-leaf-id34357" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_file_modification" data-references='{"NIST SP 800-171":["3.1.7"],"NIST SP 800-53":["AU-3","AU-3.1","AU-12(c)","AU-12.1(iv)","AU-12(a)","AU-12.1(ii)","MA-4(1)(a)"],"https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf":["10.2.1.1","10.2.1.4"],"https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf":["DE.AE-3","DE.AE-5","DE.CM-1","DE.CM-3","DE.CM-7","ID.SC-4","PR.AC-3","PR.PT-1","PR.PT-4","RS.AN-1","RS.AN-4"],"https://public.cyber.mil/stigs/cci/":["CCI-000130","CCI-000135","CCI-000169","CCI-000172","CCI-002884"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000037-GPOS-00015","SRG-OS-000042-GPOS-00020","SRG-OS-000062-GPOS-00031","SRG-OS-000392-GPOS-00172","SRG-OS-000462-GPOS-00206","SRG-OS-000471-GPOS-00215","SRG-OS-000064-GPOS-00033","SRG-OS-000458-GPOS-00203","SRG-OS-000461-GPOS-00205"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux":["SLES-15-030150"],"https://public.cyber.mil/stigs/srg-stig-tools/":["SV-234914r622137_rule"],"https://www.cisecurity.org/controls/":["1","11","12","13","14","15","16","19","2","3","4","5","6","7","8","9"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)(ii)(A)","164.308(a)(5)(ii)(C)","164.312(a)(2)(i)","164.312(b)","164.312(d)","164.312(e)"],"https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu":["SR 1.13","SR 2.10","SR 2.11","SR 2.12","SR 2.6","SR 2.8","SR 2.9","SR 3.1","SR 3.5","SR 3.8","SR 4.1","SR 4.3","SR 5.1","SR 5.2","SR 5.3","SR 6.1","SR 6.2","SR 7.1","SR 7.6"],"https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat":["4.2.3.10","4.3.2.6.7","4.3.3.3.9","4.3.3.5.8","4.3.3.6.6","4.3.4.4.7","4.3.4.5.6","4.3.4.5.7","4.3.4.5.8","4.4.2.1","4.4.2.2","4.4.2.4"],"https://www.isaca.org/resources/cobit":["APO10.01","APO10.03","APO10.04","APO10.05","APO11.04","APO12.06","APO13.01","BAI03.05","BAI08.02","DSS01.03","DSS01.04","DSS02.02","DSS02.04","DSS02.07","DSS03.01","DSS03.05","DSS05.02","DSS05.03","DSS05.04","DSS05.05","DSS05.07","MEA01.01","MEA01.02","MEA01.03","MEA01.04","MEA01.05","MEA02.01"],"ISO 27001-2013":["A.11.2.6","A.12.4.1","A.12.4.2","A.12.4.3","A.12.4.4","A.12.7.1","A.13.1.1","A.13.2.1","A.14.1.3","A.14.2.7","A.15.2.1","A.15.2.2","A.16.1.4","A.16.1.5","A.16.1.7","A.6.2.1","A.6.2.2"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"],"PCI-DSS Requirement":["Req-10.2.4","Req-10.2.1"]}'><td style="padding-left: 95px"><a href="#rule-detail-id34357" onclick="return openRuleDetailsDialog('id34357')">Record Unsuccessful Access Attempts to Files - open_by_handle_at</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_openat" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_openat" id="rule-overview-leaf-id34358" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_file_modification" data-references='{"NIST SP 800-171":["3.1.7"],"NIST SP 800-53":["AU-12(a)","AU-12.1(ii)","AU-12(c)","AU-12.1(iv)","AU-3","AU-3.1","MA-4(1)(a)"],"ANSSI":["BP28(R73)"],"https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf":["10.2.1.1","10.2.1.4"],"https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf":["DE.AE-3","DE.AE-5","DE.CM-1","DE.CM-3","DE.CM-7","ID.SC-4","PR.AC-3","PR.PT-1","PR.PT-4","RS.AN-1","RS.AN-4"],"https://public.cyber.mil/stigs/cci/":["CCI-000130","CCI-000135","CCI-000169","CCI-000172","CCI-002884"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000037-GPOS-00015","SRG-OS-000042-GPOS-00020","SRG-OS-000062-GPOS-00031","SRG-OS-000392-GPOS-00172","SRG-OS-000462-GPOS-00206","SRG-OS-000471-GPOS-00215","SRG-OS-000064-GPOS-00033","SRG-OS-000458-GPOS-00203","SRG-OS-000461-GPOS-00205"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux":["SLES-15-030150"],"https://public.cyber.mil/stigs/srg-stig-tools/":["SV-234914r622137_rule"],"https://www.cisecurity.org/benchmark/suse_linux/":["4.1.10"],"https://www.cisecurity.org/controls/":["1","11","12","13","14","15","16","19","2","3","4","5","6","7","8","9"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)(ii)(A)","164.308(a)(5)(ii)(C)","164.312(a)(2)(i)","164.312(b)","164.312(d)","164.312(e)"],"https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu":["SR 1.13","SR 2.10","SR 2.11","SR 2.12","SR 2.6","SR 2.8","SR 2.9","SR 3.1","SR 3.5","SR 3.8","SR 4.1","SR 4.3","SR 5.1","SR 5.2","SR 5.3","SR 6.1","SR 6.2","SR 7.1","SR 7.6"],"https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat":["4.2.3.10","4.3.2.6.7","4.3.3.3.9","4.3.3.5.8","4.3.3.6.6","4.3.4.4.7","4.3.4.5.6","4.3.4.5.7","4.3.4.5.8","4.4.2.1","4.4.2.2","4.4.2.4"],"https://www.isaca.org/resources/cobit":["APO10.01","APO10.03","APO10.04","APO10.05","APO11.04","APO12.06","APO13.01","BAI03.05","BAI08.02","DSS01.03","DSS01.04","DSS02.02","DSS02.04","DSS02.07","DSS03.01","DSS03.05","DSS05.02","DSS05.03","DSS05.04","DSS05.05","DSS05.07","MEA01.01","MEA01.02","MEA01.03","MEA01.04","MEA01.05","MEA02.01"],"ISO 27001-2013":["A.11.2.6","A.12.4.1","A.12.4.2","A.12.4.3","A.12.4.4","A.12.7.1","A.13.1.1","A.13.2.1","A.14.1.3","A.14.2.7","A.15.2.1","A.15.2.2","A.16.1.4","A.16.1.5","A.16.1.7","A.6.2.1","A.6.2.2"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"],"PCI-DSS Requirement":["Req-10.2.4","Req-10.2.1"]}'><td style="padding-left: 95px"><a href="#rule-detail-id34358" onclick="return openRuleDetailsDialog('id34358')">Record Unsuccessful Access Attempts to Files - openat</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_rename" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_rename" id="rule-overview-leaf-id34359" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_file_modification" data-references='{"NIST SP 800-171":["3.1.7"],"NIST SP 800-53":["AU-12(c)","AU-12.1(iv)"],"https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf":["10.2.1.1","10.2.1.4"],"https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf":["DE.AE-3","DE.AE-5","DE.CM-1","DE.CM-3","DE.CM-7","ID.SC-4","PR.AC-3","PR.PT-1","PR.PT-4","RS.AN-1","RS.AN-4"],"https://public.cyber.mil/stigs/cci/":["CCI-000172","CCI-002884"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000064-GPOS-00033","SRG-OS-000392-GPOS-00172","SRG-OS-000458-GPOS-00203","SRG-OS-000461-GPOS-00205","SRG-OS-000468-GPOS-00212"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux":["SLES-15-030740"],"https://public.cyber.mil/stigs/srg-stig-tools/":["SV-234973r622137_rule"],"https://www.cisecurity.org/controls/":["1","11","12","13","14","15","16","19","2","3","4","5","6","7","8","9"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)(ii)(A)","164.308(a)(5)(ii)(C)","164.312(a)(2)(i)","164.312(b)","164.312(d)","164.312(e)"],"https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu":["SR 1.13","SR 2.10","SR 2.11","SR 2.12","SR 2.6","SR 2.8","SR 2.9","SR 3.1","SR 3.5","SR 3.8","SR 4.1","SR 4.3","SR 5.1","SR 5.2","SR 5.3","SR 6.1","SR 6.2","SR 7.1","SR 7.6"],"https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat":["4.2.3.10","4.3.2.6.7","4.3.3.3.9","4.3.3.5.8","4.3.3.6.6","4.3.4.4.7","4.3.4.5.6","4.3.4.5.7","4.3.4.5.8","4.4.2.1","4.4.2.2","4.4.2.4"],"https://www.isaca.org/resources/cobit":["APO10.01","APO10.03","APO10.04","APO10.05","APO11.04","APO12.06","APO13.01","BAI03.05","BAI08.02","DSS01.03","DSS01.04","DSS02.02","DSS02.04","DSS02.07","DSS03.01","DSS03.05","DSS05.02","DSS05.03","DSS05.04","DSS05.05","DSS05.07","MEA01.01","MEA01.02","MEA01.03","MEA01.04","MEA01.05","MEA02.01"],"ISO 27001-2013":["A.11.2.6","A.12.4.1","A.12.4.2","A.12.4.3","A.12.4.4","A.12.7.1","A.13.1.1","A.13.2.1","A.14.1.3","A.14.2.7","A.15.2.1","A.15.2.2","A.16.1.4","A.16.1.5","A.16.1.7","A.6.2.1","A.6.2.2"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"],"PCI-DSS Requirement":["Req-10.2.4","Req-10.2.1"]}'><td style="padding-left: 95px"><a href="#rule-detail-id34359" onclick="return openRuleDetailsDialog('id34359')">Record Unsuccessful Delete Attempts to Files - rename</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_renameat" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_renameat" id="rule-overview-leaf-id34360" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_file_modification" data-references='{"NIST SP 800-171":["3.1.7"],"NIST SP 800-53":["AU-12(c)","AU-12.1(iv)"],"https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf":["10.2.1.1","10.2.1.4"],"https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf":["DE.AE-3","DE.AE-5","DE.CM-1","DE.CM-3","DE.CM-7","ID.SC-4","PR.AC-3","PR.PT-1","PR.PT-4","RS.AN-1","RS.AN-4"],"https://public.cyber.mil/stigs/cci/":["CCI-000172","CCI-002884"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000064-GPOS-00033","SRG-OS-000392-GPOS-00172","SRG-OS-000458-GPOS-00203","SRG-OS-000461-GPOS-00205","SRG-OS-000468-GPOS-00212"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux":["SLES-15-030740"],"https://public.cyber.mil/stigs/srg-stig-tools/":["SV-234973r622137_rule"],"https://www.cisecurity.org/controls/":["1","11","12","13","14","15","16","19","2","3","4","5","6","7","8","9"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)(ii)(A)","164.308(a)(5)(ii)(C)","164.312(a)(2)(i)","164.312(b)","164.312(d)","164.312(e)"],"https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu":["SR 1.13","SR 2.10","SR 2.11","SR 2.12","SR 2.6","SR 2.8","SR 2.9","SR 3.1","SR 3.5","SR 3.8","SR 4.1","SR 4.3","SR 5.1","SR 5.2","SR 5.3","SR 6.1","SR 6.2","SR 7.1","SR 7.6"],"https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat":["4.2.3.10","4.3.2.6.7","4.3.3.3.9","4.3.3.5.8","4.3.3.6.6","4.3.4.4.7","4.3.4.5.6","4.3.4.5.7","4.3.4.5.8","4.4.2.1","4.4.2.2","4.4.2.4"],"https://www.isaca.org/resources/cobit":["APO10.01","APO10.03","APO10.04","APO10.05","APO11.04","APO12.06","APO13.01","BAI03.05","BAI08.02","DSS01.03","DSS01.04","DSS02.02","DSS02.04","DSS02.07","DSS03.01","DSS03.05","DSS05.02","DSS05.03","DSS05.04","DSS05.05","DSS05.07","MEA01.01","MEA01.02","MEA01.03","MEA01.04","MEA01.05","MEA02.01"],"ISO 27001-2013":["A.11.2.6","A.12.4.1","A.12.4.2","A.12.4.3","A.12.4.4","A.12.7.1","A.13.1.1","A.13.2.1","A.14.1.3","A.14.2.7","A.15.2.1","A.15.2.2","A.16.1.4","A.16.1.5","A.16.1.7","A.6.2.1","A.6.2.2"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"],"PCI-DSS Requirement":["Req-10.2.4","Req-10.2.1"]}'><td style="padding-left: 95px"><a href="#rule-detail-id34360" onclick="return openRuleDetailsDialog('id34360')">Record Unsuccessful Delete Attempts to Files - renameat</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_renameat2" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_renameat2" id="rule-overview-leaf-id34361" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_file_modification" data-references='{"NIST SP 800-53":["AU-12(c)","AU-12.1(iv)"],"https://public.cyber.mil/stigs/cci/":["CCI-000172"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000468-GPOS-00212"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux":["SLES-15-030740"],"https://public.cyber.mil/stigs/srg-stig-tools/":["SV-234973r622137_rule"]}'><td style="padding-left: 95px"><a href="#rule-detail-id34361" onclick="return openRuleDetailsDialog('id34361')">Record Unsuccessful Delete Attempts to Files - renameat2</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_truncate" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_truncate" id="rule-overview-leaf-id34362" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_file_modification" data-references='{"NIST SP 800-171":["3.1.7"],"NIST SP 800-53":["AU-2(d)","AU-12(c)","CM-6(a)"],"ANSSI":["BP28(R73)"],"https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf":["10.2.1.1","10.2.1.4"],"https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf":["DE.AE-3","DE.AE-5","DE.CM-1","DE.CM-3","DE.CM-7","ID.SC-4","PR.AC-3","PR.PT-1","PR.PT-4","RS.AN-1","RS.AN-4"],"https://public.cyber.mil/stigs/cci/":["CCI-000130","CCI-000135","CCI-000169","CCI-000172","CCI-002884"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000037-GPOS-00015","SRG-OS-000042-GPOS-00020","SRG-OS-000062-GPOS-00031","SRG-OS-000392-GPOS-00172","SRG-OS-000462-GPOS-00206","SRG-OS-000471-GPOS-00215","SRG-OS-000064-GPOS-00033","SRG-OS-000458-GPOS-00203","SRG-OS-000461-GPOS-00205"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux":["SLES-15-030150"],"https://public.cyber.mil/stigs/srg-stig-tools/":["SV-234914r622137_rule"],"https://www.cisecurity.org/benchmark/suse_linux/":["4.1.10"],"https://www.cisecurity.org/controls/":["1","11","12","13","14","15","16","19","2","3","4","5","6","7","8","9"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)(ii)(A)","164.308(a)(5)(ii)(C)","164.312(a)(2)(i)","164.312(b)","164.312(d)","164.312(e)"],"https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu":["SR 1.13","SR 2.10","SR 2.11","SR 2.12","SR 2.6","SR 2.8","SR 2.9","SR 3.1","SR 3.5","SR 3.8","SR 4.1","SR 4.3","SR 5.1","SR 5.2","SR 5.3","SR 6.1","SR 6.2","SR 7.1","SR 7.6"],"https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat":["4.2.3.10","4.3.2.6.7","4.3.3.3.9","4.3.3.5.8","4.3.3.6.6","4.3.4.4.7","4.3.4.5.6","4.3.4.5.7","4.3.4.5.8","4.4.2.1","4.4.2.2","4.4.2.4"],"https://www.isaca.org/resources/cobit":["APO10.01","APO10.03","APO10.04","APO10.05","APO11.04","APO12.06","APO13.01","BAI03.05","BAI08.02","DSS01.03","DSS01.04","DSS02.02","DSS02.04","DSS02.07","DSS03.01","DSS03.05","DSS05.02","DSS05.03","DSS05.04","DSS05.05","DSS05.07","MEA01.01","MEA01.02","MEA01.03","MEA01.04","MEA01.05","MEA02.01"],"ISO 27001-2013":["A.11.2.6","A.12.4.1","A.12.4.2","A.12.4.3","A.12.4.4","A.12.7.1","A.13.1.1","A.13.2.1","A.14.1.3","A.14.2.7","A.15.2.1","A.15.2.2","A.16.1.4","A.16.1.5","A.16.1.7","A.6.2.1","A.6.2.2"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"],"PCI-DSS Requirement":["Req-10.2.4","Req-10.2.1"]}'><td style="padding-left: 95px"><a href="#rule-detail-id34362" onclick="return openRuleDetailsDialog('id34362')">Record Unsuccessful Access Attempts to Files - truncate</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_unlink" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_unlink" id="rule-overview-leaf-id34363" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_file_modification" data-references='{"NIST SP 800-171":["3.1.7"],"NIST SP 800-53":["AU-12(c)","AU-12.1(iv)"],"https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf":["10.2.1.1","10.2.1.4"],"https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf":["DE.AE-3","DE.AE-5","DE.CM-1","DE.CM-3","DE.CM-7","ID.SC-4","PR.AC-3","PR.PT-1","PR.PT-4","RS.AN-1","RS.AN-4"],"https://public.cyber.mil/stigs/cci/":["CCI-000172","CCI-002884"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000064-GPOS-00033","SRG-OS-000392-GPOS-00172","SRG-OS-000458-GPOS-00203","SRG-OS-000461-GPOS-00205","SRG-OS-000468-GPOS-00212"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux":["SLES-15-030740"],"https://public.cyber.mil/stigs/srg-stig-tools/":["SV-234973r622137_rule"],"https://www.cisecurity.org/controls/":["1","11","12","13","14","15","16","19","2","3","4","5","6","7","8","9"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)(ii)(A)","164.308(a)(5)(ii)(C)","164.312(a)(2)(i)","164.312(b)","164.312(d)","164.312(e)"],"https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu":["SR 1.13","SR 2.10","SR 2.11","SR 2.12","SR 2.6","SR 2.8","SR 2.9","SR 3.1","SR 3.5","SR 3.8","SR 4.1","SR 4.3","SR 5.1","SR 5.2","SR 5.3","SR 6.1","SR 6.2","SR 7.1","SR 7.6"],"https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat":["4.2.3.10","4.3.2.6.7","4.3.3.3.9","4.3.3.5.8","4.3.3.6.6","4.3.4.4.7","4.3.4.5.6","4.3.4.5.7","4.3.4.5.8","4.4.2.1","4.4.2.2","4.4.2.4"],"https://www.isaca.org/resources/cobit":["APO10.01","APO10.03","APO10.04","APO10.05","APO11.04","APO12.06","APO13.01","BAI03.05","BAI08.02","DSS01.03","DSS01.04","DSS02.02","DSS02.04","DSS02.07","DSS03.01","DSS03.05","DSS05.02","DSS05.03","DSS05.04","DSS05.05","DSS05.07","MEA01.01","MEA01.02","MEA01.03","MEA01.04","MEA01.05","MEA02.01"],"ISO 27001-2013":["A.11.2.6","A.12.4.1","A.12.4.2","A.12.4.3","A.12.4.4","A.12.7.1","A.13.1.1","A.13.2.1","A.14.1.3","A.14.2.7","A.15.2.1","A.15.2.2","A.16.1.4","A.16.1.5","A.16.1.7","A.6.2.1","A.6.2.2"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"],"PCI-DSS Requirement":["Req-10.2.4","Req-10.2.1"]}'><td style="padding-left: 95px"><a href="#rule-detail-id34363" onclick="return openRuleDetailsDialog('id34363')">Record Unsuccessful Delete Attempts to Files - unlink</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_unlinkat" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_unlinkat" id="rule-overview-leaf-id34364" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_file_modification" data-references='{"NIST SP 800-171":["3.1.7"],"NIST SP 800-53":["AU-12(c)","AU-12.1(iv)"],"https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf":["10.2.1.1","10.2.1.4"],"https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf":["DE.AE-3","DE.AE-5","DE.CM-1","DE.CM-3","DE.CM-7","ID.SC-4","PR.AC-3","PR.PT-1","PR.PT-4","RS.AN-1","RS.AN-4"],"https://public.cyber.mil/stigs/cci/":["CCI-000172","CCI-002884"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000064-GPOS-00033","SRG-OS-000392-GPOS-00172","SRG-OS-000458-GPOS-00203","SRG-OS-000461-GPOS-00205","SRG-OS-000468-GPOS-00212"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux":["SLES-15-030740"],"https://public.cyber.mil/stigs/srg-stig-tools/":["SV-234973r622137_rule"],"https://www.cisecurity.org/controls/":["1","11","12","13","14","15","16","19","2","3","4","5","6","7","8","9"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)(ii)(A)","164.308(a)(5)(ii)(C)","164.312(a)(2)(i)","164.312(b)","164.312(d)","164.312(e)"],"https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu":["SR 1.13","SR 2.10","SR 2.11","SR 2.12","SR 2.6","SR 2.8","SR 2.9","SR 3.1","SR 3.5","SR 3.8","SR 4.1","SR 4.3","SR 5.1","SR 5.2","SR 5.3","SR 6.1","SR 6.2","SR 7.1","SR 7.6"],"https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat":["4.2.3.10","4.3.2.6.7","4.3.3.3.9","4.3.3.5.8","4.3.3.6.6","4.3.4.4.7","4.3.4.5.6","4.3.4.5.7","4.3.4.5.8","4.4.2.1","4.4.2.2","4.4.2.4"],"https://www.isaca.org/resources/cobit":["APO10.01","APO10.03","APO10.04","APO10.05","APO11.04","APO12.06","APO13.01","BAI03.05","BAI08.02","DSS01.03","DSS01.04","DSS02.02","DSS02.04","DSS02.07","DSS03.01","DSS03.05","DSS05.02","DSS05.03","DSS05.04","DSS05.05","DSS05.07","MEA01.01","MEA01.02","MEA01.03","MEA01.04","MEA01.05","MEA02.01"],"ISO 27001-2013":["A.11.2.6","A.12.4.1","A.12.4.2","A.12.4.3","A.12.4.4","A.12.7.1","A.13.1.1","A.13.2.1","A.14.1.3","A.14.2.7","A.15.2.1","A.15.2.2","A.16.1.4","A.16.1.5","A.16.1.7","A.6.2.1","A.6.2.2"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"],"PCI-DSS Requirement":["Req-10.2.4","Req-10.2.1"]}'><td style="padding-left: 95px"><a href="#rule-detail-id34364" onclick="return openRuleDetailsDialog('id34364')">Record Unsuccessful Delete Attempts to Files - unlinkat</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_audit_kernel_module_loading" class="rule-overview-inner-node rule-overview-inner-node-id-xccdf_org.ssgproject.content_group_audit_kernel_module_loading" data-tt-parent-id="xccdf_org.ssgproject.content_group_auditd_configure_rules"><td colspan="3" style="padding-left: 76px">Record Information on Kernel Modules Loading and Unloading<script>$(document).ready(function(){$('.treetable').treetable("collapseNode","xccdf_org.ssgproject.content_group_audit_kernel_module_loading");});</script></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_kernel_module_loading_delete" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_kernel_module_loading_delete" id="rule-overview-leaf-id34365" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_kernel_module_loading" data-references='{"NIST SP 800-171":["3.1.7"],"NIST SP 800-53":["AU-3","AU-3.1","AU-12(a)","AU-12.1(ii)","AU-12.1(iv)","MA-4(1)(a)"],"ANSSI":["BP28(R73)"],"https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf":["10.2.1.7"],"https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf":["DE.AE-3","DE.AE-5","DE.CM-1","DE.CM-3","DE.CM-7","ID.SC-4","PR.AC-3","PR.PT-1","PR.PT-4","RS.AN-1","RS.AN-4"],"https://public.cyber.mil/stigs/cci/":["CCI-000130","CCI-000135","CCI-000169","CCI-000172","CCI-002884"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000037-GPOS-00015","SRG-OS-000042-GPOS-00020","SRG-OS-000062-GPOS-00031","SRG-OS-000392-GPOS-00172","SRG-OS-000462-GPOS-00206","SRG-OS-000471-GPOS-00215","SRG-OS-000471-GPOS-00216","SRG-OS-000477-GPOS-00222"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux":["SLES-15-030520"],"https://public.cyber.mil/stigs/srg-stig-tools/":["SV-234951r622137_rule"],"https://www.cisecurity.org/benchmark/suse_linux/":["4.1.16"],"https://www.cisecurity.org/controls/":["1","11","12","13","14","15","16","19","2","3","4","5","6","7","8","9"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)(ii)(A)","164.308(a)(5)(ii)(C)","164.312(a)(2)(i)","164.312(b)","164.312(d)","164.312(e)"],"https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu":["SR 1.13","SR 2.10","SR 2.11","SR 2.12","SR 2.6","SR 2.8","SR 2.9","SR 3.1","SR 3.5","SR 3.8","SR 4.1","SR 4.3","SR 5.1","SR 5.2","SR 5.3","SR 6.1","SR 6.2","SR 7.1","SR 7.6"],"https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat":["4.2.3.10","4.3.2.6.7","4.3.3.3.9","4.3.3.5.8","4.3.3.6.6","4.3.4.4.7","4.3.4.5.6","4.3.4.5.7","4.3.4.5.8","4.4.2.1","4.4.2.2","4.4.2.4"],"https://www.isaca.org/resources/cobit":["APO10.01","APO10.03","APO10.04","APO10.05","APO11.04","APO12.06","APO13.01","BAI03.05","BAI08.02","DSS01.03","DSS01.04","DSS02.02","DSS02.04","DSS02.07","DSS03.01","DSS03.05","DSS05.02","DSS05.03","DSS05.04","DSS05.05","DSS05.07","MEA01.01","MEA01.02","MEA01.03","MEA01.04","MEA01.05","MEA02.01"],"ISO 27001-2013":["A.11.2.6","A.12.4.1","A.12.4.2","A.12.4.3","A.12.4.4","A.12.7.1","A.13.1.1","A.13.2.1","A.14.1.3","A.14.2.7","A.15.2.1","A.15.2.2","A.16.1.4","A.16.1.5","A.16.1.7","A.6.2.1","A.6.2.2"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"],"PCI-DSS Requirement":["Req-10.2.7"]}'><td style="padding-left: 95px"><a href="#rule-detail-id34365" onclick="return openRuleDetailsDialog('id34365')">Ensure auditd Collects Information on Kernel Module Unloading - delete_module</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_kernel_module_loading_finit" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_kernel_module_loading_finit" id="rule-overview-leaf-id34366" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_kernel_module_loading" data-references='{"NIST SP 800-171":["3.1.7"],"NIST SP 800-53":["AU-3","AU-3.1","AU-12(a)","AU-12.1(ii)","AU-12.1(iv)","MA-4(1)(a)"],"ANSSI":["BP28(R73)"],"https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf":["10.2.1.7"],"https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf":["DE.AE-3","DE.AE-5","DE.CM-1","DE.CM-3","DE.CM-7","ID.SC-4","PR.AC-3","PR.PT-1","PR.PT-4","RS.AN-1","RS.AN-4"],"https://public.cyber.mil/stigs/cci/":["CCI-000130","CCI-000135","CCI-000169","CCI-000172","CCI-002884"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000037-GPOS-00015","SRG-OS-000042-GPOS-00020","SRG-OS-000062-GPOS-00031","SRG-OS-000392-GPOS-00172","SRG-OS-000462-GPOS-00206","SRG-OS-000471-GPOS-00215","SRG-OS-000471-GPOS-00216","SRG-OS-000477-GPOS-00222"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux":["SLES-15-030530"],"https://public.cyber.mil/stigs/srg-stig-tools/":["SV-234952r622137_rule"],"https://www.cisecurity.org/controls/":["1","11","12","13","14","15","16","19","2","3","4","5","6","7","8","9"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)(ii)(A)","164.308(a)(5)(ii)(C)","164.312(a)(2)(i)","164.312(b)","164.312(d)","164.312(e)"],"https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu":["SR 1.13","SR 2.10","SR 2.11","SR 2.12","SR 2.6","SR 2.8","SR 2.9","SR 3.1","SR 3.5","SR 3.8","SR 4.1","SR 4.3","SR 5.1","SR 5.2","SR 5.3","SR 6.1","SR 6.2","SR 7.1","SR 7.6"],"https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat":["4.2.3.10","4.3.2.6.7","4.3.3.3.9","4.3.3.5.8","4.3.3.6.6","4.3.4.4.7","4.3.4.5.6","4.3.4.5.7","4.3.4.5.8","4.4.2.1","4.4.2.2","4.4.2.4"],"https://www.isaca.org/resources/cobit":["APO10.01","APO10.03","APO10.04","APO10.05","APO11.04","APO12.06","APO13.01","BAI03.05","BAI08.02","DSS01.03","DSS01.04","DSS02.02","DSS02.04","DSS02.07","DSS03.01","DSS03.05","DSS05.02","DSS05.03","DSS05.04","DSS05.05","DSS05.07","MEA01.01","MEA01.02","MEA01.03","MEA01.04","MEA01.05","MEA02.01"],"ISO 27001-2013":["A.11.2.6","A.12.4.1","A.12.4.2","A.12.4.3","A.12.4.4","A.12.7.1","A.13.1.1","A.13.2.1","A.14.1.3","A.14.2.7","A.15.2.1","A.15.2.2","A.16.1.4","A.16.1.5","A.16.1.7","A.6.2.1","A.6.2.2"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"],"PCI-DSS Requirement":["Req-10.2.7"]}'><td style="padding-left: 95px"><a href="#rule-detail-id34366" onclick="return openRuleDetailsDialog('id34366')">Ensure auditd Collects Information on Kernel Module Loading and Unloading - finit_module</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_kernel_module_loading_init" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_kernel_module_loading_init" id="rule-overview-leaf-id34367" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_kernel_module_loading" data-references='{"NIST SP 800-171":["3.1.7"],"NIST SP 800-53":["AU-3","AU-3.1","AU-12(a)","AU-12.1(ii)","AU-12.1(iv)","MA-4(1)(a)"],"ANSSI":["BP28(R73)"],"https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf":["10.2.1.7"],"https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf":["DE.AE-3","DE.AE-5","DE.CM-1","DE.CM-3","DE.CM-7","ID.SC-4","PR.AC-3","PR.PT-1","PR.PT-4","RS.AN-1","RS.AN-4"],"https://public.cyber.mil/stigs/cci/":["CCI-000130","CCI-000135","CCI-000169","CCI-000172","CCI-002884"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000037-GPOS-00015","SRG-OS-000042-GPOS-00020","SRG-OS-000062-GPOS-00031","SRG-OS-000392-GPOS-00172","SRG-OS-000462-GPOS-00206","SRG-OS-000471-GPOS-00215","SRG-OS-000471-GPOS-00216","SRG-OS-000477-GPOS-00222"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux":["SLES-15-030530"],"https://public.cyber.mil/stigs/srg-stig-tools/":["SV-234952r622137_rule"],"https://www.cisecurity.org/benchmark/suse_linux/":["4.1.16"],"https://www.cisecurity.org/controls/":["1","11","12","13","14","15","16","19","2","3","4","5","6","7","8","9"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)(ii)(A)","164.308(a)(5)(ii)(C)","164.312(a)(2)(i)","164.312(b)","164.312(d)","164.312(e)"],"https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu":["SR 1.13","SR 2.10","SR 2.11","SR 2.12","SR 2.6","SR 2.8","SR 2.9","SR 3.1","SR 3.5","SR 3.8","SR 4.1","SR 4.3","SR 5.1","SR 5.2","SR 5.3","SR 6.1","SR 6.2","SR 7.1","SR 7.6"],"https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat":["4.2.3.10","4.3.2.6.7","4.3.3.3.9","4.3.3.5.8","4.3.3.6.6","4.3.4.4.7","4.3.4.5.6","4.3.4.5.7","4.3.4.5.8","4.4.2.1","4.4.2.2","4.4.2.4"],"https://www.isaca.org/resources/cobit":["APO10.01","APO10.03","APO10.04","APO10.05","APO11.04","APO12.06","APO13.01","BAI03.05","BAI08.02","DSS01.03","DSS01.04","DSS02.02","DSS02.04","DSS02.07","DSS03.01","DSS03.05","DSS05.02","DSS05.03","DSS05.04","DSS05.05","DSS05.07","MEA01.01","MEA01.02","MEA01.03","MEA01.04","MEA01.05","MEA02.01"],"ISO 27001-2013":["A.11.2.6","A.12.4.1","A.12.4.2","A.12.4.3","A.12.4.4","A.12.7.1","A.13.1.1","A.13.2.1","A.14.1.3","A.14.2.7","A.15.2.1","A.15.2.2","A.16.1.4","A.16.1.5","A.16.1.7","A.6.2.1","A.6.2.2"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"],"PCI-DSS Requirement":["Req-10.2.7"]}'><td style="padding-left: 95px"><a href="#rule-detail-id34367" onclick="return openRuleDetailsDialog('id34367')">Ensure auditd Collects Information on Kernel Module Loading - init_module</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_audit_login_events" class="rule-overview-inner-node rule-overview-inner-node-id-xccdf_org.ssgproject.content_group_audit_login_events" data-tt-parent-id="xccdf_org.ssgproject.content_group_auditd_configure_rules"><td colspan="3" style="padding-left: 76px">Record Attempts to Alter Logon and Logout Events<script>$(document).ready(function(){$('.treetable').treetable("collapseNode","xccdf_org.ssgproject.content_group_audit_login_events");});</script></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_login_events_faillock" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_login_events_faillock" id="rule-overview-leaf-id34368" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_login_events" data-references='{"NIST SP 800-171":["3.1.7"],"NIST SP 800-53":["AU-2(d)","AU-12(c)","AC-6(9)","CM-6(a)"],"ANSSI":["BP28(R73)"],"https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf":["10.2.1.3"],"https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf":["DE.AE-3","DE.AE-5","DE.CM-1","DE.CM-3","DE.CM-7","ID.SC-4","PR.AC-3","PR.PT-1","PR.PT-4","RS.AN-1","RS.AN-4"],"https://public.cyber.mil/stigs/cci/":["CCI-000126","CCI-000172","CCI-002884"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000392-GPOS-00172","SRG-OS-000470-GPOS-00214","SRG-OS-000473-GPOS-00218"],"https://www.cisecurity.org/benchmark/suse_linux/":["4.1.7"],"https://www.cisecurity.org/controls/":["1","11","12","13","14","15","16","19","2","3","4","5","6","7","8","9"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)(ii)(A)","164.308(a)(5)(ii)(C)","164.312(a)(2)(i)","164.312(b)","164.312(d)","164.312(e)"],"https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu":["SR 1.13","SR 2.10","SR 2.11","SR 2.12","SR 2.6","SR 2.8","SR 2.9","SR 3.1","SR 3.5","SR 3.8","SR 4.1","SR 4.3","SR 5.1","SR 5.2","SR 5.3","SR 6.1","SR 6.2","SR 7.1","SR 7.6"],"https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat":["4.2.3.10","4.3.2.6.7","4.3.3.3.9","4.3.3.5.8","4.3.3.6.6","4.3.4.4.7","4.3.4.5.6","4.3.4.5.7","4.3.4.5.8","4.4.2.1","4.4.2.2","4.4.2.4"],"https://www.isaca.org/resources/cobit":["APO10.01","APO10.03","APO10.04","APO10.05","APO11.04","APO12.06","APO13.01","BAI03.05","BAI08.02","DSS01.03","DSS01.04","DSS02.02","DSS02.04","DSS02.07","DSS03.01","DSS03.05","DSS05.02","DSS05.03","DSS05.04","DSS05.05","DSS05.07","MEA01.01","MEA01.02","MEA01.03","MEA01.04","MEA01.05","MEA02.01"],"ISO 27001-2013":["A.11.2.6","A.12.4.1","A.12.4.2","A.12.4.3","A.12.4.4","A.12.7.1","A.13.1.1","A.13.2.1","A.14.1.3","A.14.2.7","A.15.2.1","A.15.2.2","A.16.1.4","A.16.1.5","A.16.1.7","A.6.2.1","A.6.2.2"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"],"PCI-DSS Requirement":["Req-10.2.3"]}'><td style="padding-left: 95px"><a href="#rule-detail-id34368" onclick="return openRuleDetailsDialog('id34368')">Record Attempts to Alter Logon and Logout Events - faillock</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_login_events_lastlog" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_login_events_lastlog" id="rule-overview-leaf-id34369" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_login_events" data-references='{"NIST SP 800-171":["3.1.7"],"NIST SP 800-53":["AU-2(d)","AU-12(c)","AC-6(9)","CM-6(a)"],"ANSSI":["BP28(R73)"],"https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf":["10.2.1.3"],"https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf":["DE.AE-3","DE.AE-5","DE.CM-1","DE.CM-3","DE.CM-7","ID.SC-4","PR.AC-3","PR.PT-1","PR.PT-4","RS.AN-1","RS.AN-4"],"https://public.cyber.mil/stigs/cci/":["CCI-000126","CCI-000130","CCI-000135","CCI-000169","CCI-000172","CCI-002884"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000037-GPOS-00015","SRG-OS-000042-GPOS-00020","SRG-OS-000062-GPOS-00031","SRG-OS-000392-GPOS-00172","SRG-OS-000462-GPOS-00206","SRG-OS-000471-GPOS-00215","SRG-OS-000473-GPOS-00218","SRG-OS-000470-GPOS-00214"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux":["SLES-15-030480"],"https://public.cyber.mil/stigs/srg-stig-tools/":["SV-234947r622137_rule"],"https://www.cisecurity.org/benchmark/suse_linux/":["4.1.7"],"https://www.cisecurity.org/controls/":["1","11","12","13","14","15","16","19","2","3","4","5","6","7","8","9"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)(ii)(A)","164.308(a)(5)(ii)(C)","164.312(a)(2)(i)","164.312(b)","164.312(d)","164.312(e)"],"https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu":["SR 1.13","SR 2.10","SR 2.11","SR 2.12","SR 2.6","SR 2.8","SR 2.9","SR 3.1","SR 3.5","SR 3.8","SR 4.1","SR 4.3","SR 5.1","SR 5.2","SR 5.3","SR 6.1","SR 6.2","SR 7.1","SR 7.6"],"https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat":["4.2.3.10","4.3.2.6.7","4.3.3.3.9","4.3.3.5.8","4.3.3.6.6","4.3.4.4.7","4.3.4.5.6","4.3.4.5.7","4.3.4.5.8","4.4.2.1","4.4.2.2","4.4.2.4"],"https://www.isaca.org/resources/cobit":["APO10.01","APO10.03","APO10.04","APO10.05","APO11.04","APO12.06","APO13.01","BAI03.05","BAI08.02","DSS01.03","DSS01.04","DSS02.02","DSS02.04","DSS02.07","DSS03.01","DSS03.05","DSS05.02","DSS05.03","DSS05.04","DSS05.05","DSS05.07","MEA01.01","MEA01.02","MEA01.03","MEA01.04","MEA01.05","MEA02.01"],"ISO 27001-2013":["A.11.2.6","A.12.4.1","A.12.4.2","A.12.4.3","A.12.4.4","A.12.7.1","A.13.1.1","A.13.2.1","A.14.1.3","A.14.2.7","A.15.2.1","A.15.2.2","A.16.1.4","A.16.1.5","A.16.1.7","A.6.2.1","A.6.2.2"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"],"PCI-DSS Requirement":["Req-10.2.3"]}'><td style="padding-left: 95px"><a href="#rule-detail-id34369" onclick="return openRuleDetailsDialog('id34369')">Record Attempts to Alter Logon and Logout Events - lastlog</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_login_events_tallylog" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_login_events_tallylog" id="rule-overview-leaf-id34370" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_login_events" data-references='{"NIST SP 800-171":["3.1.7"],"NIST SP 800-53":["AU-2(d)","AU-12(c)","AC-6(9)","CM-6(a)"],"https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf":["10.2.1.3"],"https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf":["DE.AE-3","DE.AE-5","DE.CM-1","DE.CM-3","DE.CM-7","ID.SC-4","PR.AC-3","PR.PT-1","PR.PT-4","RS.AN-1","RS.AN-4"],"https://public.cyber.mil/stigs/cci/":["CCI-000172","CCI-002884","CCI-000126"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000392-GPOS-00172","SRG-OS-000470-GPOS-00214","SRG-OS-000473-GPOS-00218"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux":["SLES-15-030470"],"https://public.cyber.mil/stigs/srg-stig-tools/":["SV-234946r622137_rule"],"https://www.cisecurity.org/benchmark/suse_linux/":["4.1.7"],"https://www.cisecurity.org/controls/":["1","11","12","13","14","15","16","19","2","3","4","5","6","7","8","9"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)(ii)(A)","164.308(a)(5)(ii)(C)","164.312(a)(2)(i)","164.312(b)","164.312(d)","164.312(e)"],"https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu":["SR 1.13","SR 2.10","SR 2.11","SR 2.12","SR 2.6","SR 2.8","SR 2.9","SR 3.1","SR 3.5","SR 3.8","SR 4.1","SR 4.3","SR 5.1","SR 5.2","SR 5.3","SR 6.1","SR 6.2","SR 7.1","SR 7.6"],"https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat":["4.2.3.10","4.3.2.6.7","4.3.3.3.9","4.3.3.5.8","4.3.3.6.6","4.3.4.4.7","4.3.4.5.6","4.3.4.5.7","4.3.4.5.8","4.4.2.1","4.4.2.2","4.4.2.4"],"https://www.isaca.org/resources/cobit":["APO10.01","APO10.03","APO10.04","APO10.05","APO11.04","APO12.06","APO13.01","BAI03.05","BAI08.02","DSS01.03","DSS01.04","DSS02.02","DSS02.04","DSS02.07","DSS03.01","DSS03.05","DSS05.02","DSS05.03","DSS05.04","DSS05.05","DSS05.07","MEA01.01","MEA01.02","MEA01.03","MEA01.04","MEA01.05","MEA02.01"],"ISO 27001-2013":["A.11.2.6","A.12.4.1","A.12.4.2","A.12.4.3","A.12.4.4","A.12.7.1","A.13.1.1","A.13.2.1","A.14.1.3","A.14.2.7","A.15.2.1","A.15.2.2","A.16.1.4","A.16.1.5","A.16.1.7","A.6.2.1","A.6.2.2"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"],"PCI-DSS Requirement":["Req-10.2.3"]}'><td style="padding-left: 95px"><a href="#rule-detail-id34370" onclick="return openRuleDetailsDialog('id34370')">Record Attempts to Alter Logon and Logout Events - tallylog</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_audit_privileged_commands" class="rule-overview-inner-node rule-overview-inner-node-id-xccdf_org.ssgproject.content_group_audit_privileged_commands" data-tt-parent-id="xccdf_org.ssgproject.content_group_auditd_configure_rules"><td colspan="3" style="padding-left: 76px">Record Information on the Use of Privileged Commands<script>$(document).ready(function(){$('.treetable').treetable("collapseNode","xccdf_org.ssgproject.content_group_audit_privileged_commands");});</script></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_chage" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_chage" id="rule-overview-leaf-id34371" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_privileged_commands" data-references='{"NIST SP 800-171":["3.1.7"],"NIST SP 800-53":["AC-2(4)","AU-2(d)","AU-12(c)","AC-6(9)","CM-6(a)"],"https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf":["DE.CM-1","DE.CM-3","DE.CM-7","ID.SC-4","PR.PT-1"],"https://public.cyber.mil/stigs/cci/":["CCI-000130","CCI-000135","CCI-000169","CCI-000172","CCI-002884"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=application-servers":["SRG-APP-000029-CTR-000085"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000037-GPOS-00015","SRG-OS-000042-GPOS-00020","SRG-OS-000062-GPOS-00031","SRG-OS-000392-GPOS-00172","SRG-OS-000462-GPOS-00206","SRG-OS-000468-GPOS-00212","SRG-OS-000471-GPOS-00215"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux":["SLES-15-030120"],"https://public.cyber.mil/stigs/srg-stig-tools/":["SV-234911r622137_rule"],"https://www.cisecurity.org/controls/":["1","12","13","14","15","16","2","3","5","6","7","8","9"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)(ii)(A)","164.308(a)(5)(ii)(C)","164.312(a)(2)(i)","164.312(b)","164.312(d)","164.312(e)"],"https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu":["SR 2.10","SR 2.11","SR 2.12","SR 2.8","SR 2.9","SR 6.1","SR 6.2"],"https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat":["4.3.2.6.7","4.3.3.3.9","4.3.3.5.8","4.3.4.4.7","4.4.2.1","4.4.2.2","4.4.2.4"],"https://www.isaca.org/resources/cobit":["APO10.01","APO10.03","APO10.04","APO10.05","APO11.04","BAI03.05","DSS01.03","DSS03.05","DSS05.02","DSS05.04","DSS05.05","DSS05.07","MEA01.01","MEA01.02","MEA01.03","MEA01.04","MEA01.05","MEA02.01"],"ISO 27001-2013":["A.12.4.1","A.12.4.2","A.12.4.3","A.12.4.4","A.12.7.1","A.14.2.7","A.15.2.1","A.15.2.2"],"https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx":["CIP-004-6 R2.2.2","CIP-004-6 R2.2.3","CIP-007-3 R.1.3","CIP-007-3 R5","CIP-007-3 R5.1.1","CIP-007-3 R5.1.3","CIP-007-3 R5.2.1","CIP-007-3 R5.2.3"]}'><td style="padding-left: 95px"><a href="#rule-detail-id34371" onclick="return openRuleDetailsDialog('id34371')">Ensure auditd Collects Information on the Use of Privileged Commands - chage</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_chfn" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_chfn" id="rule-overview-leaf-id34372" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_privileged_commands" data-references='{"NIST SP 800-53":["AU-3","AU-12(a)","AU-12(c)","MA-4(1)(a)"],"https://public.cyber.mil/stigs/cci/":["CCI-000130","CCI-000169","CCI-000172","CCI-002884"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux":["SLES-15-030340"],"https://public.cyber.mil/stigs/srg-stig-tools/":["SV-234933r622137_rule"]}'><td style="padding-left: 95px"><a href="#rule-detail-id34372" onclick="return openRuleDetailsDialog('id34372')">Ensure auditd Collects Information on the Use of Privileged Commands - chfn</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_chsh" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_chsh" id="rule-overview-leaf-id34373" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_privileged_commands" data-references='{"NIST SP 800-171":["3.1.7"],"NIST SP 800-53":["AC-2(4)","AU-2(d)","AU-12(c)","AC-6(9)","CM-6(a)"],"https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf":["DE.CM-1","DE.CM-3","DE.CM-7","ID.SC-4","PR.PT-1"],"https://public.cyber.mil/stigs/cci/":["CCI-000130","CCI-000135","CCI-000169","CCI-000172","CCI-002884"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000037-GPOS-00015","SRG-OS-000042-GPOS-00020","SRG-OS-000062-GPOS-00031","SRG-OS-000392-GPOS-00172","SRG-OS-000462-GPOS-00206","SRG-OS-000471-GPOS-00215"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux":["SLES-15-030100"],"https://public.cyber.mil/stigs/srg-stig-tools/":["SV-234909r622137_rule"],"https://www.cisecurity.org/controls/":["1","12","13","14","15","16","2","3","5","6","7","8","9"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)(ii)(A)","164.308(a)(5)(ii)(C)","164.312(a)(2)(i)","164.312(b)","164.312(d)","164.312(e)"],"https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu":["SR 2.10","SR 2.11","SR 2.12","SR 2.8","SR 2.9","SR 6.1","SR 6.2"],"https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat":["4.3.2.6.7","4.3.3.3.9","4.3.3.5.8","4.3.4.4.7","4.4.2.1","4.4.2.2","4.4.2.4"],"https://www.isaca.org/resources/cobit":["APO10.01","APO10.03","APO10.04","APO10.05","APO11.04","BAI03.05","DSS01.03","DSS03.05","DSS05.02","DSS05.04","DSS05.05","DSS05.07","MEA01.01","MEA01.02","MEA01.03","MEA01.04","MEA01.05","MEA02.01"],"ISO 27001-2013":["A.12.4.1","A.12.4.2","A.12.4.3","A.12.4.4","A.12.7.1","A.14.2.7","A.15.2.1","A.15.2.2"],"https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx":["CIP-004-6 R2.2.2","CIP-004-6 R2.2.3","CIP-007-3 R.1.3","CIP-007-3 R5","CIP-007-3 R5.1.1","CIP-007-3 R5.1.3","CIP-007-3 R5.2.1","CIP-007-3 R5.2.3"]}'><td style="padding-left: 95px"><a href="#rule-detail-id34373" onclick="return openRuleDetailsDialog('id34373')">Ensure auditd Collects Information on the Use of Privileged Commands - chsh</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_crontab" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_crontab" id="rule-overview-leaf-id34374" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_privileged_commands" data-references='{"NIST SP 800-171":["3.1.7"],"NIST SP 800-53":["AU-2(d)","AU-12(c)","AC-6(9)","CM-6(a)"],"https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf":["DE.CM-1","DE.CM-3","DE.CM-7","ID.SC-4","PR.PT-1"],"https://public.cyber.mil/stigs/cci/":["CCI-000130","CCI-000135","CCI-000169","CCI-000172","CCI-002884"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000037-GPOS-00015","SRG-OS-000042-GPOS-00020","SRG-OS-000062-GPOS-00031","SRG-OS-000392-GPOS-00172","SRG-OS-000462-GPOS-00206","SRG-OS-000471-GPOS-00215"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux":["SLES-15-030130"],"https://public.cyber.mil/stigs/srg-stig-tools/":["SV-234912r622137_rule"],"https://www.cisecurity.org/controls/":["1","12","13","14","15","16","2","3","5","6","7","8","9"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)(ii)(A)","164.308(a)(5)(ii)(C)","164.312(a)(2)(i)","164.312(b)","164.312(d)","164.312(e)"],"https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu":["SR 2.10","SR 2.11","SR 2.12","SR 2.8","SR 2.9","SR 6.1","SR 6.2"],"https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat":["4.3.2.6.7","4.3.3.3.9","4.3.3.5.8","4.3.4.4.7","4.4.2.1","4.4.2.2","4.4.2.4"],"https://www.isaca.org/resources/cobit":["APO10.01","APO10.03","APO10.04","APO10.05","APO11.04","BAI03.05","DSS01.03","DSS03.05","DSS05.02","DSS05.04","DSS05.05","DSS05.07","MEA01.01","MEA01.02","MEA01.03","MEA01.04","MEA01.05","MEA02.01"],"ISO 27001-2013":["A.12.4.1","A.12.4.2","A.12.4.3","A.12.4.4","A.12.7.1","A.14.2.7","A.15.2.1","A.15.2.2"]}'><td style="padding-left: 95px"><a href="#rule-detail-id34374" onclick="return openRuleDetailsDialog('id34374')">Ensure auditd Collects Information on the Use of Privileged Commands - crontab</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_gpasswd" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_gpasswd" id="rule-overview-leaf-id34375" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_privileged_commands" data-references='{"NIST SP 800-171":["3.1.7"],"NIST SP 800-53":["AC-2(4)","AU-2(d)","AU-12(c)","AC-6(9)","CM-6(a)"],"https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf":["DE.CM-1","DE.CM-3","DE.CM-7","ID.SC-4","PR.PT-1"],"https://public.cyber.mil/stigs/cci/":["CCI-000130","CCI-000135","CCI-000169","CCI-000172","CCI-002884"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=application-servers":["SRG-APP-000029-CTR-000085"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000037-GPOS-00015","SRG-OS-000042-GPOS-00020","SRG-OS-000062-GPOS-00031","SRG-OS-000392-GPOS-00172","SRG-OS-000462-GPOS-00206","SRG-OS-000471-GPOS-00215"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux":["SLES-15-030080"],"https://public.cyber.mil/stigs/srg-stig-tools/":["SV-234907r622137_rule"],"https://www.cisecurity.org/controls/":["1","12","13","14","15","16","2","3","5","6","7","8","9"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)(ii)(A)","164.308(a)(5)(ii)(C)","164.312(a)(2)(i)","164.312(b)","164.312(d)","164.312(e)"],"https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu":["SR 2.10","SR 2.11","SR 2.12","SR 2.8","SR 2.9","SR 6.1","SR 6.2"],"https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat":["4.3.2.6.7","4.3.3.3.9","4.3.3.5.8","4.3.4.4.7","4.4.2.1","4.4.2.2","4.4.2.4"],"https://www.isaca.org/resources/cobit":["APO10.01","APO10.03","APO10.04","APO10.05","APO11.04","BAI03.05","DSS01.03","DSS03.05","DSS05.02","DSS05.04","DSS05.05","DSS05.07","MEA01.01","MEA01.02","MEA01.03","MEA01.04","MEA01.05","MEA02.01"],"ISO 27001-2013":["A.12.4.1","A.12.4.2","A.12.4.3","A.12.4.4","A.12.7.1","A.14.2.7","A.15.2.1","A.15.2.2"],"https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx":["CIP-004-6 R2.2.2","CIP-004-6 R2.2.3","CIP-007-3 R.1.3","CIP-007-3 R5","CIP-007-3 R5.1.1","CIP-007-3 R5.1.3","CIP-007-3 R5.2.1","CIP-007-3 R5.2.3"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"]}'><td style="padding-left: 95px"><a href="#rule-detail-id34375" onclick="return openRuleDetailsDialog('id34375')">Ensure auditd Collects Information on the Use of Privileged Commands - gpasswd</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_insmod" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_insmod" id="rule-overview-leaf-id34376" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_privileged_commands" data-references='{"NIST SP 800-53":["AU-12(c)","AU-12.1(iv)","AU-3","AU-3.1","AU-12(a)","AU-12.1(ii)","MA-4(1)(a)"],"ANSSI":["BP28(R73)"],"https://public.cyber.mil/stigs/cci/":["CCI-000130","CCI-000169","CCI-000172","CCI-002884"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000037-GPOS-00015","SRG-OS-000062-GPOS-00031","SRG-OS-000392-GPOS-00172","SRG-OS-000462-GPOS-00206","SRG-OS-000471-GPOS-00215"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux":["SLES-15-030380"],"https://public.cyber.mil/stigs/srg-stig-tools/":["SV-234937r622137_rule"],"https://www.cisecurity.org/benchmark/suse_linux/":["4.1.16"]}'><td style="padding-left: 95px"><a href="#rule-detail-id34376" onclick="return openRuleDetailsDialog('id34376')">Ensure auditd Collects Information on the Use of Privileged Commands - insmod</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_kmod" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_kmod" id="rule-overview-leaf-id34377" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_privileged_commands" data-references='{"NIST SP 800-53":["AU-3","AU-3.1","AU-12(a)","AU-12.1(ii)","AU-12.1(iv)AU-12(c)","MA-4(1)(a)"],"ANSSI":["BP28(R73)"],"https://public.cyber.mil/stigs/cci/":["CCI-000130","CCI-000135","CCI-000169","CCI-000172","CCI-002884"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000037-GPOS-00015","SRG-OS-000042-GPOS-00020","SRG-OS-000062-GPOS-00031","SRG-OS-000392-GPOS-00172","SRG-OS-000462-GPOS-00206","SRG-OS-000471-GPOS-00215","SRG-OS-000471-GPOS-00216","SRG-OS-000477-GPOS-00222"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux":["SLES-15-030410"],"https://public.cyber.mil/stigs/srg-stig-tools/":["SV-234940r622137_rule"]}'><td style="padding-left: 95px"><a href="#rule-detail-id34377" onclick="return openRuleDetailsDialog('id34377')">Ensure auditd Collects Information on the Use of Privileged Commands - kmod</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_modprobe" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_modprobe" id="rule-overview-leaf-id34378" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_privileged_commands" data-references='{"NIST SP 800-53":["AU-12(a)","AU-12.1(ii)","AU-3","AU-3.1","AU-12(c)","AU-12.1(iv)","MA-4(1)(a)"],"ANSSI":["BP28(R73)"],"https://public.cyber.mil/stigs/cci/":["CCI-000130","CCI-000169","CCI-000172","CCI-002884"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000037-GPOS-00015","SRG-OS-000062-GPOS-00031","SRG-OS-000392-GPOS-00172","SRG-OS-000462-GPOS-00206","SRG-OS-000471-GPOS-00215"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux":["SLES-15-030400"],"https://public.cyber.mil/stigs/srg-stig-tools/":["SV-234939r622137_rule"],"https://www.cisecurity.org/benchmark/suse_linux/":["4.1.16"]}'><td style="padding-left: 95px"><a href="#rule-detail-id34378" onclick="return openRuleDetailsDialog('id34378')">Ensure auditd Collects Information on the Use of Privileged Commands - modprobe</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_newgrp" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_newgrp" id="rule-overview-leaf-id34379" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_privileged_commands" data-references='{"NIST SP 800-171":["3.1.7"],"NIST SP 800-53":["AC-2(4)","AU-2(d)","AU-12(c)","AC-6(9)","CM-6(a)"],"https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf":["DE.CM-1","DE.CM-3","DE.CM-7","ID.SC-4","PR.PT-1"],"https://public.cyber.mil/stigs/cci/":["CCI-000130","CCI-000169","CCI-000135","CCI-000172","CCI-002884"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=application-servers":["SRG-APP-000029-CTR-000085"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000037-GPOS-00015","SRG-OS-000042-GPOS-00020","SRG-OS-000062-GPOS-00031","SRG-OS-000392-GPOS-00172","SRG-OS-000462-GPOS-00206","SRG-OS-000471-GPOS-00215"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux":["SLES-15-030090"],"https://public.cyber.mil/stigs/srg-stig-tools/":["SV-234908r622137_rule"],"https://www.cisecurity.org/controls/":["1","12","13","14","15","16","2","3","5","6","7","8","9"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)(ii)(A)","164.308(a)(5)(ii)(C)","164.312(a)(2)(i)","164.312(b)","164.312(d)","164.312(e)"],"https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu":["SR 2.10","SR 2.11","SR 2.12","SR 2.8","SR 2.9","SR 6.1","SR 6.2"],"https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat":["4.3.2.6.7","4.3.3.3.9","4.3.3.5.8","4.3.4.4.7","4.4.2.1","4.4.2.2","4.4.2.4"],"https://www.isaca.org/resources/cobit":["APO10.01","APO10.03","APO10.04","APO10.05","APO11.04","BAI03.05","DSS01.03","DSS03.05","DSS05.02","DSS05.04","DSS05.05","DSS05.07","MEA01.01","MEA01.02","MEA01.03","MEA01.04","MEA01.05","MEA02.01"],"ISO 27001-2013":["A.12.4.1","A.12.4.2","A.12.4.3","A.12.4.4","A.12.7.1","A.14.2.7","A.15.2.1","A.15.2.2"],"https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx":["CIP-004-6 R2.2.2","CIP-004-6 R2.2.3","CIP-007-3 R.1.3","CIP-007-3 R5","CIP-007-3 R5.1.1","CIP-007-3 R5.1.3","CIP-007-3 R5.2.1","CIP-007-3 R5.2.3"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"]}'><td style="padding-left: 95px"><a href="#rule-detail-id34379" onclick="return openRuleDetailsDialog('id34379')">Ensure auditd Collects Information on the Use of Privileged Commands - newgrp</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_pam_timestamp_check" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_pam_timestamp_check" id="rule-overview-leaf-id34380" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_privileged_commands" data-references='{"NIST SP 800-171":["3.1.7"],"NIST SP 800-53":["AU-2(d)","AU-12(c)","AC-6(9)","CM-6(a)"],"https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf":["DE.CM-1","DE.CM-3","DE.CM-7","ID.SC-4","PR.PT-1"],"https://public.cyber.mil/stigs/cci/":["CCI-000130","CCI-000135","CCI-000169","CCI-000172","CCI-002884"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=application-servers":["SRG-APP-000029-CTR-000085"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000037-GPOS-00015","SRG-OS-000042-GPOS-00020","SRG-OS-000062-GPOS-00031","SRG-OS-000392-GPOS-00172","SRG-OS-000462-GPOS-00206","SRG-OS-000471-GPOS-00215"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux":["SLES-15-030510"],"https://public.cyber.mil/stigs/srg-stig-tools/":["SV-234950r622137_rule"],"https://www.cisecurity.org/controls/":["1","12","13","14","15","16","2","3","5","6","7","8","9"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)(ii)(A)","164.308(a)(5)(ii)(C)","164.312(a)(2)(i)","164.312(b)","164.312(d)","164.312(e)"],"https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu":["SR 2.10","SR 2.11","SR 2.12","SR 2.8","SR 2.9","SR 6.1","SR 6.2"],"https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat":["4.3.2.6.7","4.3.3.3.9","4.3.3.5.8","4.3.4.4.7","4.4.2.1","4.4.2.2","4.4.2.4"],"https://www.isaca.org/resources/cobit":["APO10.01","APO10.03","APO10.04","APO10.05","APO11.04","BAI03.05","DSS01.03","DSS03.05","DSS05.02","DSS05.04","DSS05.05","DSS05.07","MEA01.01","MEA01.02","MEA01.03","MEA01.04","MEA01.05","MEA02.01"],"ISO 27001-2013":["A.12.4.1","A.12.4.2","A.12.4.3","A.12.4.4","A.12.7.1","A.14.2.7","A.15.2.1","A.15.2.2"]}'><td style="padding-left: 95px"><a href="#rule-detail-id34380" onclick="return openRuleDetailsDialog('id34380')">Ensure auditd Collects Information on the Use of Privileged Commands - pam_timestamp_check</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_passmass" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_passmass" id="rule-overview-leaf-id34381" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_privileged_commands" data-references='{"https://public.cyber.mil/stigs/cci/":["CCI-000130","CCI-000169","CCI-000172","CCI-002884"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000037-GPOS-00015"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux":["SLES-15-030490"],"https://public.cyber.mil/stigs/srg-stig-tools/":["SV-234948r622137_rule"]}'><td style="padding-left: 95px"><a href="#rule-detail-id34381" onclick="return openRuleDetailsDialog('id34381')">Ensure auditd Collects Information on the Use of Privileged Commands - passmass</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_passwd" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_passwd" id="rule-overview-leaf-id34382" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_privileged_commands" data-references='{"NIST SP 800-171":["3.1.7"],"NIST SP 800-53":["AC-2(4)","AU-2(d)","AU-12(c)","AC-6(9)","CM-6(a)"],"https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf":["DE.CM-1","DE.CM-3","DE.CM-7","ID.SC-4","PR.PT-1"],"https://public.cyber.mil/stigs/cci/":["CCI-000130","CCI-000135","CCI-000169","CCI-000172","CCI-002884"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=application-servers":["SRG-APP-000029-CTR-000085"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000037-GPOS-00015","SRG-OS-000042-GPOS-00020","SRG-OS-000062-GPOS-00031","SRG-OS-000392-GPOS-00172","SRG-OS-000462-GPOS-00206","SRG-OS-000471-GPOS-00215"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux":["SLES-15-030070"],"https://public.cyber.mil/stigs/srg-stig-tools/":["SV-234906r622137_rule"],"https://www.cisecurity.org/controls/":["1","12","13","14","15","16","2","3","5","6","7","8","9"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)(ii)(A)","164.308(a)(5)(ii)(C)","164.312(a)(2)(i)","164.312(b)","164.312(d)","164.312(e)"],"https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu":["SR 2.10","SR 2.11","SR 2.12","SR 2.8","SR 2.9","SR 6.1","SR 6.2"],"https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat":["4.3.2.6.7","4.3.3.3.9","4.3.3.5.8","4.3.4.4.7","4.4.2.1","4.4.2.2","4.4.2.4"],"https://www.isaca.org/resources/cobit":["APO10.01","APO10.03","APO10.04","APO10.05","APO11.04","BAI03.05","DSS01.03","DSS03.05","DSS05.02","DSS05.04","DSS05.05","DSS05.07","MEA01.01","MEA01.02","MEA01.03","MEA01.04","MEA01.05","MEA02.01"],"ISO 27001-2013":["A.12.4.1","A.12.4.2","A.12.4.3","A.12.4.4","A.12.7.1","A.14.2.7","A.15.2.1","A.15.2.2"],"https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx":["CIP-004-6 R2.2.2","CIP-004-6 R2.2.3","CIP-007-3 R.1.3","CIP-007-3 R5","CIP-007-3 R5.1.1","CIP-007-3 R5.1.3","CIP-007-3 R5.2.1","CIP-007-3 R5.2.3"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"]}'><td style="padding-left: 95px"><a href="#rule-detail-id34382" onclick="return openRuleDetailsDialog('id34382')">Ensure auditd Collects Information on the Use of Privileged Commands - passwd</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_rmmod" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_rmmod" id="rule-overview-leaf-id34383" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_privileged_commands" data-references='{"NIST SP 800-53":["AU-12(c)","AU-12.1(iv)","AU-3","AU-3.1","AU-12(a)","AU-12.1(ii)","MA-4(1)(a)"],"ANSSI":["BP28(R73)"],"https://public.cyber.mil/stigs/cci/":["CCI-000130","CCI-000169","CCI-000172","CCI-002884"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000037-GPOS-00015","SRG-OS-000062-GPOS-00031","SRG-OS-000392-GPOS-00172","SRG-OS-000462-GPOS-00206","SRG-OS-000471-GPOS-00215"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux":["SLES-15-030390"],"https://public.cyber.mil/stigs/srg-stig-tools/":["SV-234938r622137_rule"],"https://www.cisecurity.org/benchmark/suse_linux/":["4.1.16"]}'><td style="padding-left: 95px"><a href="#rule-detail-id34383" onclick="return openRuleDetailsDialog('id34383')">Ensure auditd Collects Information on the Use of Privileged Commands - rmmod</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_ssh_agent" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_ssh_agent" id="rule-overview-leaf-id34384" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_privileged_commands" data-references='{"https://public.cyber.mil/stigs/cci/":["CCI-000130","CCI-000135","CCI-000169","CCI-000172","CCI-002884"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000037-GPOS-00015","SRG-OS-000042-GPOS-00020","SRG-OS-000062-GPOS-00031","SRG-OS-000392-GPOS-00172","SRG-OS-000462-GPOS-00206","SRG-OS-000471-GPOS-00215"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux":["SLES-15-030370"],"https://public.cyber.mil/stigs/srg-stig-tools/":["SV-234936r622137_rule"]}'><td style="padding-left: 95px"><a href="#rule-detail-id34384" onclick="return openRuleDetailsDialog('id34384')">Record Any Attempts to Run ssh-agent</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_ssh_keysign" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_ssh_keysign" id="rule-overview-leaf-id34385" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_privileged_commands" data-references='{"NIST SP 800-171":["3.1.7"],"NIST SP 800-53":["AU-2(d)","AU-12(c)","AC-6(9)","CM-6(a)"],"https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf":["DE.CM-1","DE.CM-3","DE.CM-7","ID.SC-4","PR.PT-1"],"https://public.cyber.mil/stigs/cci/":["CCI-000130","CCI-000135","CCI-000169","CCI-000172","CCI-002884"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=application-servers":["SRG-APP-000029-CTR-000085"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000037-GPOS-00015","SRG-OS-000042-GPOS-00020","SRG-OS-000062-GPOS-00031","SRG-OS-000392-GPOS-00172","SRG-OS-000462-GPOS-00206","SRG-OS-000471-GPOS-00215"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux":["SLES-15-030060"],"https://public.cyber.mil/stigs/srg-stig-tools/":["SV-234905r622137_rule"],"https://www.cisecurity.org/controls/":["1","12","13","14","15","16","2","3","5","6","7","8","9"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)(ii)(A)","164.308(a)(5)(ii)(C)","164.312(a)(2)(i)","164.312(b)","164.312(d)","164.312(e)"],"https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu":["SR 2.10","SR 2.11","SR 2.12","SR 2.8","SR 2.9","SR 6.1","SR 6.2"],"https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat":["4.3.2.6.7","4.3.3.3.9","4.3.3.5.8","4.3.4.4.7","4.4.2.1","4.4.2.2","4.4.2.4"],"https://www.isaca.org/resources/cobit":["APO10.01","APO10.03","APO10.04","APO10.05","APO11.04","BAI03.05","DSS01.03","DSS03.05","DSS05.02","DSS05.04","DSS05.05","DSS05.07","MEA01.01","MEA01.02","MEA01.03","MEA01.04","MEA01.05","MEA02.01"],"ISO 27001-2013":["A.12.4.1","A.12.4.2","A.12.4.3","A.12.4.4","A.12.7.1","A.14.2.7","A.15.2.1","A.15.2.2"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"]}'><td style="padding-left: 95px"><a href="#rule-detail-id34385" onclick="return openRuleDetailsDialog('id34385')">Ensure auditd Collects Information on the Use of Privileged Commands - ssh-keysign</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_su" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_su" id="rule-overview-leaf-id34386" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_privileged_commands" data-references='{"NIST SP 800-171":["3.1.7"],"NIST SP 800-53":["AU-2(d)","AU-12(c)","AC-6(9)","CM-6(a)"],"https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf":["DE.CM-1","DE.CM-3","DE.CM-7","ID.SC-4","PR.PT-1"],"https://public.cyber.mil/stigs/cci/":["CCI-000130","CCI-000135","CCI-000169","CCI-000172","CCI-002884"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=application-servers":["SRG-APP-000029-CTR-000085"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000037-GPOS-00015","SRG-OS-000042-GPOS-00020","SRG-OS-000062-GPOS-00031","SRG-OS-000064-GPOS-0003","SRG-OS-000392-GPOS-00172","SRG-OS-000462-GPOS-00206","SRG-OS-000471-GPOS-00215","SRG-OS-000466-GPOS-00210"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux":["SLES-15-030550"],"https://public.cyber.mil/stigs/srg-stig-tools/":["SV-234954r622137_rule"],"https://www.cisecurity.org/controls/":["1","12","13","14","15","16","2","3","5","6","7","8","9"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)(ii)(A)","164.308(a)(5)(ii)(C)","164.312(a)(2)(i)","164.312(b)","164.312(d)","164.312(e)"],"https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu":["SR 2.10","SR 2.11","SR 2.12","SR 2.8","SR 2.9","SR 6.1","SR 6.2"],"https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat":["4.3.2.6.7","4.3.3.3.9","4.3.3.5.8","4.3.4.4.7","4.4.2.1","4.4.2.2","4.4.2.4"],"https://www.isaca.org/resources/cobit":["APO10.01","APO10.03","APO10.04","APO10.05","APO11.04","BAI03.05","DSS01.03","DSS03.05","DSS05.02","DSS05.04","DSS05.05","DSS05.07","MEA01.01","MEA01.02","MEA01.03","MEA01.04","MEA01.05","MEA02.01"],"ISO 27001-2013":["A.12.4.1","A.12.4.2","A.12.4.3","A.12.4.4","A.12.7.1","A.14.2.7","A.15.2.1","A.15.2.2"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"]}'><td style="padding-left: 95px"><a href="#rule-detail-id34386" onclick="return openRuleDetailsDialog('id34386')">Ensure auditd Collects Information on the Use of Privileged Commands - su</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_sudo" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_sudo" id="rule-overview-leaf-id34387" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_privileged_commands" data-references='{"NIST SP 800-171":["3.1.7"],"NIST SP 800-53":["AU-2(d)","AU-12(c)","AC-6(9)","CM-6(a)"],"ANSSI":["BP28(R19)"],"https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf":["DE.CM-1","DE.CM-3","DE.CM-7","ID.SC-4","PR.PT-1"],"https://public.cyber.mil/stigs/cci/":["CCI-000130","CCI-000135","CCI-000169","CCI-000172","CCI-002884"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=application-servers":["SRG-APP-000029-CTR-000085"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000037-GPOS-00015","SRG-OS-000042-GPOS-00020","SRG-OS-000062-GPOS-00031","SRG-OS-000392-GPOS-00172","SRG-OS-000462-GPOS-00206","SRG-OS-000471-GPOS-00215","SRG-OS-000466-GPOS-00210"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux":["SLES-15-030560"],"https://public.cyber.mil/stigs/srg-stig-tools/":["SV-234955r622137_rule"],"https://www.cisecurity.org/controls/":["1","12","13","14","15","16","2","3","5","6","7","8","9"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)(ii)(A)","164.308(a)(5)(ii)(C)","164.312(a)(2)(i)","164.312(b)","164.312(d)","164.312(e)"],"https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu":["SR 2.10","SR 2.11","SR 2.12","SR 2.8","SR 2.9","SR 6.1","SR 6.2"],"https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat":["4.3.2.6.7","4.3.3.3.9","4.3.3.5.8","4.3.4.4.7","4.4.2.1","4.4.2.2","4.4.2.4"],"https://www.isaca.org/resources/cobit":["APO10.01","APO10.03","APO10.04","APO10.05","APO11.04","BAI03.05","DSS01.03","DSS03.05","DSS05.02","DSS05.04","DSS05.05","DSS05.07","MEA01.01","MEA01.02","MEA01.03","MEA01.04","MEA01.05","MEA02.01"],"ISO 27001-2013":["A.12.4.1","A.12.4.2","A.12.4.3","A.12.4.4","A.12.7.1","A.14.2.7","A.15.2.1","A.15.2.2"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"]}'><td style="padding-left: 95px"><a href="#rule-detail-id34387" onclick="return openRuleDetailsDialog('id34387')">Ensure auditd Collects Information on the Use of Privileged Commands - sudo</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_sudoedit" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_sudoedit" id="rule-overview-leaf-id34388" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_privileged_commands" data-references='{"NIST SP 800-171":["3.1.7"],"NIST SP 800-53":["AU-3","AU-3.1","AU-12(a)","AU-12.1(ii)","AU-12.1(iv)"],"https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf":["DE.CM-1","DE.CM-3","DE.CM-7","ID.SC-4","PR.PT-1"],"https://public.cyber.mil/stigs/cci/":["CCI-000130","CCI-000135","CCI-000169","CCI-000172","CCI-002884"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000037-GPOS-00015","SRG-OS-000042-GPOS-00020","SRG-OS-000062-GPOS-00031","SRG-OS-000392-GPOS-00172","SRG-OS-000462-GPOS-00206","SRG-OS-000471-GPOS-00215"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux":["SLES-15-030330"],"https://public.cyber.mil/stigs/srg-stig-tools/":["SV-234932r622137_rule"],"https://www.cisecurity.org/controls/":["1","12","13","14","15","16","2","3","5","6","7","8","9"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)(ii)(A)","164.308(a)(5)(ii)(C)","164.312(a)(2)(i)","164.312(b)","164.312(d)","164.312(e)"],"https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu":["SR 2.10","SR 2.11","SR 2.12","SR 2.8","SR 2.9","SR 6.1","SR 6.2"],"https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat":["4.3.2.6.7","4.3.3.3.9","4.3.3.5.8","4.3.4.4.7","4.4.2.1","4.4.2.2","4.4.2.4"],"https://www.isaca.org/resources/cobit":["APO10.01","APO10.03","APO10.04","APO10.05","APO11.04","BAI03.05","DSS01.03","DSS03.05","DSS05.02","DSS05.04","DSS05.05","DSS05.07","MEA01.01","MEA01.02","MEA01.03","MEA01.04","MEA01.05","MEA02.01"],"ISO 27001-2013":["A.12.4.1","A.12.4.2","A.12.4.3","A.12.4.4","A.12.7.1","A.14.2.7","A.15.2.1","A.15.2.2"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"]}'><td style="padding-left: 95px"><a href="#rule-detail-id34388" onclick="return openRuleDetailsDialog('id34388')">Ensure auditd Collects Information on the Use of Privileged Commands - sudoedit</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_unix2_chkpwd" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_unix2_chkpwd" id="rule-overview-leaf-id34389" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_privileged_commands" data-references='{"NIST SP 800-171":["3.1.7"],"NIST SP 800-53":["AC-2(4)","AU-2(d)","AU-3","AU-3.1","AU-12(a)","AU-12(c)","AU-12.1(ii)","AU-12.1(iv)","AC-6(9)","CM-6(a)","MA-4(1)(a)"],"https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf":["DE.CM-1","DE.CM-3","DE.CM-7","ID.SC-4","PR.PT-1"],"https://public.cyber.mil/stigs/cci/":["CCI-000130","CCI-000135","CCI-000169","CCI-000172","CCI-002884"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000042-GPOS-00020","SRG-OS-000392-GPOS-00172","SRG-OS-000471-GPOS-00215","SRG-OS-000037-GPOS-00015"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux":["SLES-15-030110"],"https://public.cyber.mil/stigs/srg-stig-tools/":["SV-234910r622137_rule"],"https://www.cisecurity.org/controls/":["1","12","13","14","15","16","2","3","5","6","7","8","9"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)(ii)(A)","164.308(a)(5)(ii)(C)","164.312(a)(2)(i)","164.312(b)","164.312(d)","164.312(e)"],"https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu":["SR 2.10","SR 2.11","SR 2.12","SR 2.8","SR 2.9","SR 6.1","SR 6.2"],"https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat":["4.3.2.6.7","4.3.3.3.9","4.3.3.5.8","4.3.4.4.7","4.4.2.1","4.4.2.2","4.4.2.4"],"https://www.isaca.org/resources/cobit":["APO10.01","APO10.03","APO10.04","APO10.05","APO11.04","BAI03.05","DSS01.03","DSS03.05","DSS05.02","DSS05.04","DSS05.05","DSS05.07","MEA01.01","MEA01.02","MEA01.03","MEA01.04","MEA01.05","MEA02.01"],"ISO 27001-2013":["A.12.4.1","A.12.4.2","A.12.4.3","A.12.4.4","A.12.7.1","A.14.2.7","A.15.2.1","A.15.2.2"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"]}'><td style="padding-left: 95px"><a href="#rule-detail-id34389" onclick="return openRuleDetailsDialog('id34389')">Ensure auditd Collects Information on the Use of Privileged Commands - unix2_chkpwd</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_unix_chkpwd" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_unix_chkpwd" id="rule-overview-leaf-id34390" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_privileged_commands" data-references='{"NIST SP 800-171":["3.1.7"],"NIST SP 800-53":["AC-2(4)","AU-2(d)","AU-3","AU-3.1","AU-12(a)","AU-12(c)","AU-12.1(ii)","AU-12.1(iv)","AC-6(9)","CM-6(a)","MA-4(1)(a)"],"https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf":["DE.CM-1","DE.CM-3","DE.CM-7","ID.SC-4","PR.PT-1"],"https://public.cyber.mil/stigs/cci/":["CCI-000130","CCI-000135","CCI-000169","CCI-000172","CCI-002884"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=application-servers":["SRG-APP-000029-CTR-000085"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000037-GPOS-00015","SRG-OS-000042-GPOS-00020","SRG-OS-000062-GPOS-00031","SRG-OS-000392-GPOS-00172","SRG-OS-000462-GPOS-00206","SRG-OS-000471-GPOS-00215"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux":["SLES-15-030110"],"https://public.cyber.mil/stigs/srg-stig-tools/":["SV-234910r622137_rule"],"https://www.cisecurity.org/controls/":["1","12","13","14","15","16","2","3","5","6","7","8","9"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)(ii)(A)","164.308(a)(5)(ii)(C)","164.312(a)(2)(i)","164.312(b)","164.312(d)","164.312(e)"],"https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu":["SR 2.10","SR 2.11","SR 2.12","SR 2.8","SR 2.9","SR 6.1","SR 6.2"],"https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat":["4.3.2.6.7","4.3.3.3.9","4.3.3.5.8","4.3.4.4.7","4.4.2.1","4.4.2.2","4.4.2.4"],"https://www.isaca.org/resources/cobit":["APO10.01","APO10.03","APO10.04","APO10.05","APO11.04","BAI03.05","DSS01.03","DSS03.05","DSS05.02","DSS05.04","DSS05.05","DSS05.07","MEA01.01","MEA01.02","MEA01.03","MEA01.04","MEA01.05","MEA02.01"],"ISO 27001-2013":["A.12.4.1","A.12.4.2","A.12.4.3","A.12.4.4","A.12.7.1","A.14.2.7","A.15.2.1","A.15.2.2"],"https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx":["CIP-004-6 R2.2.2","CIP-004-6 R2.2.3","CIP-007-3 R.1.3","CIP-007-3 R5","CIP-007-3 R5.1.1","CIP-007-3 R5.1.3","CIP-007-3 R5.2.1","CIP-007-3 R5.2.3","CIP-007-3 R6.5"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"]}'><td style="padding-left: 95px"><a href="#rule-detail-id34390" onclick="return openRuleDetailsDialog('id34390')">Ensure auditd Collects Information on the Use of Privileged Commands - unix_chkpwd</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_usermod" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_usermod" id="rule-overview-leaf-id34391" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_privileged_commands" data-references='{"https://public.cyber.mil/stigs/cci/":["CCI-000130","CCI-000135","CCI-000169","CCI-000172","CCI-002884"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000037-GPOS-00015","SRG-OS-000042-GPOS-00020","SRG-OS-000062-GPOS-00031","SRG-OS-000392-GPOS-00172","SRG-OS-000462-GPOS-00206","SRG-OS-000471-GPOS-00215","SRG-OS-000466-GPOS-00210"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux":["SLES-15-030500"],"https://public.cyber.mil/stigs/srg-stig-tools/":["SV-234949r622137_rule"]}'><td style="padding-left: 95px"><a href="#rule-detail-id34391" onclick="return openRuleDetailsDialog('id34391')">Ensure auditd Collects Information on the Use of Privileged Commands - usermod</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_audit_time_rules" class="rule-overview-inner-node rule-overview-inner-node-id-xccdf_org.ssgproject.content_group_audit_time_rules" data-tt-parent-id="xccdf_org.ssgproject.content_group_auditd_configure_rules"><td colspan="3" style="padding-left: 76px">Records Events that Modify Date and Time Information<script>$(document).ready(function(){$('.treetable').treetable("collapseNode","xccdf_org.ssgproject.content_group_audit_time_rules");});</script></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_time_adjtimex" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_time_adjtimex" id="rule-overview-leaf-id34392" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_time_rules" data-references='{"NIST SP 800-171":["3.1.7"],"NIST SP 800-53":["AU-2(d)","AU-12(c)","AC-6(9)","CM-6(a)"],"ANSSI":["BP28(R73)"],"https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf":["10.6.3"],"https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf":["DE.AE-3","DE.AE-5","DE.CM-1","DE.CM-3","DE.CM-7","ID.SC-4","PR.AC-3","PR.PT-1","PR.PT-4","RS.AN-1","RS.AN-4"],"https://public.cyber.mil/stigs/cci/":["CCI-001487","CCI-000169"],"https://www.cisecurity.org/benchmark/suse_linux/":["4.1.3"],"https://www.cisecurity.org/controls/":["1","11","12","13","14","15","16","19","2","3","4","5","6","7","8","9"],"FBI CJIS":["5.4.1.1"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)(ii)(A)","164.308(a)(5)(ii)(C)","164.312(a)(2)(i)","164.312(b)","164.312(d)","164.312(e)"],"https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu":["SR 1.13","SR 2.10","SR 2.11","SR 2.12","SR 2.6","SR 2.8","SR 2.9","SR 3.1","SR 3.5","SR 3.8","SR 4.1","SR 4.3","SR 5.1","SR 5.2","SR 5.3","SR 6.1","SR 6.2","SR 7.1","SR 7.6"],"https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat":["4.2.3.10","4.3.2.6.7","4.3.3.3.9","4.3.3.5.8","4.3.3.6.6","4.3.4.4.7","4.3.4.5.6","4.3.4.5.7","4.3.4.5.8","4.4.2.1","4.4.2.2","4.4.2.4"],"https://www.isaca.org/resources/cobit":["APO10.01","APO10.03","APO10.04","APO10.05","APO11.04","APO12.06","APO13.01","BAI03.05","BAI08.02","DSS01.03","DSS01.04","DSS02.02","DSS02.04","DSS02.07","DSS03.01","DSS03.05","DSS05.02","DSS05.03","DSS05.04","DSS05.05","DSS05.07","MEA01.01","MEA01.02","MEA01.03","MEA01.04","MEA01.05","MEA02.01"],"ISO 27001-2013":["A.11.2.6","A.12.4.1","A.12.4.2","A.12.4.3","A.12.4.4","A.12.7.1","A.13.1.1","A.13.2.1","A.14.1.3","A.14.2.7","A.15.2.1","A.15.2.2","A.16.1.4","A.16.1.5","A.16.1.7","A.6.2.1","A.6.2.2"],"PCI-DSS Requirement":["Req-10.4.2.b"]}'><td style="padding-left: 95px"><a href="#rule-detail-id34392" onclick="return openRuleDetailsDialog('id34392')">Record attempts to alter time through adjtimex</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_time_clock_settime" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_time_clock_settime" id="rule-overview-leaf-id34393" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_time_rules" data-references='{"NIST SP 800-171":["3.1.7"],"NIST SP 800-53":["AU-2(d)","AU-12(c)","AC-6(9)","CM-6(a)"],"ANSSI":["BP28(R73)"],"https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf":["10.6.3"],"https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf":["DE.AE-3","DE.AE-5","DE.CM-1","DE.CM-3","DE.CM-7","ID.SC-4","PR.AC-3","PR.PT-1","PR.PT-4","RS.AN-1","RS.AN-4"],"https://public.cyber.mil/stigs/cci/":["CCI-001487","CCI-000169"],"https://www.cisecurity.org/controls/":["1","11","12","13","14","15","16","19","2","3","4","5","6","7","8","9"],"FBI CJIS":["5.4.1.1"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)(ii)(A)","164.308(a)(5)(ii)(C)","164.312(a)(2)(i)","164.312(b)","164.312(d)","164.312(e)"],"https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu":["SR 1.13","SR 2.10","SR 2.11","SR 2.12","SR 2.6","SR 2.8","SR 2.9","SR 3.1","SR 3.5","SR 3.8","SR 4.1","SR 4.3","SR 5.1","SR 5.2","SR 5.3","SR 6.1","SR 6.2","SR 7.1","SR 7.6"],"https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat":["4.2.3.10","4.3.2.6.7","4.3.3.3.9","4.3.3.5.8","4.3.3.6.6","4.3.4.4.7","4.3.4.5.6","4.3.4.5.7","4.3.4.5.8","4.4.2.1","4.4.2.2","4.4.2.4"],"https://www.isaca.org/resources/cobit":["APO10.01","APO10.03","APO10.04","APO10.05","APO11.04","APO12.06","APO13.01","BAI03.05","BAI08.02","DSS01.03","DSS01.04","DSS02.02","DSS02.04","DSS02.07","DSS03.01","DSS03.05","DSS05.02","DSS05.03","DSS05.04","DSS05.05","DSS05.07","MEA01.01","MEA01.02","MEA01.03","MEA01.04","MEA01.05","MEA02.01"],"ISO 27001-2013":["A.11.2.6","A.12.4.1","A.12.4.2","A.12.4.3","A.12.4.4","A.12.7.1","A.13.1.1","A.13.2.1","A.14.1.3","A.14.2.7","A.15.2.1","A.15.2.2","A.16.1.4","A.16.1.5","A.16.1.7","A.6.2.1","A.6.2.2"],"PCI-DSS Requirement":["Req-10.4.2.b"]}'><td style="padding-left: 95px"><a href="#rule-detail-id34393" onclick="return openRuleDetailsDialog('id34393')">Record Attempts to Alter Time Through clock_settime</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_time_settimeofday" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_time_settimeofday" id="rule-overview-leaf-id34394" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_time_rules" data-references='{"NIST SP 800-171":["3.1.7"],"NIST SP 800-53":["AU-2(d)","AU-12(c)","AC-6(9)","CM-6(a)"],"https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf":["10.6.3"],"https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf":["DE.AE-3","DE.AE-5","DE.CM-1","DE.CM-3","DE.CM-7","ID.SC-4","PR.AC-3","PR.PT-1","PR.PT-4","RS.AN-1","RS.AN-4"],"https://public.cyber.mil/stigs/cci/":["CCI-001487","CCI-000169"],"https://www.cisecurity.org/benchmark/suse_linux/":["4.1.3"],"https://www.cisecurity.org/controls/":["1","11","12","13","14","15","16","19","2","3","4","5","6","7","8","9"],"FBI CJIS":["5.4.1.1"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)(ii)(A)","164.308(a)(5)(ii)(C)","164.312(a)(2)(i)","164.312(b)","164.312(d)","164.312(e)"],"https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu":["SR 1.13","SR 2.10","SR 2.11","SR 2.12","SR 2.6","SR 2.8","SR 2.9","SR 3.1","SR 3.5","SR 3.8","SR 4.1","SR 4.3","SR 5.1","SR 5.2","SR 5.3","SR 6.1","SR 6.2","SR 7.1","SR 7.6"],"https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat":["4.2.3.10","4.3.2.6.7","4.3.3.3.9","4.3.3.5.8","4.3.3.6.6","4.3.4.4.7","4.3.4.5.6","4.3.4.5.7","4.3.4.5.8","4.4.2.1","4.4.2.2","4.4.2.4"],"https://www.isaca.org/resources/cobit":["APO10.01","APO10.03","APO10.04","APO10.05","APO11.04","APO12.06","APO13.01","BAI03.05","BAI08.02","DSS01.03","DSS01.04","DSS02.02","DSS02.04","DSS02.07","DSS03.01","DSS03.05","DSS05.02","DSS05.03","DSS05.04","DSS05.05","DSS05.07","MEA01.01","MEA01.02","MEA01.03","MEA01.04","MEA01.05","MEA02.01"],"ISO 27001-2013":["A.11.2.6","A.12.4.1","A.12.4.2","A.12.4.3","A.12.4.4","A.12.7.1","A.13.1.1","A.13.2.1","A.14.1.3","A.14.2.7","A.15.2.1","A.15.2.2","A.16.1.4","A.16.1.5","A.16.1.7","A.6.2.1","A.6.2.2"],"PCI-DSS Requirement":["Req-10.4.2.b"]}'><td style="padding-left: 95px"><a href="#rule-detail-id34394" onclick="return openRuleDetailsDialog('id34394')">Record attempts to alter time through settimeofday</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_time_stime" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_time_stime" id="rule-overview-leaf-id34395" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_time_rules" data-references='{"NIST SP 800-171":["3.1.7"],"NIST SP 800-53":["AU-2(d)","AU-12(c)","AC-6(9)","CM-6(a)"],"ANSSI":["BP28(R73)"],"https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf":["10.6.3"],"https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf":["DE.AE-3","DE.AE-5","DE.CM-1","DE.CM-3","DE.CM-7","ID.SC-4","PR.AC-3","PR.PT-1","PR.PT-4","RS.AN-1","RS.AN-4"],"https://public.cyber.mil/stigs/cci/":["CCI-001487","CCI-000169"],"https://www.cisecurity.org/benchmark/suse_linux/":["4.1.3"],"https://www.cisecurity.org/controls/":["1","11","12","13","14","15","16","19","2","3","4","5","6","7","8","9"],"FBI CJIS":["5.4.1.1"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)(ii)(A)","164.308(a)(5)(ii)(C)","164.312(a)(2)(i)","164.312(b)","164.312(d)","164.312(e)"],"https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu":["SR 1.13","SR 2.10","SR 2.11","SR 2.12","SR 2.6","SR 2.8","SR 2.9","SR 3.1","SR 3.5","SR 3.8","SR 4.1","SR 4.3","SR 5.1","SR 5.2","SR 5.3","SR 6.1","SR 6.2","SR 7.1","SR 7.6"],"https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat":["4.2.3.10","4.3.2.6.7","4.3.3.3.9","4.3.3.5.8","4.3.3.6.6","4.3.4.4.7","4.3.4.5.6","4.3.4.5.7","4.3.4.5.8","4.4.2.1","4.4.2.2","4.4.2.4"],"https://www.isaca.org/resources/cobit":["APO10.01","APO10.03","APO10.04","APO10.05","APO11.04","APO12.06","APO13.01","BAI03.05","BAI08.02","DSS01.03","DSS01.04","DSS02.02","DSS02.04","DSS02.07","DSS03.01","DSS03.05","DSS05.02","DSS05.03","DSS05.04","DSS05.05","DSS05.07","MEA01.01","MEA01.02","MEA01.03","MEA01.04","MEA01.05","MEA02.01"],"ISO 27001-2013":["A.11.2.6","A.12.4.1","A.12.4.2","A.12.4.3","A.12.4.4","A.12.7.1","A.13.1.1","A.13.2.1","A.14.1.3","A.14.2.7","A.15.2.1","A.15.2.2","A.16.1.4","A.16.1.5","A.16.1.7","A.6.2.1","A.6.2.2"],"PCI-DSS Requirement":["Req-10.4.2.b"]}'><td style="padding-left: 95px"><a href="#rule-detail-id34395" onclick="return openRuleDetailsDialog('id34395')">Record Attempts to Alter Time Through stime</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_time_watch_localtime" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_time_watch_localtime" id="rule-overview-leaf-id34396" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_time_rules" data-references='{"NIST SP 800-171":["3.1.7"],"NIST SP 800-53":["AU-2(d)","AU-12(c)","AC-6(9)","CM-6(a)"],"ANSSI":["BP28(R73)"],"https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf":["10.6.3","10.6.3"],"https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf":["DE.AE-3","DE.AE-5","DE.CM-1","DE.CM-3","DE.CM-7","ID.SC-4","PR.AC-3","PR.PT-1","PR.PT-4","RS.AN-1","RS.AN-4"],"https://public.cyber.mil/stigs/cci/":["CCI-001487","CCI-000169"],"https://www.cisecurity.org/benchmark/suse_linux/":["4.1.3"],"https://www.cisecurity.org/controls/":["1","11","12","13","14","15","16","19","2","3","4","5","6","7","8","9"],"FBI CJIS":["5.4.1.1"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)(ii)(A)","164.308(a)(5)(ii)(C)","164.312(a)(2)(i)","164.312(b)","164.312(d)","164.312(e)"],"https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu":["SR 1.13","SR 2.10","SR 2.11","SR 2.12","SR 2.6","SR 2.8","SR 2.9","SR 3.1","SR 3.5","SR 3.8","SR 4.1","SR 4.3","SR 5.1","SR 5.2","SR 5.3","SR 6.1","SR 6.2","SR 7.1","SR 7.6"],"https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat":["4.2.3.10","4.3.2.6.7","4.3.3.3.9","4.3.3.5.8","4.3.3.6.6","4.3.4.4.7","4.3.4.5.6","4.3.4.5.7","4.3.4.5.8","4.4.2.1","4.4.2.2","4.4.2.4"],"https://www.isaca.org/resources/cobit":["APO10.01","APO10.03","APO10.04","APO10.05","APO11.04","APO12.06","APO13.01","BAI03.05","BAI08.02","DSS01.03","DSS01.04","DSS02.02","DSS02.04","DSS02.07","DSS03.01","DSS03.05","DSS05.02","DSS05.03","DSS05.04","DSS05.05","DSS05.07","MEA01.01","MEA01.02","MEA01.03","MEA01.04","MEA01.05","MEA02.01"],"ISO 27001-2013":["A.11.2.6","A.12.4.1","A.12.4.2","A.12.4.3","A.12.4.4","A.12.7.1","A.13.1.1","A.13.2.1","A.14.1.3","A.14.2.7","A.15.2.1","A.15.2.2","A.16.1.4","A.16.1.5","A.16.1.7","A.6.2.1","A.6.2.2"],"PCI-DSS Requirement":["Req-10.4.2.b"]}'><td style="padding-left: 95px"><a href="#rule-detail-id34396" onclick="return openRuleDetailsDialog('id34396')">Record Attempts to Alter the localtime File</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_enable_syscall_auditing" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_enable_syscall_auditing" id="rule-overview-leaf-id34397" data-tt-parent-id="xccdf_org.ssgproject.content_group_auditd_configure_rules" data-references='{"NIST SP 800-53":["CM-6(b)","CM-6.1(iv)"],"https://public.cyber.mil/stigs/cci/":["CCI-000366"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000480-GPOS-00227"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux":["SLES-15-030820"],"https://public.cyber.mil/stigs/srg-stig-tools/":["SV-234981r622137_rule"]}'><td style="padding-left: 76px"><a href="#rule-detail-id34397" onclick="return openRuleDetailsDialog('id34397')">Remove Default Configuration to Disable Syscall Auditing</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_immutable" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_immutable" id="rule-overview-leaf-id34398" data-tt-parent-id="xccdf_org.ssgproject.content_group_auditd_configure_rules" data-references='{"NIST SP 800-171":["3.3.1","3.4.3"],"NIST SP 800-53":["AC-6(9)","CM-6(a)"],"ANSSI":["BP28(R73)"],"https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf":["10.3.2"],"https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf":["DE.AE-3","DE.AE-5","ID.SC-4","PR.AC-4","PR.DS-5","PR.PT-1","RS.AN-1","RS.AN-4"],"https://public.cyber.mil/stigs/cci/":["CCI-000162","CCI-000163","CCI-000164"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000057-GPOS-00027","SRG-OS-000058-GPOS-00028","SRG-OS-000059-GPOS-00029"],"https://www.cisecurity.org/benchmark/suse_linux/":["4.1.17"],"https://www.cisecurity.org/controls/":["1","11","12","13","14","15","16","18","19","3","4","5","6","7","8"],"FBI CJIS":["5.4.1.1"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)(ii)(A)","164.308(a)(5)(ii)(C)","164.312(a)(2)(i)","164.310(a)(2)(iv)","164.312(d)","164.310(d)(2)(iii)","164.312(b)","164.312(e)"],"https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu":["SR 2.1","SR 2.10","SR 2.11","SR 2.12","SR 2.8","SR 2.9","SR 5.2","SR 6.1"],"https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat":["4.2.3.10","4.3.2.6.7","4.3.3.3.9","4.3.3.5.8","4.3.3.7.3","4.3.4.4.7","4.3.4.5.6","4.3.4.5.7","4.3.4.5.8","4.4.2.1","4.4.2.2","4.4.2.4"],"https://www.isaca.org/resources/cobit":["APO01.06","APO10.01","APO10.03","APO10.04","APO10.05","APO11.04","APO12.06","BAI03.05","BAI08.02","DSS02.02","DSS02.04","DSS02.07","DSS03.01","DSS05.04","DSS05.07","DSS06.02","MEA01.01","MEA01.02","MEA01.03","MEA01.04","MEA01.05","MEA02.01"],"ISO 27001-2013":["A.10.1.1","A.11.1.4","A.11.1.5","A.11.2.1","A.12.4.1","A.12.4.2","A.12.4.3","A.12.4.4","A.12.7.1","A.13.1.1","A.13.1.3","A.13.2.1","A.13.2.3","A.13.2.4","A.14.1.2","A.14.1.3","A.15.2.1","A.15.2.2","A.16.1.4","A.16.1.5","A.16.1.7","A.6.1.2","A.7.1.1","A.7.1.2","A.7.3.1","A.8.2.2","A.8.2.3","A.9.1.1","A.9.1.2","A.9.2.3","A.9.4.1","A.9.4.4","A.9.4.5"],"PCI-DSS Requirement":["Req-10.5.2"]}'><td style="padding-left: 76px"><a href="#rule-detail-id34398" onclick="return openRuleDetailsDialog('id34398')">Make the auditd Configuration Immutable</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_mac_modification" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_mac_modification" id="rule-overview-leaf-id34399" data-tt-parent-id="xccdf_org.ssgproject.content_group_auditd_configure_rules" data-references='{"NIST SP 800-171":["3.1.8"],"NIST SP 800-53":["AU-2(d)","AU-12(c)","CM-6(a)"],"ANSSI":["BP28(R73)"],"https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf":["10.3.4"],"https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf":["DE.AE-3","DE.AE-5","DE.CM-1","DE.CM-3","DE.CM-7","ID.SC-4","PR.AC-3","PR.PT-1","PR.PT-4","RS.AN-1","RS.AN-4"],"https://www.cisecurity.org/benchmark/suse_linux/":["4.1.6"],"https://www.cisecurity.org/controls/":["1","11","12","13","14","15","16","19","2","3","4","5","6","7","8","9"],"FBI CJIS":["5.4.1.1"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)(ii)(A)","164.308(a)(5)(ii)(C)","164.312(a)(2)(i)","164.312(b)","164.312(d)","164.312(e)"],"https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu":["SR 1.13","SR 2.10","SR 2.11","SR 2.12","SR 2.6","SR 2.8","SR 2.9","SR 3.1","SR 3.5","SR 3.8","SR 4.1","SR 4.3","SR 5.1","SR 5.2","SR 5.3","SR 6.1","SR 6.2","SR 7.1","SR 7.6"],"https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat":["4.2.3.10","4.3.2.6.7","4.3.3.3.9","4.3.3.5.8","4.3.3.6.6","4.3.4.4.7","4.3.4.5.6","4.3.4.5.7","4.3.4.5.8","4.4.2.1","4.4.2.2","4.4.2.4"],"https://www.isaca.org/resources/cobit":["APO10.01","APO10.03","APO10.04","APO10.05","APO11.04","APO12.06","APO13.01","BAI03.05","BAI08.02","DSS01.03","DSS01.04","DSS02.02","DSS02.04","DSS02.07","DSS03.01","DSS03.05","DSS05.02","DSS05.03","DSS05.04","DSS05.05","DSS05.07","MEA01.01","MEA01.02","MEA01.03","MEA01.04","MEA01.05","MEA02.01"],"ISO 27001-2013":["A.11.2.6","A.12.4.1","A.12.4.2","A.12.4.3","A.12.4.4","A.12.7.1","A.13.1.1","A.13.2.1","A.14.1.3","A.14.2.7","A.15.2.1","A.15.2.2","A.16.1.4","A.16.1.5","A.16.1.7","A.6.2.1","A.6.2.2"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"],"PCI-DSS Requirement":["Req-10.5.5"]}'><td style="padding-left: 76px"><a href="#rule-detail-id34399" onclick="return openRuleDetailsDialog('id34399')">Record Events that Modify the System's Mandatory Access Controls</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_media_export" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_media_export" id="rule-overview-leaf-id34400" data-tt-parent-id="xccdf_org.ssgproject.content_group_auditd_configure_rules" data-references='{"NIST SP 800-171":["3.1.7"],"NIST SP 800-53":["AU-2(d)","AU-12(c)","AC-6(9)","CM-6(a)"],"ANSSI":["BP28(R73)"],"https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf":["10.2.1.7"],"https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf":["DE.AE-3","DE.AE-5","DE.CM-1","DE.CM-3","DE.CM-7","ID.SC-4","PR.AC-3","PR.PT-1","PR.PT-4","RS.AN-1","RS.AN-4"],"https://public.cyber.mil/stigs/cci/":["CCI-000130","CCI-000135","CCI-000169","CCI-000172","CCI-002884"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000037-GPOS-00015","SRG-OS-000042-GPOS-00020","SRG-OS-000062-GPOS-00031","SRG-OS-000392-GPOS-00172","SRG-OS-000462-GPOS-00206","SRG-OS-000471-GPOS-00215"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux":["SLES-15-030350"],"https://public.cyber.mil/stigs/srg-stig-tools/":["SV-234934r622137_rule"],"https://www.cisecurity.org/benchmark/suse_linux/":["4.1.12"],"https://www.cisecurity.org/controls/":["1","11","12","13","14","15","16","19","2","3","4","5","6","7","8","9"],"FBI CJIS":["5.4.1.1"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)(ii)(A)","164.308(a)(5)(ii)(C)","164.312(a)(2)(i)","164.312(b)","164.312(d)","164.312(e)"],"https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu":["SR 1.13","SR 2.10","SR 2.11","SR 2.12","SR 2.6","SR 2.8","SR 2.9","SR 3.1","SR 3.5","SR 3.8","SR 4.1","SR 4.3","SR 5.1","SR 5.2","SR 5.3","SR 6.1","SR 6.2","SR 7.1","SR 7.6"],"https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat":["4.2.3.10","4.3.2.6.7","4.3.3.3.9","4.3.3.5.8","4.3.3.6.6","4.3.4.4.7","4.3.4.5.6","4.3.4.5.7","4.3.4.5.8","4.4.2.1","4.4.2.2","4.4.2.4"],"https://www.isaca.org/resources/cobit":["APO10.01","APO10.03","APO10.04","APO10.05","APO11.04","APO12.06","APO13.01","BAI03.05","BAI08.02","DSS01.03","DSS01.04","DSS02.02","DSS02.04","DSS02.07","DSS03.01","DSS03.05","DSS05.02","DSS05.03","DSS05.04","DSS05.05","DSS05.07","MEA01.01","MEA01.02","MEA01.03","MEA01.04","MEA01.05","MEA02.01"],"ISO 27001-2013":["A.11.2.6","A.12.4.1","A.12.4.2","A.12.4.3","A.12.4.4","A.12.7.1","A.13.1.1","A.13.2.1","A.14.1.3","A.14.2.7","A.15.2.1","A.15.2.2","A.16.1.4","A.16.1.5","A.16.1.7","A.6.2.1","A.6.2.2"],"PCI-DSS Requirement":["Req-10.2.7"]}'><td style="padding-left: 76px"><a href="#rule-detail-id34400" onclick="return openRuleDetailsDialog('id34400')">Ensure auditd Collects Information on Exporting to Media (successful)</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_networkconfig_modification" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_networkconfig_modification" id="rule-overview-leaf-id34401" data-tt-parent-id="xccdf_org.ssgproject.content_group_auditd_configure_rules" data-references='{"NIST SP 800-171":["3.1.7"],"NIST SP 800-53":["AU-2(d)","AU-12(c)","AC-6(9)","CM-6(a)"],"ANSSI":["BP28(R73)"],"https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf":["10.3.4"],"https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf":["DE.AE-3","DE.AE-5","DE.CM-1","DE.CM-3","DE.CM-7","ID.SC-4","PR.AC-3","PR.PT-1","PR.PT-4","RS.AN-1","RS.AN-4"],"https://www.cisecurity.org/benchmark/suse_linux/":["4.1.5"],"https://www.cisecurity.org/controls/":["1","11","12","13","14","15","16","19","2","3","4","5","6","7","8","9"],"FBI CJIS":["5.4.1.1"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)(ii)(A)","164.308(a)(5)(ii)(C)","164.312(a)(2)(i)","164.312(b)","164.312(d)","164.312(e)"],"https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu":["SR 1.13","SR 2.10","SR 2.11","SR 2.12","SR 2.6","SR 2.8","SR 2.9","SR 3.1","SR 3.5","SR 3.8","SR 4.1","SR 4.3","SR 5.1","SR 5.2","SR 5.3","SR 6.1","SR 6.2","SR 7.1","SR 7.6"],"https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat":["4.2.3.10","4.3.2.6.7","4.3.3.3.9","4.3.3.5.8","4.3.3.6.6","4.3.4.4.7","4.3.4.5.6","4.3.4.5.7","4.3.4.5.8","4.4.2.1","4.4.2.2","4.4.2.4"],"https://www.isaca.org/resources/cobit":["APO10.01","APO10.03","APO10.04","APO10.05","APO11.04","APO12.06","APO13.01","BAI03.05","BAI08.02","DSS01.03","DSS01.04","DSS02.02","DSS02.04","DSS02.07","DSS03.01","DSS03.05","DSS05.02","DSS05.03","DSS05.04","DSS05.05","DSS05.07","MEA01.01","MEA01.02","MEA01.03","MEA01.04","MEA01.05","MEA02.01"],"ISO 27001-2013":["A.11.2.6","A.12.4.1","A.12.4.2","A.12.4.3","A.12.4.4","A.12.7.1","A.13.1.1","A.13.2.1","A.14.1.3","A.14.2.7","A.15.2.1","A.15.2.2","A.16.1.4","A.16.1.5","A.16.1.7","A.6.2.1","A.6.2.2"],"PCI-DSS Requirement":["Req-10.5.5"]}'><td style="padding-left: 76px"><a href="#rule-detail-id34401" onclick="return openRuleDetailsDialog('id34401')">Record Events that Modify the System's Network Environment</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_session_events" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_session_events" id="rule-overview-leaf-id34402" data-tt-parent-id="xccdf_org.ssgproject.content_group_auditd_configure_rules" data-references='{"NIST SP 800-171":["3.1.7"],"NIST SP 800-53":["AU-2(d)","AU-12(c)","CM-6(a)"],"ANSSI":["BP28(R73)"],"https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf":["10.2.1.3"],"https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf":["DE.AE-3","DE.AE-5","DE.CM-1","DE.CM-3","DE.CM-7","ID.SC-4","PR.AC-3","PR.PT-1","PR.PT-4","RS.AN-1","RS.AN-4"],"https://www.cisecurity.org/benchmark/suse_linux/":["4.1.8"],"https://www.cisecurity.org/controls/":["1","11","12","13","14","15","16","19","2","3","4","5","6","7","8","9"],"https://www.cyber.gov.au/acsc/view-all-content/ism":["0582","0584","05885","0586","0846","0957"],"FBI CJIS":["5.4.1.1"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)(ii)(A)","164.308(a)(5)(ii)(C)","164.312(a)(2)(i)","164.312(b)","164.312(d)","164.312(e)"],"https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu":["SR 1.13","SR 2.10","SR 2.11","SR 2.12","SR 2.6","SR 2.8","SR 2.9","SR 3.1","SR 3.5","SR 3.8","SR 4.1","SR 4.3","SR 5.1","SR 5.2","SR 5.3","SR 6.1","SR 6.2","SR 7.1","SR 7.6"],"https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat":["4.2.3.10","4.3.2.6.7","4.3.3.3.9","4.3.3.5.8","4.3.3.6.6","4.3.4.4.7","4.3.4.5.6","4.3.4.5.7","4.3.4.5.8","4.4.2.1","4.4.2.2","4.4.2.4"],"https://www.isaca.org/resources/cobit":["APO10.01","APO10.03","APO10.04","APO10.05","APO11.04","APO12.06","APO13.01","BAI03.05","BAI08.02","DSS01.03","DSS01.04","DSS02.02","DSS02.04","DSS02.07","DSS03.01","DSS03.05","DSS05.02","DSS05.03","DSS05.04","DSS05.05","DSS05.07","MEA01.01","MEA01.02","MEA01.03","MEA01.04","MEA01.05","MEA02.01"],"ISO 27001-2013":["A.11.2.6","A.12.4.1","A.12.4.2","A.12.4.3","A.12.4.4","A.12.7.1","A.13.1.1","A.13.2.1","A.14.1.3","A.14.2.7","A.15.2.1","A.15.2.2","A.16.1.4","A.16.1.5","A.16.1.7","A.6.2.1","A.6.2.2"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"],"PCI-DSS Requirement":["Req-10.2.3"]}'><td style="padding-left: 76px"><a href="#rule-detail-id34402" onclick="return openRuleDetailsDialog('id34402')">Record Attempts to Alter Process and Session Initiation Information</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_session_events_btmp" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_session_events_btmp" id="rule-overview-leaf-id34403" data-tt-parent-id="xccdf_org.ssgproject.content_group_auditd_configure_rules" data-references='{"NIST SP 800-53":["AU-12(c)","AU-12.1(iv)"],"https://public.cyber.mil/stigs/cci/":["CCI-000172"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000472-GPOS-00217"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux":["SLES-15-030780"],"https://public.cyber.mil/stigs/srg-stig-tools/":["SV-234977r622137_rule"]}'><td style="padding-left: 76px"><a href="#rule-detail-id34403" onclick="return openRuleDetailsDialog('id34403')">Record Attempts to Alter Process and Session Initiation Information btmp</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_session_events_utmp" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_session_events_utmp" id="rule-overview-leaf-id34404" data-tt-parent-id="xccdf_org.ssgproject.content_group_auditd_configure_rules" data-references='{"NIST SP 800-53":["AU-12(c)","AU-12.1(iv)"],"https://public.cyber.mil/stigs/cci/":["CCI-000172"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000472-GPOS-00217"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux":["SLES-15-030760"],"https://public.cyber.mil/stigs/srg-stig-tools/":["SV-234975r622137_rule"]}'><td style="padding-left: 76px"><a href="#rule-detail-id34404" onclick="return openRuleDetailsDialog('id34404')">Record Attempts to Alter Process and Session Initiation Information utmp</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_session_events_wtmp" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_session_events_wtmp" id="rule-overview-leaf-id34405" data-tt-parent-id="xccdf_org.ssgproject.content_group_auditd_configure_rules" data-references='{"NIST SP 800-53":["AU-12(c)","AU-12.1(iv)"],"https://public.cyber.mil/stigs/cci/":["CCI-000172"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000472-GPOS-00217"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux":["SLES-15-030770"],"https://public.cyber.mil/stigs/srg-stig-tools/":["SV-234976r622137_rule"]}'><td style="padding-left: 76px"><a href="#rule-detail-id34405" onclick="return openRuleDetailsDialog('id34405')">Record Attempts to Alter Process and Session Initiation Information wtmp</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_suid_privilege_function" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_suid_privilege_function" id="rule-overview-leaf-id34406" data-tt-parent-id="xccdf_org.ssgproject.content_group_auditd_configure_rules" data-references='{"NIST SP 800-53":["CM-5(1)","AU-7(a)","AU-7(b)","AU-8(b)","AU-12(3)","AC-6(9)"],"https://public.cyber.mil/stigs/cci/":["CCI-001814","CCI-001882","CCI-001889","CCI-001880","CCI-001881","CCI-001878","CCI-001879","CCI-001875","CCI-001877","CCI-001914","CCI-002233","CCI-002234"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=application-servers":["SRG-APP-000343-CTR-000780","SRG-APP-000381-CTR-000905"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000326-GPOS-00126","SRG-OS-000327-GPOS-00127"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux":["SLES-15-030640"],"https://public.cyber.mil/stigs/srg-stig-tools/":["SV-234963r622137_rule"]}'><td style="padding-left: 76px"><a href="#rule-detail-id34406" onclick="return openRuleDetailsDialog('id34406')">Record Events When Privileged Executables Are Run</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_sysadmin_actions" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_sysadmin_actions" id="rule-overview-leaf-id34407" data-tt-parent-id="xccdf_org.ssgproject.content_group_auditd_configure_rules" data-references='{"NIST SP 800-171":["3.1.7"],"NIST SP 800-53":["AU-3","AU-3.1","AU-12(a)","AU-12.1(ii)","AU-12.1(iv)","MA-4(1)(a)"],"ANSSI":["BP28(R73)"],"https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf":["10.2.1.5","10.2.2"],"https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf":["DE.AE-3","DE.AE-5","DE.CM-1","DE.CM-3","DE.CM-7","ID.SC-4","PR.AC-1","PR.AC-3","PR.AC-4","PR.AC-6","PR.PT-1","PR.PT-4","RS.AN-1","RS.AN-4"],"https://public.cyber.mil/stigs/cci/":["CCI-000126","CCI-000130","CCI-000135","CCI-000169","CCI-000172","CCI-002884"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=application-servers":["SRG-APP-000026-CTR-000070","SRG-APP-000027-CTR-000075","SRG-APP-000028-CTR-000080","SRG-APP-000291-CTR-000675","SRG-APP-000292-CTR-000680","SRG-APP-000293-CTR-000685","SRG-APP-000294-CTR-000690","SRG-APP-000319-CTR-000745","SRG-APP-000320-CTR-000750","SRG-APP-000509-CTR-001305"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000004-GPOS-00004","SRG-OS-000037-GPOS-00015","SRG-OS-000042-GPOS-00020","SRG-OS-000062-GPOS-00031","SRG-OS-000304-GPOS-00121","SRG-OS-000392-GPOS-00172","SRG-OS-000462-GPOS-00206","SRG-OS-000470-GPOS-00214","SRG-OS-000471-GPOS-00215","SRG-OS-000239-GPOS-00089","SRG-OS-000240-GPOS-00090","SRG-OS-000241-GPOS-00091","SRG-OS-000303-GPOS-00120","SRG-OS-000304-GPOS-00121","SRG-OS-000466-GPOS-00210","SRG-OS-000476-GPOS-00221"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux":["SLES-15-030140"],"https://public.cyber.mil/stigs/srg-stig-tools/":["SV-234913r622137_rule"],"https://www.cisecurity.org/benchmark/suse_linux/":["4.1.14","4.1.15"],"https://www.cisecurity.org/controls/":["1","11","12","13","14","15","16","18","19","2","3","4","5","6","7","8","9"],"FBI CJIS":["5.4.1.1"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)(ii)(A)","164.308(a)(5)(ii)(C)","164.312(a)(2)(i)","164.312(b)","164.312(d)","164.312(e)"],"https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu":["SR 1.1","SR 1.13","SR 1.2","SR 1.3","SR 1.4","SR 1.5","SR 1.7","SR 1.8","SR 1.9","SR 2.1","SR 2.10","SR 2.11","SR 2.12","SR 2.6","SR 2.8","SR 2.9","SR 3.1","SR 3.5","SR 3.8","SR 4.1","SR 4.3","SR 5.1","SR 5.2","SR 5.3","SR 6.1","SR 6.2","SR 7.1","SR 7.6"],"https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat":["4.2.3.10","4.3.2.6.7","4.3.3.2.2","4.3.3.3.9","4.3.3.5.1","4.3.3.5.2","4.3.3.5.8","4.3.3.6.6","4.3.3.7.2","4.3.3.7.3","4.3.3.7.4","4.3.4.4.7","4.3.4.5.6","4.3.4.5.7","4.3.4.5.8","4.4.2.1","4.4.2.2","4.4.2.4"],"https://www.isaca.org/resources/cobit":["APO10.01","APO10.03","APO10.04","APO10.05","APO11.04","APO12.06","APO13.01","BAI03.05","BAI08.02","DSS01.03","DSS01.04","DSS02.02","DSS02.04","DSS02.07","DSS03.01","DSS03.05","DSS05.02","DSS05.03","DSS05.04","DSS05.05","DSS05.07","DSS06.03","MEA01.01","MEA01.02","MEA01.03","MEA01.04","MEA01.05","MEA02.01"],"ISO 27001-2013":["A.11.2.6","A.12.4.1","A.12.4.2","A.12.4.3","A.12.4.4","A.12.7.1","A.13.1.1","A.13.2.1","A.14.1.3","A.14.2.7","A.15.2.1","A.15.2.2","A.16.1.4","A.16.1.5","A.16.1.7","A.6.1.2","A.6.2.1","A.6.2.2","A.7.1.1","A.9.1.2","A.9.2.1","A.9.2.2","A.9.2.3","A.9.2.4","A.9.2.6","A.9.3.1","A.9.4.1","A.9.4.2","A.9.4.3","A.9.4.4","A.9.4.5"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"],"PCI-DSS Requirement":["Req-10.2.2","Req-10.2.5.b"]}'><td style="padding-left: 76px"><a href="#rule-detail-id34407" onclick="return openRuleDetailsDialog('id34407')">Ensure auditd Collects System Administrator Actions</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_usergroup_modification_group" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_usergroup_modification_group" id="rule-overview-leaf-id34408" data-tt-parent-id="xccdf_org.ssgproject.content_group_auditd_configure_rules" data-references='{"NIST SP 800-171":["3.1.7"],"NIST SP 800-53":["AC-2(4)","AU-2(d)","AU-12(c)","AC-6(9)","CM-6(a)"],"ANSSI":["BP28(R73)"],"https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf":["10.2.1.5"],"https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf":["DE.AE-3","DE.AE-5","DE.CM-1","DE.CM-3","DE.CM-7","ID.SC-4","PR.AC-1","PR.AC-3","PR.AC-4","PR.AC-6","PR.PT-1","PR.PT-4","RS.AN-1","RS.AN-4"],"https://public.cyber.mil/stigs/cci/":["CCI-000018","CCI-000130","CCI-000135","CCI-000169","CCI-000172","CCI-001403","CCI-001404","CCI-001405","CCI-001683","CCI-001684","CCI-001685","CCI-001686","CCI-002130","CCI-002132","CCI-002884"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000004-GPOS-00004","SRG-OS-000037-GPOS-00015","SRG-OS-000042-GPOS-00020","SRG-OS-000062-GPOS-00031","SRG-OS-000304-GPOS-00121","SRG-OS-000392-GPOS-00172","SRG-OS-000462-GPOS-00206","SRG-OS-000470-GPOS-00214","SRG-OS-000471-GPOS-00215","SRG-OS-000239-GPOS-00089","SRG-OS-000240-GPOS-00090","SRG-OS-000241-GPOS-00091","SRG-OS-000303-GPOS-00120","SRG-OS-000466-GPOS-00210","SRG-OS-000476-GPOS-00221"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux":["SLES-15-030010"],"https://public.cyber.mil/stigs/srg-stig-tools/":["SV-234900r622137_rule"],"https://www.cisecurity.org/benchmark/suse_linux/":["4.1.4"],"https://www.cisecurity.org/controls/":["1","11","12","13","14","15","16","18","19","2","3","4","5","6","7","8","9"],"FBI CJIS":["5.4.1.1"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)(ii)(A)","164.308(a)(5)(ii)(C)","164.312(a)(2)(i)","164.312(b)","164.312(d)","164.312(e)"],"https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu":["SR 1.1","SR 1.13","SR 1.2","SR 1.3","SR 1.4","SR 1.5","SR 1.7","SR 1.8","SR 1.9","SR 2.1","SR 2.10","SR 2.11","SR 2.12","SR 2.6","SR 2.8","SR 2.9","SR 3.1","SR 3.5","SR 3.8","SR 4.1","SR 4.3","SR 5.1","SR 5.2","SR 5.3","SR 6.1","SR 6.2","SR 7.1","SR 7.6"],"https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat":["4.2.3.10","4.3.2.6.7","4.3.3.2.2","4.3.3.3.9","4.3.3.5.1","4.3.3.5.2","4.3.3.5.8","4.3.3.6.6","4.3.3.7.2","4.3.3.7.3","4.3.3.7.4","4.3.4.4.7","4.3.4.5.6","4.3.4.5.7","4.3.4.5.8","4.4.2.1","4.4.2.2","4.4.2.4"],"https://www.isaca.org/resources/cobit":["APO10.01","APO10.03","APO10.04","APO10.05","APO11.04","APO12.06","APO13.01","BAI03.05","BAI08.02","DSS01.03","DSS01.04","DSS02.02","DSS02.04","DSS02.07","DSS03.01","DSS03.05","DSS05.02","DSS05.03","DSS05.04","DSS05.05","DSS05.07","DSS06.03","MEA01.01","MEA01.02","MEA01.03","MEA01.04","MEA01.05","MEA02.01"],"ISO 27001-2013":["A.11.2.6","A.12.4.1","A.12.4.2","A.12.4.3","A.12.4.4","A.12.7.1","A.13.1.1","A.13.2.1","A.14.1.3","A.14.2.7","A.15.2.1","A.15.2.2","A.16.1.4","A.16.1.5","A.16.1.7","A.6.1.2","A.6.2.1","A.6.2.2","A.7.1.1","A.9.1.2","A.9.2.1","A.9.2.2","A.9.2.3","A.9.2.4","A.9.2.6","A.9.3.1","A.9.4.1","A.9.4.2","A.9.4.3","A.9.4.4","A.9.4.5"],"https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx":["CIP-004-6 R2.2.2","CIP-004-6 R2.2.3","CIP-007-3 R.1.3","CIP-007-3 R5","CIP-007-3 R5.1.1","CIP-007-3 R5.1.3","CIP-007-3 R5.2.1","CIP-007-3 R5.2.3"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"],"PCI-DSS Requirement":["Req-10.2.5"]}'><td style="padding-left: 76px"><a href="#rule-detail-id34408" onclick="return openRuleDetailsDialog('id34408')">Record Events that Modify User/Group Information - /etc/group</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_usergroup_modification_gshadow" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_usergroup_modification_gshadow" id="rule-overview-leaf-id34409" data-tt-parent-id="xccdf_org.ssgproject.content_group_auditd_configure_rules" data-references='{"NIST SP 800-171":["3.1.7"],"NIST SP 800-53":["AC-2(4)","AU-2(d)","AU-12(c)","AC-6(9)","CM-6(a)"],"ANSSI":["BP28(R73)"],"https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf":["10.2.1.5"],"https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf":["DE.AE-3","DE.AE-5","DE.CM-1","DE.CM-3","DE.CM-7","ID.SC-4","PR.AC-1","PR.AC-3","PR.AC-4","PR.AC-6","PR.PT-1","PR.PT-4","RS.AN-1","RS.AN-4"],"https://public.cyber.mil/stigs/cci/":["CCI-000018","CCI-000130","CCI-000135","CCI-000169","CCI-000172","CCI-001403","CCI-001404","CCI-001405","CCI-001683","CCI-001684","CCI-001685","CCI-001686","CCI-002130","CCI-002132","CCI-002884"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000004-GPOS-00004","SRG-OS-000037-GPOS-00015","SRG-OS-000042-GPOS-00020","SRG-OS-000062-GPOS-00031","SRG-OS-000304-GPOS-00121","SRG-OS-000392-GPOS-00172","SRG-OS-000462-GPOS-00206","SRG-OS-000470-GPOS-00214","SRG-OS-000471-GPOS-00215","SRG-OS-000239-GPOS-00089","SRG-OS-000240-GPOS-00090","SRG-OS-000241-GPOS-00091","SRG-OS-000303-GPOS-00120","SRG-OS-000466-GPOS-00210","SRG-OS-000476-GPOS-00221"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux":["SLES-15-030040"],"https://public.cyber.mil/stigs/srg-stig-tools/":["SV-234903r622137_rule"],"https://www.cisecurity.org/benchmark/suse_linux/":["4.1.4"],"https://www.cisecurity.org/controls/":["1","11","12","13","14","15","16","18","19","2","3","4","5","6","7","8","9"],"FBI CJIS":["5.4.1.1"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)(ii)(A)","164.308(a)(5)(ii)(C)","164.312(a)(2)(i)","164.312(b)","164.312(d)","164.312(e)"],"https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu":["SR 1.1","SR 1.13","SR 1.2","SR 1.3","SR 1.4","SR 1.5","SR 1.7","SR 1.8","SR 1.9","SR 2.1","SR 2.10","SR 2.11","SR 2.12","SR 2.6","SR 2.8","SR 2.9","SR 3.1","SR 3.5","SR 3.8","SR 4.1","SR 4.3","SR 5.1","SR 5.2","SR 5.3","SR 6.1","SR 6.2","SR 7.1","SR 7.6"],"https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat":["4.2.3.10","4.3.2.6.7","4.3.3.2.2","4.3.3.3.9","4.3.3.5.1","4.3.3.5.2","4.3.3.5.8","4.3.3.6.6","4.3.3.7.2","4.3.3.7.3","4.3.3.7.4","4.3.4.4.7","4.3.4.5.6","4.3.4.5.7","4.3.4.5.8","4.4.2.1","4.4.2.2","4.4.2.4"],"https://www.isaca.org/resources/cobit":["APO10.01","APO10.03","APO10.04","APO10.05","APO11.04","APO12.06","APO13.01","BAI03.05","BAI08.02","DSS01.03","DSS01.04","DSS02.02","DSS02.04","DSS02.07","DSS03.01","DSS03.05","DSS05.02","DSS05.03","DSS05.04","DSS05.05","DSS05.07","DSS06.03","MEA01.01","MEA01.02","MEA01.03","MEA01.04","MEA01.05","MEA02.01"],"ISO 27001-2013":["A.11.2.6","A.12.4.1","A.12.4.2","A.12.4.3","A.12.4.4","A.12.7.1","A.13.1.1","A.13.2.1","A.14.1.3","A.14.2.7","A.15.2.1","A.15.2.2","A.16.1.4","A.16.1.5","A.16.1.7","A.6.1.2","A.6.2.1","A.6.2.2","A.7.1.1","A.9.1.2","A.9.2.1","A.9.2.2","A.9.2.3","A.9.2.4","A.9.2.6","A.9.3.1","A.9.4.1","A.9.4.2","A.9.4.3","A.9.4.4","A.9.4.5"],"https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx":["CIP-004-6 R2.2.2","CIP-004-6 R2.2.3","CIP-007-3 R.1.3","CIP-007-3 R5","CIP-007-3 R5.1.1","CIP-007-3 R5.1.3","CIP-007-3 R5.2.1","CIP-007-3 R5.2.3"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"],"PCI-DSS Requirement":["Req-10.2.5"]}'><td style="padding-left: 76px"><a href="#rule-detail-id34409" onclick="return openRuleDetailsDialog('id34409')">Record Events that Modify User/Group Information - /etc/gshadow</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_usergroup_modification_opasswd" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_usergroup_modification_opasswd" id="rule-overview-leaf-id34410" data-tt-parent-id="xccdf_org.ssgproject.content_group_auditd_configure_rules" data-references='{"NIST SP 800-171":["3.1.7"],"NIST SP 800-53":["AC-2(4).1(i&amp;ii)","AU-12.1(iv)"],"ANSSI":["BP28(R73)"],"https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf":["10.2.1.5"],"https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf":["DE.AE-3","DE.AE-5","DE.CM-1","DE.CM-3","DE.CM-7","ID.SC-4","PR.AC-1","PR.AC-3","PR.AC-4","PR.AC-6","PR.PT-1","PR.PT-4","RS.AN-1","RS.AN-4"],"https://public.cyber.mil/stigs/cci/":["CCI-000018","CCI-000130","CCI-000135","CCI-000169","CCI-000172","CCI-001403","CCI-001404","CCI-001405","CCI-001683","CCI-001684","CCI-001685","CCI-001686","CCI-002130","CCI-002132","CCI-002884"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000004-GPOS-00004","SRG-OS-000037-GPOS-00015","SRG-OS-000042-GPOS-00020","SRG-OS-000062-GPOS-00031","SRG-OS-000304-GPOS-00121","SRG-OS-000392-GPOS-00172","SRG-OS-000462-GPOS-00206","SRG-OS-000470-GPOS-00214","SRG-OS-000471-GPOS-00215","SRG-OS-000239-GPOS-00089","SRG-OS-000240-GPOS-00090","SRG-OS-000241-GPOS-00091","SRG-OS-000303-GPOS-00120","SRG-OS-000466-GPOS-00210","SRG-OS-000476-GPOS-00221"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux":["SLES-15-030030"],"https://public.cyber.mil/stigs/srg-stig-tools/":["SV-234902r622137_rule"],"https://www.cisecurity.org/benchmark/suse_linux/":["4.1.4"],"https://www.cisecurity.org/controls/":["1","11","12","13","14","15","16","18","19","2","3","4","5","6","7","8","9"],"FBI CJIS":["5.4.1.1"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)(ii)(A)","164.308(a)(5)(ii)(C)","164.312(a)(2)(i)","164.312(b)","164.312(d)","164.312(e)"],"https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu":["SR 1.1","SR 1.13","SR 1.2","SR 1.3","SR 1.4","SR 1.5","SR 1.7","SR 1.8","SR 1.9","SR 2.1","SR 2.10","SR 2.11","SR 2.12","SR 2.6","SR 2.8","SR 2.9","SR 3.1","SR 3.5","SR 3.8","SR 4.1","SR 4.3","SR 5.1","SR 5.2","SR 5.3","SR 6.1","SR 6.2","SR 7.1","SR 7.6"],"https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat":["4.2.3.10","4.3.2.6.7","4.3.3.2.2","4.3.3.3.9","4.3.3.5.1","4.3.3.5.2","4.3.3.5.8","4.3.3.6.6","4.3.3.7.2","4.3.3.7.3","4.3.3.7.4","4.3.4.4.7","4.3.4.5.6","4.3.4.5.7","4.3.4.5.8","4.4.2.1","4.4.2.2","4.4.2.4"],"https://www.isaca.org/resources/cobit":["APO10.01","APO10.03","APO10.04","APO10.05","APO11.04","APO12.06","APO13.01","BAI03.05","BAI08.02","DSS01.03","DSS01.04","DSS02.02","DSS02.04","DSS02.07","DSS03.01","DSS03.05","DSS05.02","DSS05.03","DSS05.04","DSS05.05","DSS05.07","DSS06.03","MEA01.01","MEA01.02","MEA01.03","MEA01.04","MEA01.05","MEA02.01"],"ISO 27001-2013":["A.11.2.6","A.12.4.1","A.12.4.2","A.12.4.3","A.12.4.4","A.12.7.1","A.13.1.1","A.13.2.1","A.14.1.3","A.14.2.7","A.15.2.1","A.15.2.2","A.16.1.4","A.16.1.5","A.16.1.7","A.6.1.2","A.6.2.1","A.6.2.2","A.7.1.1","A.9.1.2","A.9.2.1","A.9.2.2","A.9.2.3","A.9.2.4","A.9.2.6","A.9.3.1","A.9.4.1","A.9.4.2","A.9.4.3","A.9.4.4","A.9.4.5"],"https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx":["CIP-004-6 R2.2.2","CIP-004-6 R2.2.3","CIP-007-3 R.1.3","CIP-007-3 R5","CIP-007-3 R5.1.1","CIP-007-3 R5.1.3","CIP-007-3 R5.2.1","CIP-007-3 R5.2.3"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"],"PCI-DSS Requirement":["Req-10.2.5"]}'><td style="padding-left: 76px"><a href="#rule-detail-id34410" onclick="return openRuleDetailsDialog('id34410')">Record Events that Modify User/Group Information - /etc/security/opasswd</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_usergroup_modification_passwd" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_usergroup_modification_passwd" id="rule-overview-leaf-id34411" data-tt-parent-id="xccdf_org.ssgproject.content_group_auditd_configure_rules" data-references='{"NIST SP 800-171":["3.1.7"],"NIST SP 800-53":["AC-2(4)","AU-2(d)","AU-12(c)","AC-6(9)","CM-6(a)"],"ANSSI":["BP28(R73)"],"https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf":["10.2.1.5"],"https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf":["DE.AE-3","DE.AE-5","DE.CM-1","DE.CM-3","DE.CM-7","ID.SC-4","PR.AC-1","PR.AC-3","PR.AC-4","PR.AC-6","PR.PT-1","PR.PT-4","RS.AN-1","RS.AN-4"],"https://public.cyber.mil/stigs/cci/":["CCI-000018","CCI-000130","CCI-000135","CCI-000169","CCI-000172","CCI-001403","CCI-001404","CCI-001405","CCI-001683","CCI-001684","CCI-001685","CCI-001686","CCI-002130","CCI-002132","CCI-002884"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000004-GPOS-00004","SRG-OS-000037-GPOS-00015","SRG-OS-000042-GPOS-00020","SRG-OS-000062-GPOS-00031","SRG-OS-000304-GPOS-00121","SRG-OS-000392-GPOS-00172","SRG-OS-000462-GPOS-00206","SRG-OS-000470-GPOS-00214","SRG-OS-000471-GPOS-00215","SRG-OS-000239-GPOS-00089","SRG-OS-000240-GPOS-00090","SRG-OS-000241-GPOS-00091","SRG-OS-000303-GPOS-00120","SRG-OS-000304-GPOS-00121","SRG-OS-000466-GPOS-00210","SRG-OS-000476-GPOS-00221","SRG-OS-000274-GPOS-00104","SRG-OS-000275-GPOS-00105","SRG-OS-000276-GPOS-00106","SRG-OS-000277-GPOS-00107"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux":["SLES-15-030000"],"https://public.cyber.mil/stigs/srg-stig-tools/":["SV-234899r622137_rule"],"https://www.cisecurity.org/benchmark/suse_linux/":["4.1.4"],"https://www.cisecurity.org/controls/":["1","11","12","13","14","15","16","18","19","2","3","4","5","6","7","8","9"],"FBI CJIS":["5.4.1.1"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)(ii)(A)","164.308(a)(5)(ii)(C)","164.312(a)(2)(i)","164.312(b)","164.312(d)","164.312(e)"],"https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu":["SR 1.1","SR 1.13","SR 1.2","SR 1.3","SR 1.4","SR 1.5","SR 1.7","SR 1.8","SR 1.9","SR 2.1","SR 2.10","SR 2.11","SR 2.12","SR 2.6","SR 2.8","SR 2.9","SR 3.1","SR 3.5","SR 3.8","SR 4.1","SR 4.3","SR 5.1","SR 5.2","SR 5.3","SR 6.1","SR 6.2","SR 7.1","SR 7.6"],"https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat":["4.2.3.10","4.3.2.6.7","4.3.3.2.2","4.3.3.3.9","4.3.3.5.1","4.3.3.5.2","4.3.3.5.8","4.3.3.6.6","4.3.3.7.2","4.3.3.7.3","4.3.3.7.4","4.3.4.4.7","4.3.4.5.6","4.3.4.5.7","4.3.4.5.8","4.4.2.1","4.4.2.2","4.4.2.4"],"https://www.isaca.org/resources/cobit":["APO10.01","APO10.03","APO10.04","APO10.05","APO11.04","APO12.06","APO13.01","BAI03.05","BAI08.02","DSS01.03","DSS01.04","DSS02.02","DSS02.04","DSS02.07","DSS03.01","DSS03.05","DSS05.02","DSS05.03","DSS05.04","DSS05.05","DSS05.07","DSS06.03","MEA01.01","MEA01.02","MEA01.03","MEA01.04","MEA01.05","MEA02.01"],"ISO 27001-2013":["A.11.2.6","A.12.4.1","A.12.4.2","A.12.4.3","A.12.4.4","A.12.7.1","A.13.1.1","A.13.2.1","A.14.1.3","A.14.2.7","A.15.2.1","A.15.2.2","A.16.1.4","A.16.1.5","A.16.1.7","A.6.1.2","A.6.2.1","A.6.2.2","A.7.1.1","A.9.1.2","A.9.2.1","A.9.2.2","A.9.2.3","A.9.2.4","A.9.2.6","A.9.3.1","A.9.4.1","A.9.4.2","A.9.4.3","A.9.4.4","A.9.4.5"],"https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx":["CIP-004-6 R2.2.2","CIP-004-6 R2.2.3","CIP-007-3 R.1.3","CIP-007-3 R5","CIP-007-3 R5.1.1","CIP-007-3 R5.1.3","CIP-007-3 R5.2.1","CIP-007-3 R5.2.3"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"],"PCI-DSS Requirement":["Req-10.2.5"]}'><td style="padding-left: 76px"><a href="#rule-detail-id34411" onclick="return openRuleDetailsDialog('id34411')">Record Events that Modify User/Group Information - /etc/passwd</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_usergroup_modification_shadow" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_usergroup_modification_shadow" id="rule-overview-leaf-id34412" data-tt-parent-id="xccdf_org.ssgproject.content_group_auditd_configure_rules" data-references='{"NIST SP 800-171":["3.1.7"],"NIST SP 800-53":["AC-2(4)","AU-2(d)","AU-12(c)","AC-6(9)","CM-6(a)"],"ANSSI":["BP28(R73)"],"https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf":["10.2.1.5"],"https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf":["DE.AE-3","DE.AE-5","DE.CM-1","DE.CM-3","DE.CM-7","ID.SC-4","PR.AC-1","PR.AC-3","PR.AC-4","PR.AC-6","PR.PT-1","PR.PT-4","RS.AN-1","RS.AN-4"],"https://public.cyber.mil/stigs/cci/":["CCI-000018","CCI-000130","CCI-000135","CCI-000169","CCI-000172","CCI-001403","CCI-001404","CCI-001405","CCI-001683","CCI-001684","CCI-001685","CCI-001686","CCI-002130","CCI-002132","CCI-002884"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000004-GPOS-00004","SRG-OS-000037-GPOS-00015","SRG-OS-000042-GPOS-00020","SRG-OS-000062-GPOS-00031","SRG-OS-000304-GPOS-00121","SRG-OS-000392-GPOS-00172","SRG-OS-000462-GPOS-00206","SRG-OS-000470-GPOS-00214","SRG-OS-000471-GPOS-00215","SRG-OS-000239-GPOS-00089","SRG-OS-000240-GPOS-00090","SRG-OS-000241-GPOS-00091","SRG-OS-000303-GPOS-00120","SRG-OS-000466-GPOS-00210","SRG-OS-000476-GPOS-00221"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux":["SLES-15-030020"],"https://public.cyber.mil/stigs/srg-stig-tools/":["SV-234901r622137_rule"],"https://www.cisecurity.org/benchmark/suse_linux/":["4.1.4"],"https://www.cisecurity.org/controls/":["1","11","12","13","14","15","16","18","19","2","3","4","5","6","7","8","9"],"FBI CJIS":["5.4.1.1"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)(ii)(A)","164.308(a)(5)(ii)(C)","164.312(a)(2)(i)","164.312(b)","164.312(d)","164.312(e)"],"https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu":["SR 1.1","SR 1.13","SR 1.2","SR 1.3","SR 1.4","SR 1.5","SR 1.7","SR 1.8","SR 1.9","SR 2.1","SR 2.10","SR 2.11","SR 2.12","SR 2.6","SR 2.8","SR 2.9","SR 3.1","SR 3.5","SR 3.8","SR 4.1","SR 4.3","SR 5.1","SR 5.2","SR 5.3","SR 6.1","SR 6.2","SR 7.1","SR 7.6"],"https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat":["4.2.3.10","4.3.2.6.7","4.3.3.2.2","4.3.3.3.9","4.3.3.5.1","4.3.3.5.2","4.3.3.5.8","4.3.3.6.6","4.3.3.7.2","4.3.3.7.3","4.3.3.7.4","4.3.4.4.7","4.3.4.5.6","4.3.4.5.7","4.3.4.5.8","4.4.2.1","4.4.2.2","4.4.2.4"],"https://www.isaca.org/resources/cobit":["APO10.01","APO10.03","APO10.04","APO10.05","APO11.04","APO12.06","APO13.01","BAI03.05","BAI08.02","DSS01.03","DSS01.04","DSS02.02","DSS02.04","DSS02.07","DSS03.01","DSS03.05","DSS05.02","DSS05.03","DSS05.04","DSS05.05","DSS05.07","DSS06.03","MEA01.01","MEA01.02","MEA01.03","MEA01.04","MEA01.05","MEA02.01"],"ISO 27001-2013":["A.11.2.6","A.12.4.1","A.12.4.2","A.12.4.3","A.12.4.4","A.12.7.1","A.13.1.1","A.13.2.1","A.14.1.3","A.14.2.7","A.15.2.1","A.15.2.2","A.16.1.4","A.16.1.5","A.16.1.7","A.6.1.2","A.6.2.1","A.6.2.2","A.7.1.1","A.9.1.2","A.9.2.1","A.9.2.2","A.9.2.3","A.9.2.4","A.9.2.6","A.9.3.1","A.9.4.1","A.9.4.2","A.9.4.3","A.9.4.4","A.9.4.5"],"https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx":["CIP-004-6 R2.2.2","CIP-004-6 R2.2.3","CIP-007-3 R.1.3","CIP-007-3 R5","CIP-007-3 R5.1.1","CIP-007-3 R5.1.3","CIP-007-3 R5.2.1","CIP-007-3 R5.2.3"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"],"PCI-DSS Requirement":["Req-10.2.5"]}'><td style="padding-left: 76px"><a href="#rule-detail-id34412" onclick="return openRuleDetailsDialog('id34412')">Record Events that Modify User/Group Information - /etc/shadow</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_configure_auditd_data_retention" class="rule-overview-inner-node rule-overview-inner-node-id-xccdf_org.ssgproject.content_group_configure_auditd_data_retention" data-tt-parent-id="xccdf_org.ssgproject.content_group_auditing"><td colspan="3" style="padding-left: 57px">Configure auditd Data Retention<script>$(document).ready(function(){$('.treetable').treetable("collapseNode","xccdf_org.ssgproject.content_group_configure_auditd_data_retention");});</script></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_auditd_audispd_encrypt_sent_records" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_auditd_audispd_encrypt_sent_records" id="rule-overview-leaf-id34413" data-tt-parent-id="xccdf_org.ssgproject.content_group_configure_auditd_data_retention" data-references='{"NIST SP 800-53":["AU-9(3)","CM-6(a)"],"https://public.cyber.mil/stigs/cci/":["CCI-001851"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000342-GPOS-00133","SRG-OS-000479-GPOS-00224"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux":["SLES-15-030680"],"https://public.cyber.mil/stigs/srg-stig-tools/":["SV-234967r622137_rule"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"]}'><td style="padding-left: 76px"><a href="#rule-detail-id34413" onclick="return openRuleDetailsDialog('id34413')">Encrypt Audit Records Sent With audispd Plugin</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_auditd_data_disk_full_action" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_auditd_data_disk_full_action" id="rule-overview-leaf-id34414" data-tt-parent-id="xccdf_org.ssgproject.content_group_configure_auditd_data_retention" data-references='{"NIST SP 800-53":["AU-5(b)","AU-5(2)","AU-5(1)","AU-5(4)","CM-6(a)"],"https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf":["DE.AE-3","DE.AE-5","PR.DS-4","PR.PT-1","RS.AN-1","RS.AN-4"],"https://public.cyber.mil/stigs/cci/":["CCI-000140"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000047-GPOS-00023"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux":["SLES-15-030590"],"https://public.cyber.mil/stigs/srg-stig-tools/":["SV-234958r622137_rule"],"https://www.cisecurity.org/controls/":["1","11","12","13","14","15","16","19","2","3","4","5","6","7","8"],"https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu":["SR 2.10","SR 2.11","SR 2.12","SR 2.8","SR 2.9","SR 6.1","SR 7.1","SR 7.2"],"https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat":["4.2.3.10","4.3.3.3.9","4.3.3.5.8","4.3.4.4.7","4.3.4.5.6","4.3.4.5.7","4.3.4.5.8","4.4.2.1","4.4.2.2","4.4.2.4"],"https://www.isaca.org/resources/cobit":["APO11.04","APO12.06","APO13.01","BAI03.05","BAI04.04","BAI08.02","DSS02.02","DSS02.04","DSS02.07","DSS03.01","DSS05.04","DSS05.07","MEA02.01"],"ISO 27001-2013":["A.12.1.3","A.12.4.1","A.12.4.2","A.12.4.3","A.12.4.4","A.12.7.1","A.16.1.4","A.16.1.5","A.16.1.7","A.17.2.1"]}'><td style="padding-left: 76px"><a href="#rule-detail-id34414" onclick="return openRuleDetailsDialog('id34414')">Configure auditd Disk Full Action when Disk Space Is Full</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_auditd_data_retention_admin_space_left_action" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_auditd_data_retention_admin_space_left_action" id="rule-overview-leaf-id34415" data-tt-parent-id="xccdf_org.ssgproject.content_group_configure_auditd_data_retention" data-references='{"NIST SP 800-171":["3.3.1"],"NIST SP 800-53":["AU-5(b)","AU-5(2)","AU-5(1)","AU-5(4)","CM-6(a)"],"https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf":["10.5.1"],"https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf":["DE.AE-3","DE.AE-5","PR.DS-4","PR.PT-1","RS.AN-1","RS.AN-4"],"https://public.cyber.mil/stigs/cci/":["CCI-000140","CCI-001343","CCI-001855"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000343-GPOS-00134"],"https://www.cisecurity.org/benchmark/suse_linux/":["4.1.2.3"],"https://www.cisecurity.org/controls/":["1","11","12","13","14","15","16","19","2","3","4","5","6","7","8"],"FBI CJIS":["5.4.1.1"],"HIPAA":["164.312(a)(2)(ii)"],"https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu":["SR 2.10","SR 2.11","SR 2.12","SR 2.8","SR 2.9","SR 6.1","SR 7.1","SR 7.2"],"https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat":["4.2.3.10","4.3.3.3.9","4.3.3.5.8","4.3.4.4.7","4.3.4.5.6","4.3.4.5.7","4.3.4.5.8","4.4.2.1","4.4.2.2","4.4.2.4"],"https://www.isaca.org/resources/cobit":["APO11.04","APO12.06","APO13.01","BAI03.05","BAI04.04","BAI08.02","DSS02.02","DSS02.04","DSS02.07","DSS03.01","DSS05.04","DSS05.07","MEA02.01"],"ISO 27001-2013":["A.12.1.3","A.12.4.1","A.12.4.2","A.12.4.3","A.12.4.4","A.12.7.1","A.16.1.4","A.16.1.5","A.16.1.7","A.17.2.1"],"PCI-DSS Requirement":["Req-10.7"]}'><td style="padding-left: 76px"><a href="#rule-detail-id34415" onclick="return openRuleDetailsDialog('id34415')">Configure auditd admin_space_left Action on Low Disk Space</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_auditd_data_retention_max_log_file_action" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_auditd_data_retention_max_log_file_action" id="rule-overview-leaf-id34416" data-tt-parent-id="xccdf_org.ssgproject.content_group_configure_auditd_data_retention" data-references='{"NIST SP 800-53":["AU-5(b)","AU-5(2)","AU-5(1)","AU-5(4)","CM-6(a)"],"https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf":["10.5.1"],"https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf":["DE.AE-3","DE.AE-5","PR.DS-4","PR.PT-1","RS.AN-1","RS.AN-4"],"https://public.cyber.mil/stigs/cci/":["CCI-000140"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000047-GPOS-00023"],"https://www.cisecurity.org/benchmark/suse_linux/":["4.1.2.2"],"https://www.cisecurity.org/controls/":["1","11","12","13","14","15","16","19","2","3","4","5","6","7","8"],"FBI CJIS":["5.4.1.1"],"HIPAA":["164.312(a)(2)(ii)"],"https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu":["SR 2.10","SR 2.11","SR 2.12","SR 2.8","SR 2.9","SR 6.1","SR 7.1","SR 7.2"],"https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat":["4.2.3.10","4.3.3.3.9","4.3.3.5.8","4.3.4.4.7","4.3.4.5.6","4.3.4.5.7","4.3.4.5.8","4.4.2.1","4.4.2.2","4.4.2.4"],"https://www.isaca.org/resources/cobit":["APO11.04","APO12.06","APO13.01","BAI03.05","BAI04.04","BAI08.02","DSS02.02","DSS02.04","DSS02.07","DSS03.01","DSS05.04","DSS05.07","MEA02.01"],"ISO 27001-2013":["A.12.1.3","A.12.4.1","A.12.4.2","A.12.4.3","A.12.4.4","A.12.7.1","A.16.1.4","A.16.1.5","A.16.1.7","A.17.2.1"],"PCI-DSS Requirement":["Req-10.7"]}'><td style="padding-left: 76px"><a href="#rule-detail-id34416" onclick="return openRuleDetailsDialog('id34416')">Configure auditd max_log_file_action Upon Reaching Maximum Log Size</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_auditd_data_retention_space_left" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_auditd_data_retention_space_left" id="rule-overview-leaf-id34417" data-tt-parent-id="xccdf_org.ssgproject.content_group_configure_auditd_data_retention" data-references='{"NIST SP 800-53":["AU-5(b)","AU-5(2)","AU-5(1)","AU-5(4)","CM-6(a)"],"https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf":["10.5.1"],"https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf":["DE.AE-3","DE.AE-5","PR.DS-4","PR.PT-1","RS.AN-1","RS.AN-4"],"https://public.cyber.mil/stigs/cci/":["CCI-001855"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000343-GPOS-00134"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux":["SLES-15-030700"],"https://public.cyber.mil/stigs/srg-stig-tools/":["SV-234969r622137_rule"],"https://www.cisecurity.org/controls/":["1","11","12","13","14","15","16","19","2","3","4","5","6","7","8"],"https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu":["SR 2.10","SR 2.11","SR 2.12","SR 2.8","SR 2.9","SR 6.1","SR 7.1","SR 7.2"],"https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat":["4.2.3.10","4.3.3.3.9","4.3.3.5.8","4.3.4.4.7","4.3.4.5.6","4.3.4.5.7","4.3.4.5.8","4.4.2.1","4.4.2.2","4.4.2.4"],"https://www.isaca.org/resources/cobit":["APO11.04","APO12.06","APO13.01","BAI03.05","BAI04.04","BAI08.02","DSS02.02","DSS02.04","DSS02.07","DSS03.01","DSS05.04","DSS05.07","MEA02.01"],"ISO 27001-2013":["A.12.1.3","A.12.4.1","A.12.4.2","A.12.4.3","A.12.4.4","A.12.7.1","A.16.1.4","A.16.1.5","A.16.1.7","A.17.2.1"],"PCI-DSS Requirement":["Req-10.7"]}'><td style="padding-left: 76px"><a href="#rule-detail-id34417" onclick="return openRuleDetailsDialog('id34417')">Configure auditd space_left on Low Disk Space</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_auditd_data_retention_space_left_action" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_auditd_data_retention_space_left_action" id="rule-overview-leaf-id34418" data-tt-parent-id="xccdf_org.ssgproject.content_group_configure_auditd_data_retention" data-references='{"NIST SP 800-171":["3.3.1"],"NIST SP 800-53":["AU-5(b)","AU-5(2)","AU-5(1)","AU-5(4)","CM-6(a)"],"https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf":["10.5.1"],"https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf":["DE.AE-3","DE.AE-5","PR.DS-4","PR.PT-1","RS.AN-1","RS.AN-4"],"https://public.cyber.mil/stigs/cci/":["CCI-001855"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000343-GPOS-00134"],"https://www.cisecurity.org/benchmark/suse_linux/":["4.1.2.3"],"https://www.cisecurity.org/controls/":["1","11","12","13","14","15","16","19","2","3","4","5","6","7","8"],"FBI CJIS":["5.4.1.1"],"HIPAA":["164.312(a)(2)(ii)"],"https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu":["SR 2.10","SR 2.11","SR 2.12","SR 2.8","SR 2.9","SR 6.1","SR 7.1","SR 7.2"],"https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat":["4.2.3.10","4.3.3.3.9","4.3.3.5.8","4.3.4.4.7","4.3.4.5.6","4.3.4.5.7","4.3.4.5.8","4.4.2.1","4.4.2.2","4.4.2.4"],"https://www.isaca.org/resources/cobit":["APO11.04","APO12.06","APO13.01","BAI03.05","BAI04.04","BAI08.02","DSS02.02","DSS02.04","DSS02.07","DSS03.01","DSS05.04","DSS05.07","MEA02.01"],"ISO 27001-2013":["A.12.1.3","A.12.4.1","A.12.4.2","A.12.4.3","A.12.4.4","A.12.7.1","A.16.1.4","A.16.1.5","A.16.1.7","A.17.2.1"],"PCI-DSS Requirement":["Req-10.7"]}'><td style="padding-left: 76px"><a href="#rule-detail-id34418" onclick="return openRuleDetailsDialog('id34418')">Configure auditd space_left Action on Low Disk Space</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_logging" class="rule-overview-inner-node rule-overview-inner-node-id-xccdf_org.ssgproject.content_group_logging" data-tt-parent-id="xccdf_org.ssgproject.content_group_system"><td colspan="3" style="padding-left: 38px">Configure Syslog<script>$(document).ready(function(){$('.treetable').treetable("collapseNode","xccdf_org.ssgproject.content_group_logging");});</script></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_journald" class="rule-overview-inner-node rule-overview-inner-node-id-xccdf_org.ssgproject.content_group_journald" data-tt-parent-id="xccdf_org.ssgproject.content_group_logging"><td colspan="3" style="padding-left: 57px">systemd-journald<script>$(document).ready(function(){$('.treetable').treetable("collapseNode","xccdf_org.ssgproject.content_group_journald");});</script></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_journald_compress" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_journald_compress" id="rule-overview-leaf-id34419" data-tt-parent-id="xccdf_org.ssgproject.content_group_journald" data-references='{"https://www.cisecurity.org/benchmark/suse_linux/":["4.2.2.2"]}'><td style="padding-left: 76px"><a href="#rule-detail-id34419" onclick="return openRuleDetailsDialog('id34419')">Ensure journald is configured to compress large log files</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_journald_storage" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_journald_storage" id="rule-overview-leaf-id34420" data-tt-parent-id="xccdf_org.ssgproject.content_group_journald" data-references='{"https://www.cisecurity.org/benchmark/suse_linux/":["4.2.2.3"]}'><td style="padding-left: 76px"><a href="#rule-detail-id34420" onclick="return openRuleDetailsDialog('id34420')">Ensure journald is configured to write log files to persistent disk</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_network" class="rule-overview-inner-node rule-overview-inner-node-id-xccdf_org.ssgproject.content_group_network" data-tt-parent-id="xccdf_org.ssgproject.content_group_system"><td colspan="3" style="padding-left: 38px">Network Configuration and Firewalls<script>$(document).ready(function(){$('.treetable').treetable("collapseNode","xccdf_org.ssgproject.content_group_network");});</script></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_network-uncommon" class="rule-overview-inner-node rule-overview-inner-node-id-xccdf_org.ssgproject.content_group_network-uncommon" data-tt-parent-id="xccdf_org.ssgproject.content_group_network"><td colspan="3" style="padding-left: 57px">Uncommon Network Protocols<script>$(document).ready(function(){$('.treetable').treetable("collapseNode","xccdf_org.ssgproject.content_group_network-uncommon");});</script></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_kernel_module_dccp_disabled" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_kernel_module_dccp_disabled" id="rule-overview-leaf-id34421" data-tt-parent-id="xccdf_org.ssgproject.content_group_network-uncommon" data-references='{"NIST SP 800-171":["3.4.6"],"NIST SP 800-53":["CM-7(a)","CM-7(b)","CM-6(a)"],"https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf":["1.4.2"],"https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf":["PR.IP-1","PR.PT-3"],"https://public.cyber.mil/stigs/cci/":["CCI-001958"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000096-GPOS-00050","SRG-OS-000378-GPOS-00163"],"https://www.cisecurity.org/benchmark/suse_linux/":["3.4.1"],"https://www.cisecurity.org/controls/":["11","14","3","9"],"FBI CJIS":["5.10.1"],"https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu":["SR 1.1","SR 1.10","SR 1.11","SR 1.12","SR 1.13","SR 1.2","SR 1.3","SR 1.4","SR 1.5","SR 1.6","SR 1.7","SR 1.8","SR 1.9","SR 2.1","SR 2.2","SR 2.3","SR 2.4","SR 2.5","SR 2.6","SR 2.7","SR 7.6"],"https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat":["4.3.3.5.1","4.3.3.5.2","4.3.3.5.3","4.3.3.5.4","4.3.3.5.5","4.3.3.5.6","4.3.3.5.7","4.3.3.5.8","4.3.3.6.1","4.3.3.6.2","4.3.3.6.3","4.3.3.6.4","4.3.3.6.5","4.3.3.6.6","4.3.3.6.7","4.3.3.6.8","4.3.3.6.9","4.3.3.7.1","4.3.3.7.2","4.3.3.7.3","4.3.3.7.4","4.3.4.3.2","4.3.4.3.3"],"https://www.isaca.org/resources/cobit":["BAI10.01","BAI10.02","BAI10.03","BAI10.05","DSS05.02","DSS05.05","DSS06.06"],"ISO 27001-2013":["A.12.1.2","A.12.5.1","A.12.6.2","A.14.2.2","A.14.2.3","A.14.2.4","A.9.1.2"],"PCI-DSS Requirement":["Req-1.4.2"]}'><td style="padding-left: 76px"><a href="#rule-detail-id34421" onclick="return openRuleDetailsDialog('id34421')">Disable DCCP Support</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_kernel_module_sctp_disabled" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_kernel_module_sctp_disabled" id="rule-overview-leaf-id34422" data-tt-parent-id="xccdf_org.ssgproject.content_group_network-uncommon" data-references='{"NIST SP 800-171":["3.4.6"],"NIST SP 800-53":["CM-7(a)","CM-7(b)","CM-6(a)"],"https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf":["1.4.2"],"https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf":["PR.IP-1","PR.PT-3"],"https://public.cyber.mil/stigs/cci/":["CCI-000381","CCI-000366"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000095-GPOS-00049","SRG-OS-000480-GPOS-00227"],"https://www.cisecurity.org/benchmark/suse_linux/":["3.4.2"],"https://www.cisecurity.org/controls/":["11","14","3","9"],"FBI CJIS":["5.10.1"],"https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu":["SR 1.1","SR 1.10","SR 1.11","SR 1.12","SR 1.13","SR 1.2","SR 1.3","SR 1.4","SR 1.5","SR 1.6","SR 1.7","SR 1.8","SR 1.9","SR 2.1","SR 2.2","SR 2.3","SR 2.4","SR 2.5","SR 2.6","SR 2.7","SR 7.6"],"https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat":["4.3.3.5.1","4.3.3.5.2","4.3.3.5.3","4.3.3.5.4","4.3.3.5.5","4.3.3.5.6","4.3.3.5.7","4.3.3.5.8","4.3.3.6.1","4.3.3.6.2","4.3.3.6.3","4.3.3.6.4","4.3.3.6.5","4.3.3.6.6","4.3.3.6.7","4.3.3.6.8","4.3.3.6.9","4.3.3.7.1","4.3.3.7.2","4.3.3.7.3","4.3.3.7.4","4.3.4.3.2","4.3.4.3.3"],"https://www.isaca.org/resources/cobit":["BAI10.01","BAI10.02","BAI10.03","BAI10.05","DSS05.02","DSS05.05","DSS06.06"],"ISO 27001-2013":["A.12.1.2","A.12.5.1","A.12.6.2","A.14.2.2","A.14.2.3","A.14.2.4","A.9.1.2"],"PCI-DSS Requirement":["Req-1.4.2"]}'><td style="padding-left: 76px"><a href="#rule-detail-id34422" onclick="return openRuleDetailsDialog('id34422')">Disable SCTP Support</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_permissions" class="rule-overview-inner-node rule-overview-inner-node-id-xccdf_org.ssgproject.content_group_permissions" data-tt-parent-id="xccdf_org.ssgproject.content_group_system"><td colspan="3" style="padding-left: 38px">File Permissions and Masks<script>$(document).ready(function(){$('.treetable').treetable("collapseNode","xccdf_org.ssgproject.content_group_permissions");});</script></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_files" class="rule-overview-inner-node rule-overview-inner-node-id-xccdf_org.ssgproject.content_group_files" data-tt-parent-id="xccdf_org.ssgproject.content_group_permissions"><td colspan="3" style="padding-left: 57px">Verify Permissions on Important Files and
>Directories<script>$(document).ready(function(){$('.treetable').treetable("collapseNode","xccdf_org.ssgproject.content_group_files");});</script></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_permissions_important_account_files" class="rule-overview-inner-node rule-overview-inner-node-id-xccdf_org.ssgproject.content_group_permissions_important_account_files" data-tt-parent-id="xccdf_org.ssgproject.content_group_files"><td colspan="3" style="padding-left: 76px">Verify Permissions on Files with Local Account Information and Credentials<script>$(document).ready(function(){$('.treetable').treetable("collapseNode","xccdf_org.ssgproject.content_group_permissions_important_account_files");});</script></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_file_etc_security_opasswd" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_file_etc_security_opasswd" id="rule-overview-leaf-id34423" data-tt-parent-id="xccdf_org.ssgproject.content_group_permissions_important_account_files" data-references='{"https://public.cyber.mil/stigs/cci/":["CCI-000200"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000077-GPOS-00045"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux":["SLES-15-020240"],"https://public.cyber.mil/stigs/srg-stig-tools/":["SV-234893r622137_rule"]}'><td style="padding-left: 95px"><a href="#rule-detail-id34423" onclick="return openRuleDetailsDialog('id34423')">Verify Permissions and Ownership of Old Passwords File</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_file_permissions_etc_shadow" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_file_permissions_etc_shadow" id="rule-overview-leaf-id34424" data-tt-parent-id="xccdf_org.ssgproject.content_group_permissions_important_account_files" data-references='{"NIST SP 800-53":["CM-6(a)","AC-6(1)"],"ANSSI":["BP28(R36)"],"https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf":["7.2.6"],"https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf":["PR.AC-4","PR.DS-5"],"https://public.cyber.mil/stigs/cci/":["CCI-002223"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000480-GPOS-00227"],"https://www.cisecurity.org/benchmark/suse_linux/":["6.1.3"],"https://www.cisecurity.org/controls/":["12","13","14","15","16","18","3","5"],"FBI CJIS":["5.5.2.2"],"https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu":["SR 2.1","SR 5.2"],"https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat":["4.3.3.7.3"],"https://www.isaca.org/resources/cobit":["APO01.06","DSS05.04","DSS05.07","DSS06.02"],"ISO 27001-2013":["A.10.1.1","A.11.1.4","A.11.1.5","A.11.2.1","A.13.1.1","A.13.1.3","A.13.2.1","A.13.2.3","A.13.2.4","A.14.1.2","A.14.1.3","A.6.1.2","A.7.1.1","A.7.1.2","A.7.3.1","A.8.2.2","A.8.2.3","A.9.1.1","A.9.1.2","A.9.2.3","A.9.4.1","A.9.4.4","A.9.4.5"],"https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx":["CIP-003-8 R5.1.1","CIP-003-8 R5.3","CIP-004-6 R2.3","CIP-007-3 R2.1","CIP-007-3 R2.2","CIP-007-3 R2.3","CIP-007-3 R5.1","CIP-007-3 R5.1.1","CIP-007-3 R5.1.2"],"PCI-DSS Requirement":["Req-8.7.c"]}'><td style="padding-left: 95px"><a href="#rule-detail-id34424" onclick="return openRuleDetailsDialog('id34424')">Verify Permissions on shadow File</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_permissions_within_important_dirs" class="rule-overview-inner-node rule-overview-inner-node-id-xccdf_org.ssgproject.content_group_permissions_within_important_dirs" data-tt-parent-id="xccdf_org.ssgproject.content_group_files"><td colspan="3" style="padding-left: 76px">Verify File Permissions Within Some Important Directories<script>$(document).ready(function(){$('.treetable').treetable("collapseNode","xccdf_org.ssgproject.content_group_permissions_within_important_dirs");});</script></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_file_groupownership_system_commands_dirs" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_file_groupownership_system_commands_dirs" id="rule-overview-leaf-id34425" data-tt-parent-id="xccdf_org.ssgproject.content_group_permissions_within_important_dirs" data-references='{"NIST SP 800-53":["CM-5(6)","CM-5(6).1"],"https://public.cyber.mil/stigs/cci/":["CCI-001499"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000259-GPOS-00100"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux":["SLES-15-010361"],"https://public.cyber.mil/stigs/srg-stig-tools/":["SV-234844r622137_rule"]}'><td style="padding-left: 95px"><a href="#rule-detail-id34425" onclick="return openRuleDetailsDialog('id34425')">Verify that system commands files are group owned by root or a system account</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_mounting" class="rule-overview-inner-node rule-overview-inner-node-id-xccdf_org.ssgproject.content_group_mounting" data-tt-parent-id="xccdf_org.ssgproject.content_group_permissions"><td colspan="3" style="padding-left: 57px">Restrict Dynamic Mounting and Unmounting of
>Filesystems<script>$(document).ready(function(){$('.treetable').treetable("collapseNode","xccdf_org.ssgproject.content_group_mounting");});</script></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_kernel_module_squashfs_disabled" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_kernel_module_squashfs_disabled" id="rule-overview-leaf-id34426" data-tt-parent-id="xccdf_org.ssgproject.content_group_mounting" data-references='{"NIST SP 800-171":["3.4.6"],"NIST SP 800-53":["CM-7(a)","CM-7(b)","CM-6(a)"],"https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf":["PR.IP-1","PR.PT-3"],"https://www.cisecurity.org/benchmark/suse_linux/":["1.1.1.1"],"https://www.cisecurity.org/controls/":["11","14","3","9"],"https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu":["SR 1.1","SR 1.10","SR 1.11","SR 1.12","SR 1.13","SR 1.2","SR 1.3","SR 1.4","SR 1.5","SR 1.6","SR 1.7","SR 1.8","SR 1.9","SR 2.1","SR 2.2","SR 2.3","SR 2.4","SR 2.5","SR 2.6","SR 2.7","SR 7.6"],"https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat":["4.3.3.5.1","4.3.3.5.2","4.3.3.5.3","4.3.3.5.4","4.3.3.5.5","4.3.3.5.6","4.3.3.5.7","4.3.3.5.8","4.3.3.6.1","4.3.3.6.2","4.3.3.6.3","4.3.3.6.4","4.3.3.6.5","4.3.3.6.6","4.3.3.6.7","4.3.3.6.8","4.3.3.6.9","4.3.3.7.1","4.3.3.7.2","4.3.3.7.3","4.3.3.7.4","4.3.4.3.2","4.3.4.3.3"],"https://www.isaca.org/resources/cobit":["BAI10.01","BAI10.02","BAI10.03","BAI10.05","DSS05.02","DSS05.05","DSS06.06"],"ISO 27001-2013":["A.12.1.2","A.12.5.1","A.12.6.2","A.14.2.2","A.14.2.3","A.14.2.4","A.9.1.2"]}'><td style="padding-left: 76px"><a href="#rule-detail-id34426" onclick="return openRuleDetailsDialog('id34426')">Disable Mounting of squashfs</a></td><td class="rule-severity" style="text-align: center">low</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_kernel_module_udf_disabled" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_kernel_module_udf_disabled" id="rule-overview-leaf-id34427" data-tt-parent-id="xccdf_org.ssgproject.content_group_mounting" data-references='{"NIST SP 800-171":["3.4.6"],"NIST SP 800-53":["CM-7(a)","CM-7(b)","CM-6(a)"],"https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf":["PR.IP-1","PR.PT-3"],"https://www.cisecurity.org/benchmark/suse_linux/":["1.1.1.2"],"https://www.cisecurity.org/controls/":["11","14","3","9"],"https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu":["SR 1.1","SR 1.10","SR 1.11","SR 1.12","SR 1.13","SR 1.2","SR 1.3","SR 1.4","SR 1.5","SR 1.6","SR 1.7","SR 1.8","SR 1.9","SR 2.1","SR 2.2","SR 2.3","SR 2.4","SR 2.5","SR 2.6","SR 2.7","SR 7.6"],"https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat":["4.3.3.5.1","4.3.3.5.2","4.3.3.5.3","4.3.3.5.4","4.3.3.5.5","4.3.3.5.6","4.3.3.5.7","4.3.3.5.8","4.3.3.6.1","4.3.3.6.2","4.3.3.6.3","4.3.3.6.4","4.3.3.6.5","4.3.3.6.6","4.3.3.6.7","4.3.3.6.8","4.3.3.6.9","4.3.3.7.1","4.3.3.7.2","4.3.3.7.3","4.3.3.7.4","4.3.4.3.2","4.3.4.3.3"],"https://www.isaca.org/resources/cobit":["BAI10.01","BAI10.02","BAI10.03","BAI10.05","DSS05.02","DSS05.05","DSS06.06"],"ISO 27001-2013":["A.12.1.2","A.12.5.1","A.12.6.2","A.14.2.2","A.14.2.3","A.14.2.4","A.9.1.2"]}'><td style="padding-left: 76px"><a href="#rule-detail-id34427" onclick="return openRuleDetailsDialog('id34427')">Disable Mounting of udf</a></td><td class="rule-severity" style="text-align: center">low</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_kernel_module_usb-storage_disabled" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_kernel_module_usb-storage_disabled" id="rule-overview-leaf-id34428" data-tt-parent-id="xccdf_org.ssgproject.content_group_mounting" data-references='{"NIST SP 800-171":["3.1.21"],"NIST SP 800-53":["CM-7(a)","CM-7(b)","CM-6(a)","MP-7"],"https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf":["PR.AC-1","PR.AC-3","PR.AC-6","PR.AC-7"],"https://public.cyber.mil/stigs/cci/":["CCI-000366","CCI-000778","CCI-001958"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000114-GPOS-00059","SRG-OS-000378-GPOS-00163","SRG-OS-000480-GPOS-00227"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux":["SLES-15-010480"],"https://public.cyber.mil/stigs/srg-stig-tools/":["SV-234856r622137_rule"],"https://www.cisecurity.org/benchmark/suse_linux/":["1.1.23"],"https://www.cisecurity.org/controls/":["1","12","15","16","5"],"HIPAA":["164.308(a)(3)(i)","164.308(a)(3)(ii)(A)","164.310(d)(1)","164.310(d)(2)","164.312(a)(1)","164.312(a)(2)(iv)","164.312(b)"],"https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu":["SR 1.1","SR 1.10","SR 1.13","SR 1.2","SR 1.3","SR 1.4","SR 1.5","SR 1.7","SR 1.8","SR 1.9","SR 2.1","SR 2.6"],"https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat":["4.3.3.2.2","4.3.3.5.1","4.3.3.5.2","4.3.3.6.1","4.3.3.6.2","4.3.3.6.3","4.3.3.6.4","4.3.3.6.5","4.3.3.6.6","4.3.3.6.7","4.3.3.6.8","4.3.3.6.9","4.3.3.7.2","4.3.3.7.4"],"https://www.isaca.org/resources/cobit":["APO13.01","DSS01.04","DSS05.03","DSS05.04","DSS05.05","DSS05.07","DSS05.10","DSS06.03","DSS06.10"],"ISO 27001-2013":["A.11.2.6","A.13.1.1","A.13.2.1","A.18.1.4","A.6.2.1","A.6.2.2","A.7.1.1","A.9.2.1","A.9.2.2","A.9.2.3","A.9.2.4","A.9.2.6","A.9.3.1","A.9.4.2","A.9.4.3"]}'><td style="padding-left: 76px"><a href="#rule-detail-id34428" onclick="return openRuleDetailsDialog('id34428')">Disable Modprobe Loading of USB Storage Driver</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_restrictions" class="rule-overview-inner-node rule-overview-inner-node-id-xccdf_org.ssgproject.content_group_restrictions" data-tt-parent-id="xccdf_org.ssgproject.content_group_permissions"><td colspan="3" style="padding-left: 57px">Restrict Programs from Dangerous Execution Patterns<script>$(document).ready(function(){$('.treetable').treetable("collapseNode","xccdf_org.ssgproject.content_group_restrictions");});</script></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_coredumps" class="rule-overview-inner-node rule-overview-inner-node-id-xccdf_org.ssgproject.content_group_coredumps" data-tt-parent-id="xccdf_org.ssgproject.content_group_restrictions"><td colspan="3" style="padding-left: 76px">Disable Core Dumps<script>$(document).ready(function(){$('.treetable').treetable("collapseNode","xccdf_org.ssgproject.content_group_coredumps");});</script></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_disable_users_coredumps" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_disable_users_coredumps" id="rule-overview-leaf-id34429" data-tt-parent-id="xccdf_org.ssgproject.content_group_coredumps" data-references='{"NIST SP 800-53":["CM-6","SC-7(10)"],"https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf":["3.3.1.1","3.3.1.2","3.3.1.3"],"https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf":["DE.CM-1","PR.DS-4"],"https://public.cyber.mil/stigs/cci/":["CCI-000366"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000480-GPOS-00227"],"https://www.cisecurity.org/benchmark/suse_linux/":["1.6.1"],"https://www.cisecurity.org/controls/":["1","12","13","15","16","2","7","8"],"https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu":["SR 6.2","SR 7.1","SR 7.2"],"https://www.isaca.org/resources/cobit":["APO13.01","BAI04.04","DSS01.03","DSS03.05","DSS05.07"],"ISO 27001-2013":["A.12.1.3","A.17.2.1"]}'><td style="padding-left: 95px"><a href="#rule-detail-id34429" onclick="return openRuleDetailsDialog('id34429')">Disable Core Dumps for All Users</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_services" class="rule-overview-inner-node rule-overview-inner-node-id-xccdf_org.ssgproject.content_group_services" data-tt-parent-id="xccdf_org.ssgproject.content_benchmark_SLE-15"><td colspan="3" style="padding-left: 19px"><strong>Services</strong>Â <span class="badge">2x fail</span></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_cron_and_at" class="rule-overview-inner-node rule-overview-inner-node-id-xccdf_org.ssgproject.content_group_cron_and_at" data-tt-parent-id="xccdf_org.ssgproject.content_group_services"><td colspan="3" style="padding-left: 38px">Cron and At Daemons<script>$(document).ready(function(){$('.treetable').treetable("collapseNode","xccdf_org.ssgproject.content_group_cron_and_at");});</script></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_file_permissions_cron_d" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_file_permissions_cron_d" id="rule-overview-leaf-id34430" data-tt-parent-id="xccdf_org.ssgproject.content_group_cron_and_at" data-references='{"NIST SP 800-53":["CM-6(a)","AC-6(1)"],"https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf":["2.2.6"],"https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf":["PR.AC-4","PR.DS-5"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000480-GPOS-00227"],"https://www.cisecurity.org/benchmark/suse_linux/":["5.1.7"],"https://www.cisecurity.org/controls/":["12","13","14","15","16","18","3","5"],"https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu":["SR 2.1","SR 5.2"],"https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat":["4.3.3.7.3"],"https://www.isaca.org/resources/cobit":["APO01.06","DSS05.04","DSS05.07","DSS06.02"],"ISO 27001-2013":["A.10.1.1","A.11.1.4","A.11.1.5","A.11.2.1","A.13.1.1","A.13.1.3","A.13.2.1","A.13.2.3","A.13.2.4","A.14.1.2","A.14.1.3","A.6.1.2","A.7.1.1","A.7.1.2","A.7.3.1","A.8.2.2","A.8.2.3","A.9.1.1","A.9.1.2","A.9.2.3","A.9.4.1","A.9.4.4","A.9.4.5"]}'><td style="padding-left: 57px"><a href="#rule-detail-id34430" onclick="return openRuleDetailsDialog('id34430')">Verify Permissions on cron.d</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_file_permissions_cron_daily" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_file_permissions_cron_daily" id="rule-overview-leaf-id34431" data-tt-parent-id="xccdf_org.ssgproject.content_group_cron_and_at" data-references='{"NIST SP 800-53":["CM-6(a)","AC-6(1)"],"https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf":["2.2.6"],"https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf":["PR.AC-4","PR.DS-5"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000480-GPOS-00227"],"https://www.cisecurity.org/benchmark/suse_linux/":["5.1.4"],"https://www.cisecurity.org/controls/":["12","13","14","15","16","18","3","5"],"https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu":["SR 2.1","SR 5.2"],"https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat":["4.3.3.7.3"],"https://www.isaca.org/resources/cobit":["APO01.06","DSS05.04","DSS05.07","DSS06.02"],"ISO 27001-2013":["A.10.1.1","A.11.1.4","A.11.1.5","A.11.2.1","A.13.1.1","A.13.1.3","A.13.2.1","A.13.2.3","A.13.2.4","A.14.1.2","A.14.1.3","A.6.1.2","A.7.1.1","A.7.1.2","A.7.3.1","A.8.2.2","A.8.2.3","A.9.1.1","A.9.1.2","A.9.2.3","A.9.4.1","A.9.4.4","A.9.4.5"]}'><td style="padding-left: 57px"><a href="#rule-detail-id34431" onclick="return openRuleDetailsDialog('id34431')">Verify Permissions on cron.daily</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_file_permissions_cron_hourly" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_file_permissions_cron_hourly" id="rule-overview-leaf-id34432" data-tt-parent-id="xccdf_org.ssgproject.content_group_cron_and_at" data-references='{"NIST SP 800-53":["CM-6(a)","AC-6(1)"],"https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf":["2.2.6"],"https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf":["PR.AC-4","PR.DS-5"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000480-GPOS-00227"],"https://www.cisecurity.org/benchmark/suse_linux/":["5.1.3"],"https://www.cisecurity.org/controls/":["12","13","14","15","16","18","3","5"],"https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu":["SR 2.1","SR 5.2"],"https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat":["4.3.3.7.3"],"https://www.isaca.org/resources/cobit":["APO01.06","DSS05.04","DSS05.07","DSS06.02"],"ISO 27001-2013":["A.10.1.1","A.11.1.4","A.11.1.5","A.11.2.1","A.13.1.1","A.13.1.3","A.13.2.1","A.13.2.3","A.13.2.4","A.14.1.2","A.14.1.3","A.6.1.2","A.7.1.1","A.7.1.2","A.7.3.1","A.8.2.2","A.8.2.3","A.9.1.1","A.9.1.2","A.9.2.3","A.9.4.1","A.9.4.4","A.9.4.5"]}'><td style="padding-left: 57px"><a href="#rule-detail-id34432" onclick="return openRuleDetailsDialog('id34432')">Verify Permissions on cron.hourly</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_file_permissions_cron_monthly" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_file_permissions_cron_monthly" id="rule-overview-leaf-id34433" data-tt-parent-id="xccdf_org.ssgproject.content_group_cron_and_at" data-references='{"NIST SP 800-53":["CM-6(a)","AC-6(1)"],"https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf":["2.2.6"],"https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf":["PR.AC-4","PR.DS-5"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000480-GPOS-00227"],"https://www.cisecurity.org/benchmark/suse_linux/":["5.1.6"],"https://www.cisecurity.org/controls/":["12","13","14","15","16","18","3","5"],"https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu":["SR 2.1","SR 5.2"],"https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat":["4.3.3.7.3"],"https://www.isaca.org/resources/cobit":["APO01.06","DSS05.04","DSS05.07","DSS06.02"],"ISO 27001-2013":["A.10.1.1","A.11.1.4","A.11.1.5","A.11.2.1","A.13.1.1","A.13.1.3","A.13.2.1","A.13.2.3","A.13.2.4","A.14.1.2","A.14.1.3","A.6.1.2","A.7.1.1","A.7.1.2","A.7.3.1","A.8.2.2","A.8.2.3","A.9.1.1","A.9.1.2","A.9.2.3","A.9.4.1","A.9.4.4","A.9.4.5"]}'><td style="padding-left: 57px"><a href="#rule-detail-id34433" onclick="return openRuleDetailsDialog('id34433')">Verify Permissions on cron.monthly</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_file_permissions_cron_weekly" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_file_permissions_cron_weekly" id="rule-overview-leaf-id34434" data-tt-parent-id="xccdf_org.ssgproject.content_group_cron_and_at" data-references='{"NIST SP 800-53":["CM-6(a)","AC-6(1)"],"https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf":["2.2.6"],"https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf":["PR.AC-4","PR.DS-5"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000480-GPOS-00227"],"https://www.cisecurity.org/benchmark/suse_linux/":["5.1.5"],"https://www.cisecurity.org/controls/":["12","13","14","15","16","18","3","5"],"https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu":["SR 2.1","SR 5.2"],"https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat":["4.3.3.7.3"],"https://www.isaca.org/resources/cobit":["APO01.06","DSS05.04","DSS05.07","DSS06.02"],"ISO 27001-2013":["A.10.1.1","A.11.1.4","A.11.1.5","A.11.2.1","A.13.1.1","A.13.1.3","A.13.2.1","A.13.2.3","A.13.2.4","A.14.1.2","A.14.1.3","A.6.1.2","A.7.1.1","A.7.1.2","A.7.3.1","A.8.2.2","A.8.2.3","A.9.1.1","A.9.1.2","A.9.2.3","A.9.4.1","A.9.4.4","A.9.4.5"]}'><td style="padding-left: 57px"><a href="#rule-detail-id34434" onclick="return openRuleDetailsDialog('id34434')">Verify Permissions on cron.weekly</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_ntp" class="rule-overview-inner-node rule-overview-inner-node-id-xccdf_org.ssgproject.content_group_ntp" data-tt-parent-id="xccdf_org.ssgproject.content_group_services"><td colspan="3" style="padding-left: 38px">Network Time Protocol<script>$(document).ready(function(){$('.treetable').treetable("collapseNode","xccdf_org.ssgproject.content_group_ntp");});</script></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_chronyd_run_as_chrony_user" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_chronyd_run_as_chrony_user" id="rule-overview-leaf-id34435" data-tt-parent-id="xccdf_org.ssgproject.content_group_ntp" data-references='{"https://www.cisecurity.org/benchmark/suse_linux/":["2.2.1.3"]}'><td style="padding-left: 57px"><a href="#rule-detail-id34435" onclick="return openRuleDetailsDialog('id34435')">Ensure that chronyd is running under chrony user account</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_ssh" class="rule-overview-inner-node rule-overview-inner-node-id-xccdf_org.ssgproject.content_group_ssh" data-tt-parent-id="xccdf_org.ssgproject.content_group_services"><td colspan="3" style="padding-left: 38px"><strong>SSH Server</strong>Â <span class="badge">2x fail</span></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_ssh_server" class="rule-overview-inner-node rule-overview-inner-node-id-xccdf_org.ssgproject.content_group_ssh_server" data-tt-parent-id="xccdf_org.ssgproject.content_group_ssh"><td colspan="3" style="padding-left: 57px"><strong>Configure OpenSSH Server if Necessary</strong>Â <span class="badge">2x fail</span></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_sshd_set_keepalive_0" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_sshd_set_keepalive_0" id="rule-overview-leaf-id34436" data-tt-parent-id="xccdf_org.ssgproject.content_group_ssh_server" data-references='{"NIST SP 800-171":["3.1.11"],"NIST SP 800-53":["AC-2(5)","AC-12","AC-17(a)","SC-10","CM-6(a)"],"https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf":["8.2.8"],"https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf":["DE.CM-1","DE.CM-3","PR.AC-1","PR.AC-4","PR.AC-6","PR.AC-7","PR.IP-2"],"https://public.cyber.mil/stigs/cci/":["CCI-000879","CCI-001133","CCI-002361"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000126-GPOS-00066","SRG-OS-000163-GPOS-00072","SRG-OS-000279-GPOS-00109"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux":["SLES-15-010320"],"https://public.cyber.mil/stigs/srg-stig-tools/":["SV-234830r622137_rule"],"https://www.cisecurity.org/controls/":["1","12","13","14","15","16","18","3","5","7","8"],"FBI CJIS":["5.5.6"],"HIPAA":["164.308(a)(4)(i)","164.308(b)(1)","164.308(b)(3)","164.310(b)","164.312(e)(1)","164.312(e)(2)(ii)"],"https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu":["SR 1.1","SR 1.10","SR 1.2","SR 1.3","SR 1.4","SR 1.5","SR 1.7","SR 1.8","SR 1.9","SR 2.1","SR 6.2"],"https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat":["4.3.3.2.2","4.3.3.5.1","4.3.3.5.2","4.3.3.6.1","4.3.3.6.2","4.3.3.6.3","4.3.3.6.4","4.3.3.6.5","4.3.3.6.6","4.3.3.6.7","4.3.3.6.8","4.3.3.6.9","4.3.3.7.2","4.3.3.7.3","4.3.3.7.4","4.3.4.3.3"],"https://www.isaca.org/resources/cobit":["APO13.01","BAI03.01","BAI03.02","BAI03.03","DSS01.03","DSS03.05","DSS05.04","DSS05.05","DSS05.07","DSS05.10","DSS06.03","DSS06.10"],"ISO 27001-2013":["A.12.4.1","A.12.4.3","A.14.1.1","A.14.2.1","A.14.2.5","A.18.1.4","A.6.1.2","A.6.1.5","A.7.1.1","A.9.1.2","A.9.2.1","A.9.2.2","A.9.2.3","A.9.2.4","A.9.2.6","A.9.3.1","A.9.4.1","A.9.4.2","A.9.4.3","A.9.4.4","A.9.4.5"],"https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx":["CIP-004-6 R2.2.3","CIP-007-3 R5.1","CIP-007-3 R5.2","CIP-007-3 R5.3.1","CIP-007-3 R5.3.2","CIP-007-3 R5.3.3"],"PCI-DSS Requirement":["Req-8.1.8"]}'><td style="padding-left: 76px"><a href="#rule-detail-id34436" onclick="return openRuleDetailsDialog('id34436')">Set SSH Client Alive Count Max to zero</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_sshd_set_idle_timeout" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_sshd_set_idle_timeout" id="rule-overview-leaf-id34437" data-tt-parent-id="xccdf_org.ssgproject.content_group_ssh_server" data-references='{"NIST SP 800-171":["3.1.11"],"NIST SP 800-53":["CM-6(a)","AC-17(a)","AC-2(5)","AC-12","AC-17(a)","SC-10","CM-6(a)"],"ANSSI":["BP28(R29)"],"https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf":["8.2.8"],"https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf":["DE.CM-1","DE.CM-3","PR.AC-1","PR.AC-4","PR.AC-6","PR.AC-7","PR.IP-2"],"https://public.cyber.mil/stigs/cci/":["CCI-000879","CCI-001133","CCI-002361"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000126-GPOS-00066","SRG-OS-000163-GPOS-00072","SRG-OS-000279-GPOS-00109","SRG-OS-000395-GPOS-00175"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux":["SLES-15-010280"],"https://public.cyber.mil/stigs/srg-stig-tools/":["SV-234827r622137_rule"],"https://www.cisecurity.org/benchmark/suse_linux/":["5.2.16"],"https://www.cisecurity.org/controls/":["1","12","13","14","15","16","18","3","5","7","8"],"FBI CJIS":["5.5.6"],"https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu":["SR 1.1","SR 1.10","SR 1.2","SR 1.3","SR 1.4","SR 1.5","SR 1.7","SR 1.8","SR 1.9","SR 2.1","SR 6.2"],"https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat":["4.3.3.2.2","4.3.3.5.1","4.3.3.5.2","4.3.3.6.1","4.3.3.6.2","4.3.3.6.3","4.3.3.6.4","4.3.3.6.5","4.3.3.6.6","4.3.3.6.7","4.3.3.6.8","4.3.3.6.9","4.3.3.7.2","4.3.3.7.3","4.3.3.7.4","4.3.4.3.3"],"https://www.isaca.org/resources/cobit":["APO13.01","BAI03.01","BAI03.02","BAI03.03","DSS01.03","DSS03.05","DSS05.04","DSS05.05","DSS05.07","DSS05.10","DSS06.03","DSS06.10"],"ISO 27001-2013":["A.12.4.1","A.12.4.3","A.14.1.1","A.14.2.1","A.14.2.5","A.18.1.4","A.6.1.2","A.6.1.5","A.7.1.1","A.9.1.2","A.9.2.1","A.9.2.2","A.9.2.3","A.9.2.4","A.9.2.6","A.9.3.1","A.9.4.1","A.9.4.2","A.9.4.3","A.9.4.4","A.9.4.5"],"https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx":["CIP-004-6 R2.2.3","CIP-007-3 R5.1","CIP-007-3 R5.2","CIP-007-3 R5.3.1","CIP-007-3 R5.3.2","CIP-007-3 R5.3.3"],"PCI-DSS Requirement":["Req-8.1.8"]}'><td style="padding-left: 76px"><a href="#rule-detail-id34437" onclick="return openRuleDetailsDialog('id34437')">Set SSH Client Alive Interval</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_sshd_disable_root_login" class="rule-overview-leaf rule-overview-leaf-fail rule-overview-needs-attention" id="rule-overview-leaf-id34438" data-tt-parent-id="xccdf_org.ssgproject.content_group_ssh_server" data-references='{"NIST SP 800-171":["3.1.1","3.1.5"],"NIST SP 800-53":["AC-6(2)","AC-17(a)","IA-2","IA-2(5)","CM-7(a)","CM-7(b)","CM-6(a)"],"ANSSI":["BP28(R19)","NT007(R21)"],"https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf":["2.2.6"],"https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf":["PR.AC-1","PR.AC-4","PR.AC-6","PR.AC-7","PR.DS-5","PR.PT-3"],"https://public.cyber.mil/stigs/cci/":["CCI-000366","CCI-000770"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=application-servers":["SRG-APP-000148-CTR-000335","SRG-APP-000190-CTR-000500"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000109-GPOS-00056","SRG-OS-000480-GPOS-00227"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux":["SLES-15-020040"],"https://public.cyber.mil/stigs/srg-stig-tools/":["SV-234870r622137_rule"],"https://www.cisecurity.org/benchmark/suse_linux/":["5.2.10"],"https://www.cisecurity.org/controls/":["1","11","12","13","14","15","16","18","3","5"],"FBI CJIS":["5.5.6"],"HIPAA":["164.308(a)(4)(i)","164.308(b)(1)","164.308(b)(3)","164.310(b)","164.312(e)(1)","164.312(e)(2)(ii)"],"https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu":["SR 1.1","SR 1.10","SR 1.11","SR 1.12","SR 1.13","SR 1.2","SR 1.3","SR 1.4","SR 1.5","SR 1.6","SR 1.7","SR 1.8","SR 1.9","SR 2.1","SR 2.2","SR 2.3","SR 2.4","SR 2.5","SR 2.6","SR 2.7","SR 5.2"],"https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat":["4.3.3.2.2","4.3.3.5.1","4.3.3.5.2","4.3.3.5.3","4.3.3.5.4","4.3.3.5.5","4.3.3.5.6","4.3.3.5.7","4.3.3.5.8","4.3.3.6.1","4.3.3.6.2","4.3.3.6.3","4.3.3.6.4","4.3.3.6.5","4.3.3.6.6","4.3.3.6.7","4.3.3.6.8","4.3.3.6.9","4.3.3.7.1","4.3.3.7.2","4.3.3.7.3","4.3.3.7.4"],"https://www.isaca.org/resources/cobit":["APO01.06","DSS05.02","DSS05.04","DSS05.05","DSS05.07","DSS05.10","DSS06.02","DSS06.03","DSS06.06","DSS06.10"],"ISO 27001-2013":["A.10.1.1","A.11.1.4","A.11.1.5","A.11.2.1","A.13.1.1","A.13.1.3","A.13.2.1","A.13.2.3","A.13.2.4","A.14.1.2","A.14.1.3","A.18.1.4","A.6.1.2","A.7.1.1","A.7.1.2","A.7.3.1","A.8.2.2","A.8.2.3","A.9.1.1","A.9.1.2","A.9.2.1","A.9.2.2","A.9.2.3","A.9.2.4","A.9.2.6","A.9.3.1","A.9.4.1","A.9.4.2","A.9.4.3","A.9.4.4","A.9.4.5"],"https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx":["CIP-003-8 R5.1.1","CIP-003-8 R5.3","CIP-004-6 R2.2.3","CIP-004-6 R2.3","CIP-007-3 R2.1","CIP-007-3 R2.2","CIP-007-3 R2.3","CIP-007-3 R5.1","CIP-007-3 R5.1.1","CIP-007-3 R5.1.2","CIP-007-3 R5.2","CIP-007-3 R5.3.1","CIP-007-3 R5.3.2","CIP-007-3 R5.3.3"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1"],"PCI-DSS Requirement":["Req-2.2.4"]}'><td style="padding-left: 76px"><a href="#rule-detail-id34438" onclick="return openRuleDetailsDialog('id34438')">Disable SSH Root Login</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-fail"><div><abbr title="The target system or system component did not satisfy at least one condition of the rule.">fail</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_sshd_disable_tcp_forwarding" class="rule-overview-leaf rule-overview-leaf-fail rule-overview-needs-attention" id="rule-overview-leaf-id34439" data-tt-parent-id="xccdf_org.ssgproject.content_group_ssh_server" data-references='{"https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf":["2.2.6"],"https://www.cisecurity.org/benchmark/suse_linux/":["5.2.20"]}'><td style="padding-left: 76px"><a href="#rule-detail-id34439" onclick="return openRuleDetailsDialog('id34439')">Disable SSH TCP Forwarding</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-fail"><div><abbr title="The target system or system component did not satisfy at least one condition of the rule.">fail</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_sshd_disable_user_known_hosts" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_sshd_disable_user_known_hosts" id="rule-overview-leaf-id34440" data-tt-parent-id="xccdf_org.ssgproject.content_group_ssh_server" data-references='{"NIST SP 800-171":["3.1.12"],"NIST SP 800-53":["AC-17(a)","CM-7(a)","CM-7(b)","CM-6(a)"],"https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf":["PR.IP-1"],"https://public.cyber.mil/stigs/cci/":["CCI-000366"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000480-GPOS-00227"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux":["SLES-15-040230"],"https://public.cyber.mil/stigs/srg-stig-tools/":["SV-235007r622137_rule"],"https://www.cisecurity.org/controls/":["11","3","9"],"HIPAA":["164.308(a)(4)(i)","164.308(b)(1)","164.308(b)(3)","164.310(b)","164.312(e)(1)","164.312(e)(2)(ii)"],"https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu":["SR 7.6"],"https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat":["4.3.4.3.2","4.3.4.3.3"],"https://www.isaca.org/resources/cobit":["BAI10.01","BAI10.02","BAI10.03","BAI10.05"],"ISO 27001-2013":["A.12.1.2","A.12.5.1","A.12.6.2","A.14.2.2","A.14.2.3","A.14.2.4"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FIA_UAU.1"]}'><td style="padding-left: 76px"><a href="#rule-detail-id34440" onclick="return openRuleDetailsDialog('id34440')">Disable SSH Support for User Known Hosts</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_sshd_disable_x11_forwarding" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_sshd_disable_x11_forwarding" id="rule-overview-leaf-id34441" data-tt-parent-id="xccdf_org.ssgproject.content_group_ssh_server" data-references='{"NIST SP 800-53":["CM-6.1(iv)"],"https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf":["2.2.4"],"https://public.cyber.mil/stigs/cci/":["CCI-000366"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000480-GPOS-00227"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux":["SLES-15-040290"],"https://public.cyber.mil/stigs/srg-stig-tools/":["SV-235013r622137_rule"],"https://www.cisecurity.org/benchmark/suse_linux/":["5.2.6"]}'><td style="padding-left: 76px"><a href="#rule-detail-id34441" onclick="return openRuleDetailsDialog('id34441')">Disable X11 Forwarding</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_sshd_enable_warning_banner" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_sshd_enable_warning_banner" id="rule-overview-leaf-id34442" data-tt-parent-id="xccdf_org.ssgproject.content_group_ssh_server" data-references='{"NIST SP 800-171":["3.1.9"],"NIST SP 800-53":["AC-8(a)","AC-8(c)","AC-17(a)","CM-6(a)"],"https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf":["2.2.6"],"https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf":["PR.AC-7"],"https://public.cyber.mil/stigs/cci/":["CCI-000048","CCI-000050","CCI-001384","CCI-001385","CCI-001386","CCI-001387","CCI-001388"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000023-GPOS-00006","SRG-OS-000228-GPOS-00088"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux":["SLES-15-010040"],"https://public.cyber.mil/stigs/srg-stig-tools/":["SV-234805r622137_rule"],"https://www.cisecurity.org/benchmark/suse_linux/":["5.2.18"],"https://www.cisecurity.org/controls/":["1","12","15","16"],"FBI CJIS":["5.5.6"],"HIPAA":["164.308(a)(4)(i)","164.308(b)(1)","164.308(b)(3)","164.310(b)","164.312(e)(1)","164.312(e)(2)(ii)"],"https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu":["SR 1.1","SR 1.10","SR 1.2","SR 1.5","SR 1.7","SR 1.8","SR 1.9"],"https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat":["4.3.3.6.1","4.3.3.6.2","4.3.3.6.3","4.3.3.6.4","4.3.3.6.5","4.3.3.6.6","4.3.3.6.7","4.3.3.6.8","4.3.3.6.9"],"https://www.isaca.org/resources/cobit":["DSS05.04","DSS05.10","DSS06.10"],"ISO 27001-2013":["A.18.1.4","A.9.2.1","A.9.2.4","A.9.3.1","A.9.4.2","A.9.4.3"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FTA_TAB.1"],"PCI-DSS Requirement":["Req-2.2.4"]}'><td style="padding-left: 76px"><a href="#rule-detail-id34442" onclick="return openRuleDetailsDialog('id34442')">Enable SSH Warning Banner</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_sshd_set_login_grace_time" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_sshd_set_login_grace_time" id="rule-overview-leaf-id34443" data-tt-parent-id="xccdf_org.ssgproject.content_group_ssh_server" data-references='{"https://www.cisecurity.org/benchmark/suse_linux/":["5.2.17"]}'><td style="padding-left: 76px"><a href="#rule-detail-id34443" onclick="return openRuleDetailsDialog('id34443')">Ensure SSH LoginGraceTime is configured</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_sshd_set_loglevel_verbose" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_sshd_set_loglevel_verbose" id="rule-overview-leaf-id34444" data-tt-parent-id="xccdf_org.ssgproject.content_group_ssh_server" data-references='{"NIST SP 800-53":["AC-17(a)","AC-17(1)","CM-6(a)"],"https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf":["2.2.6"],"https://public.cyber.mil/stigs/cci/":["CCI-000067"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000032-GPOS-00013"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux":["SLES-15-010150"],"https://public.cyber.mil/stigs/srg-stig-tools/":["SV-234815r622137_rule"],"https://www.cisecurity.org/benchmark/suse_linux/":["5.2.5"],"https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx":["CIP-007-3 R7.1"],"PCI-DSS Requirement":["Req-2.2.4"]}'><td style="padding-left: 76px"><a href="#rule-detail-id34444" onclick="return openRuleDetailsDialog('id34444')">Set SSH Daemon LogLevel to VERBOSE</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_sshd_set_max_auth_tries" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_sshd_set_max_auth_tries" id="rule-overview-leaf-id34445" data-tt-parent-id="xccdf_org.ssgproject.content_group_ssh_server" data-references='{"https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf":["2.2.6"],"https://www.cisecurity.org/benchmark/suse_linux/":["5.2.7"],"https://www.cyber.gov.au/acsc/view-all-content/ism":["0421","0422","0431","0974","1173","1401","1504","1505","1546","1557","1558","1559","1560","1561"]}'><td style="padding-left: 76px"><a href="#rule-detail-id34445" onclick="return openRuleDetailsDialog('id34445')">Set SSH authentication attempt limit</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_sshd_set_max_sessions" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_sshd_set_max_sessions" id="rule-overview-leaf-id34446" data-tt-parent-id="xccdf_org.ssgproject.content_group_ssh_server" data-references='{"https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf":["2.2.6"],"https://www.cisecurity.org/benchmark/suse_linux/":["5.2.22"]}'><td style="padding-left: 76px"><a href="#rule-detail-id34446" onclick="return openRuleDetailsDialog('id34446')">Set SSH MaxSessions limit</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_sshd_set_maxstartups" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_sshd_set_maxstartups" id="rule-overview-leaf-id34447" data-tt-parent-id="xccdf_org.ssgproject.content_group_ssh_server" data-references='{"https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf":["2.2.6"],"https://www.cisecurity.org/benchmark/suse_linux/":["5.2.21"]}'><td style="padding-left: 76px"><a href="#rule-detail-id34447" onclick="return openRuleDetailsDialog('id34447')">Ensure SSH MaxStartups is configured</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_sshd_use_approved_ciphers" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_sshd_use_approved_ciphers" id="rule-overview-leaf-id34448" data-tt-parent-id="xccdf_org.ssgproject.content_group_ssh_server" data-references='{"NIST SP 800-171":["3.1.13","3.13.11","3.13.8"],"NIST SP 800-53":["CM-6(a)","AC-17(a)","AC-17(2)","SC-13","MA-4(6)","IA-5(1)(c)","SC-12(2)","SC-12(3)"],"https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf":["2.2.7"],"https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf":["PR.AC-1","PR.AC-3","PR.AC-4","PR.AC-6","PR.AC-7","PR.IP-1","PR.PT-1","PR.PT-3","PR.PT-4"],"https://public.cyber.mil/stigs/cci/":["CCI-000068","CCI-000366","CCI-000803","CCI-000877","CCI-002890","CCI-003123"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000033-GPOS-00014","SRG-OS-000120-GPOS-00061","SRG-OS-000125-GPOS-00065","SRG-OS-000250-GPOS-00093","SRG-OS-000393-GPOS-00173","SRG-OS-000394-GPOS-00174"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux":["SLES-15-010160"],"https://public.cyber.mil/stigs/srg-stig-tools/":["SV-234816r744125_rule"],"https://www.cisecurity.org/benchmark/suse_linux/":["5.2.13"],"https://www.cisecurity.org/controls/":["1","11","12","14","15","16","18","3","5","6","8","9"],"FBI CJIS":["5.5.6"],"HIPAA":["164.308(b)(1)","164.308(b)(2)","164.312(e)(1)","164.312(e)(2)(i)","164.312(e)(2)(ii)","164.314(b)(2)(i)"],"https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu":["SR 1.1","SR 1.10","SR 1.11","SR 1.12","SR 1.13","SR 1.2","SR 1.3","SR 1.4","SR 1.5","SR 1.6","SR 1.7","SR 1.8","SR 1.9","SR 2.1","SR 2.10","SR 2.11","SR 2.12","SR 2.2","SR 2.3","SR 2.4","SR 2.5","SR 2.6","SR 2.7","SR 2.8","SR 2.9","SR 3.1","SR 3.5","SR 3.8","SR 4.1","SR 4.3","SR 5.1","SR 5.2","SR 5.3","SR 7.1","SR 7.6"],"https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat":["4.3.3.2.2","4.3.3.3.9","4.3.3.5.1","4.3.3.5.2","4.3.3.5.3","4.3.3.5.4","4.3.3.5.5","4.3.3.5.6","4.3.3.5.7","4.3.3.5.8","4.3.3.6.1","4.3.3.6.2","4.3.3.6.3","4.3.3.6.4","4.3.3.6.5","4.3.3.6.6","4.3.3.6.7","4.3.3.6.8","4.3.3.6.9","4.3.3.7.1","4.3.3.7.2","4.3.3.7.3","4.3.3.7.4","4.3.4.3.2","4.3.4.3.3","4.3.4.4.7","4.4.2.1","4.4.2.2","4.4.2.4"],"https://www.isaca.org/resources/cobit":["APO11.04","APO13.01","BAI03.05","BAI10.01","BAI10.02","BAI10.03","BAI10.05","DSS01.04","DSS05.02","DSS05.03","DSS05.04","DSS05.05","DSS05.07","DSS05.10","DSS06.03","DSS06.06","DSS06.10","MEA02.01"],"ISO 27001-2013":["A.11.2.6","A.12.1.2","A.12.4.1","A.12.4.2","A.12.4.3","A.12.4.4","A.12.5.1","A.12.6.2","A.12.7.1","A.13.1.1","A.13.2.1","A.14.1.3","A.14.2.2","A.14.2.3","A.14.2.4","A.18.1.4","A.6.1.2","A.6.2.1","A.6.2.2","A.7.1.1","A.9.1.2","A.9.2.1","A.9.2.2","A.9.2.3","A.9.2.4","A.9.2.6","A.9.3.1","A.9.4.1","A.9.4.2","A.9.4.3","A.9.4.4","A.9.4.5"]}'><td style="padding-left: 76px"><a href="#rule-detail-id34448" onclick="return openRuleDetailsDialog('id34448')">Use Only FIPS 140-2 Validated Ciphers</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_sshd_use_approved_ciphers_ordered_stig" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_sshd_use_approved_ciphers_ordered_stig" id="rule-overview-leaf-id34449" data-tt-parent-id="xccdf_org.ssgproject.content_group_ssh_server" data-references='{"https://public.cyber.mil/stigs/cci/":["CCI-000068","CCI-000366","CCI-000803","CCI-000877","CCI-002890","CCI-003123"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000033-GPOS-00014","SRG-OS-000120-GPOS-00061","SRG-OS-000125-GPOS-00065","SRG-OS-000250-GPOS-00093","SRG-OS-000393-GPOS-00173","SRG-OS-000394-GPOS-00174"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux":["SLES-15-010160"],"https://public.cyber.mil/stigs/srg-stig-tools/":["SV-234816r744125_rule"]}'><td style="padding-left: 76px"><a href="#rule-detail-id34449" onclick="return openRuleDetailsDialog('id34449')">Use Only FIPS 140-2 Validated Ciphers</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_sshd_use_approved_macs" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_sshd_use_approved_macs" id="rule-overview-leaf-id34450" data-tt-parent-id="xccdf_org.ssgproject.content_group_ssh_server" data-references='{"NIST SP 800-171":["3.1.13","3.13.11","3.13.8"],"NIST SP 800-53":["CM-6(a)","AC-17(a)","AC-17(2)","SC-13","MA-4(6)","SC-12(2)","SC-12(3)"],"https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf":["2.2.7"],"https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf":["PR.AC-1","PR.AC-3","PR.DS-5","PR.PT-4"],"https://public.cyber.mil/stigs/cci/":["CCI-000068","CCI-000803","CCI-000877","CCI-001453","CCI-003123"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000125-GPOS-00065","SRG-OS-000250-GPOS-00093","SRG-OS-000394-GPOS-00174"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux":["SLES-15-010270"],"https://public.cyber.mil/stigs/srg-stig-tools/":["SV-234826r744126_rule"],"https://www.cisecurity.org/benchmark/suse_linux/":["5.2.14"],"https://www.cisecurity.org/controls/":["1","12","13","15","16","5","8"],"HIPAA":["164.308(b)(1)","164.308(b)(2)","164.312(e)(1)","164.312(e)(2)(i)","164.312(e)(2)(ii)","164.314(b)(2)(i)"],"https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu":["SR 1.1","SR 1.13","SR 1.2","SR 1.3","SR 1.4","SR 1.5","SR 1.7","SR 1.8","SR 1.9","SR 2.6","SR 3.1","SR 3.5","SR 3.8","SR 4.1","SR 4.3","SR 5.1","SR 5.2","SR 5.3","SR 7.1","SR 7.6"],"https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat":["4.3.3.5.1","4.3.3.6.6"],"https://www.isaca.org/resources/cobit":["APO01.06","APO13.01","DSS01.04","DSS05.02","DSS05.03","DSS05.04","DSS05.07","DSS06.02","DSS06.03"],"ISO 27001-2013":["A.10.1.1","A.11.1.4","A.11.1.5","A.11.2.1","A.11.2.6","A.13.1.1","A.13.1.3","A.13.2.1","A.13.2.3","A.13.2.4","A.14.1.2","A.14.1.3","A.6.1.2","A.6.2.1","A.6.2.2","A.7.1.1","A.7.1.2","A.7.3.1","A.8.2.2","A.8.2.3","A.9.1.1","A.9.1.2","A.9.2.1","A.9.2.2","A.9.2.3","A.9.2.4","A.9.2.6","A.9.3.1","A.9.4.1","A.9.4.2","A.9.4.3","A.9.4.4","A.9.4.5"]}'><td style="padding-left: 76px"><a href="#rule-detail-id34450" onclick="return openRuleDetailsDialog('id34450')">Use Only FIPS 140-2 Validated MACs</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_sshd_use_approved_macs_ordered_stig" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_sshd_use_approved_macs_ordered_stig" id="rule-overview-leaf-id34451" data-tt-parent-id="xccdf_org.ssgproject.content_group_ssh_server" data-references='{"https://public.cyber.mil/stigs/cci/":["CCI-000068","CCI-000803","CCI-000877","CCI-001453","CCI-003123"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000125-GPOS-00065","SRG-OS-000250-GPOS-00093","SRG-OS-000394-GPOS-00174"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux":["SLES-15-010270"],"https://public.cyber.mil/stigs/srg-stig-tools/":["SV-234826r744126_rule"]}'><td style="padding-left: 76px"><a href="#rule-detail-id34451" onclick="return openRuleDetailsDialog('id34451')">Use Only FIPS 140-2 Validated MACs</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_file_permissions_sshd_config" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_file_permissions_sshd_config" id="rule-overview-leaf-id34452" data-tt-parent-id="xccdf_org.ssgproject.content_group_ssh" data-references='{"NIST SP 800-53":["AC-17(a)","CM-6(a)","AC-6(1)"],"https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf":["2.2.6"],"https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf":["PR.AC-4","PR.DS-5"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000480-GPOS-00227"],"https://www.cisecurity.org/benchmark/suse_linux/":["5.2.1"],"https://www.cisecurity.org/controls/":["12","13","14","15","16","18","3","5"],"https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu":["SR 2.1","SR 5.2"],"https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat":["4.3.3.7.3"],"https://www.isaca.org/resources/cobit":["APO01.06","DSS05.04","DSS05.07","DSS06.02"],"ISO 27001-2013":["A.10.1.1","A.11.1.4","A.11.1.5","A.11.2.1","A.13.1.1","A.13.1.3","A.13.2.1","A.13.2.3","A.13.2.4","A.14.1.2","A.14.1.3","A.6.1.2","A.7.1.1","A.7.1.2","A.7.3.1","A.8.2.2","A.8.2.3","A.9.1.1","A.9.1.2","A.9.2.3","A.9.4.1","A.9.4.4","A.9.4.5"],"https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx":["CIP-003-8 R5.1.1","CIP-003-8 R5.3","CIP-004-6 R2.3","CIP-007-3 R2.1","CIP-007-3 R2.2","CIP-007-3 R2.3","CIP-007-3 R5.1","CIP-007-3 R5.1.1","CIP-007-3 R5.1.2"]}'><td style="padding-left: 57px"><a href="#rule-detail-id34452" onclick="return openRuleDetailsDialog('id34452')">Verify Permissions on SSH Server config file</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr></tbody></table></div><div class="js-only hidden-print"><button type="button" class="btn btn-info" onclick="return toggleResultDetails(this)">Show all result details</button></div><div id="result-details"><h2>Result Details</h2><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_aide_check_audit_tools" id="rule-detail-id34292"><div class="keywords sr-only">Configure AIDE to Verify the Audit Toolsxccdf_org.ssgproject.content_rule_aide_check_audit_tools mediumCCE-85610-4 </div><div class="panel-heading"><h3 class="panel-title">Configure AIDE to Verify the Audit Tools</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_aide_check_audit_tools</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-aide_check_audit_tools:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:06+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
>            <abbr title="https://ncp.nist.gov/cce: CCE-85610-4">CCE-85610-4</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
>            <a href="https://public.cyber.mil/stigs/cci/">CCI-001496</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-9(3)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-9(3).1</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000278-GPOS-00108</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">SLES-15-030630</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-234962r622137_rule</a></p></td></tr><tr><td>Description</td><td><div class="description">The operating system file integrity tool must be configured to protect the integrity of the audit tools.</div></td></tr><tr><td>Rationale</td><td><div class="rationale">Protecting the integrity of the tools used for auditing purposes is a
>critical step toward ensuring the integrity of audit information. Audit
>information includes all information (e.g., audit records, audit settings,
>and audit reports) needed to successfully audit information system
>activity.
>
>Audit tools include but are not limited to vendor-provided and open-source
>audit tools needed to successfully view and manipulate audit information
>system activity and records. Audit tools include custom queries and report
>generators.
>
>It is not uncommon for attackers to replace the audit tools or inject code
>into the existing tools to provide the capability to hide or erase system
>activity from the audit logs.
>
>To address this risk, audit tools must be cryptographically signed to
>provide the capability to identify when the audit tools have been modified,
>manipulated, or replaced. An example is a checksum hash of the file or
>files.</div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">package aide is installed</span>Â 
>        <span class="label label-default">oval:ssg-test_package_aide_installed:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th><th>Arch</th><th>Epoch</th><th>Release</th><th>Version</th><th>Evr</th><th>Signature keyid</th><th>Extended name</th></tr></thead><tbody><tr><td>aide</td><td>x86_64</td><td>(none)</td><td>24.1</td><td>0.16</td><td>0:0.16-24.1</td><td>70af9e8139db7c82</td><td>aide-0:0.16-24.1.x86_64</td></tr></tbody></table><h4><span class="label label-primary">auditctl is checked in /etc/aide.conf</span>Â 
>        <span class="label label-default">oval:ssg-test_aide_verify_auditctl:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/aide.conf</td><td>/usr/sbin/auditctl p+i+n+u+g+s+b+acl+selinux+xattrs+sha512</td></tr></tbody></table><h4><span class="label label-primary">auditd is checked in /etc/aide.conf</span>Â 
>        <span class="label label-default">oval:ssg-test_aide_verify_auditd:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/aide.conf</td><td>/usr/sbin/auditd p+i+n+u+g+s+b+acl+selinux+xattrs+sha512</td></tr></tbody></table><h4><span class="label label-primary">ausearch is checked in /etc/aide.conf</span>Â 
>        <span class="label label-default">oval:ssg-test_aide_verify_ausearch:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/aide.conf</td><td>/usr/sbin/ausearch p+i+n+u+g+s+b+acl+selinux+xattrs+sha512</td></tr></tbody></table><h4><span class="label label-primary">aureport is checked in /etc/aide.conf</span>Â 
>        <span class="label label-default">oval:ssg-test_aide_verify_aureport:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/aide.conf</td><td>/usr/sbin/aureport p+i+n+u+g+s+b+acl+selinux+xattrs+sha512</td></tr></tbody></table><h4><span class="label label-primary">autrace is checked in /etc/aide.conf</span>Â 
>        <span class="label label-default">oval:ssg-test_aide_verify_autrace:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/aide.conf</td><td>/usr/sbin/autrace p+i+n+u+g+s+b+acl+selinux+xattrs+sha512</td></tr></tbody></table><h4><span class="label label-primary">audispd is checked in /etc/aide.conf</span>Â 
>        <span class="label label-default">oval:ssg-test_aide_verify_audispd:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/aide.conf</td><td>/usr/sbin/audispd p+i+n+u+g+s+b+acl+selinux+xattrs+sha512</td></tr></tbody></table><h4><span class="label label-primary">augenrules is checked in /etc/aide.conf</span>Â 
>        <span class="label label-default">oval:ssg-test_aide_verify_augenrules:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/aide.conf</td><td>/usr/sbin/augenrules p+i+n+u+g+s+b+acl+selinux+xattrs+sha512</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_aide_periodic_cron_checking" id="rule-detail-id34293"><div class="keywords sr-only">Configure Periodic Execution of AIDExccdf_org.ssgproject.content_rule_aide_periodic_cron_checking mediumCCE-85671-6 </div><div class="panel-heading"><h3 class="panel-title">Configure Periodic Execution of AIDE</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_aide_periodic_cron_checking</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-aide_periodic_cron_checking:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:06+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
>            <abbr title="https://ncp.nist.gov/cce: CCE-85671-6">CCE-85671-6</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
>            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R51)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.10.1.3</a>, <a href="https://www.isaca.org/resources/cobit">APO01.06</a>, <a href="https://www.isaca.org/resources/cobit">BAI01.06</a>, <a href="https://www.isaca.org/resources/cobit">BAI02.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI06.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.02</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.03</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS04.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.06</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001744</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002699</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002702</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.3.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.3.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.5.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.6.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.3</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">SI-6(d)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.DS-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.DS-6</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.DS-8</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.IP-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.IP-3</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-11.5</a>, <a href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">11.5.2</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000363-GPOS-00150</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000446-GPOS-00200</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000447-GPOS-00201</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">SLES-15-010420</a>, <a href="https://www.cisecurity.org/benchmark/suse_linux/">1.4.2</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-234851r622137_rule</a></p></td></tr><tr><td>Description</td><td><div class="description">At a minimum, AIDE should be configured to run a weekly scan.
>To implement a daily execution of AIDE at 4:05am using cron, add the following line to <code>/etc/crontab</code>:
><pre>05 4 * * * root /usr/bin/aide --check</pre>
>To implement a weekly execution of AIDE at 4:05am using cron, add the following line to <code>/etc/crontab</code>:
><pre>05 4 * * 0 root /usr/bin/aide --check</pre>
>AIDE can be executed periodically through other means; this is merely one example.
>The usage of cron's special time codes, such as  <code>@daily</code> and
><code>@weekly</code> is acceptable.</div></td></tr><tr><td>Rationale</td><td><div class="rationale">By default, AIDE does not install itself for periodic execution. Periodically
>running AIDE is necessary to reveal unexpected changes in installed files.
><br><br>
>Unauthorized changes to the baseline configuration could make the system vulnerable
>to various attacks or allow unauthorized access to the operating system. Changes to
>operating system configurations can have unintended side effects, some of which may
>be relevant to security.
><br><br>
>Detecting such changes and providing an automated response can help avoid unintended,
>negative consequences that could ultimately affect the security state of the operating
>system. The operating system's Information Management Officer (IMO)/Information System
>Security Officer (ISSO) and System Administrators (SAs) must be notified via email and/or
>monitoring system trap when there is an unauthorized modification of a configuration item.</div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">package aide is installed</span>Â 
>        <span class="label label-default">oval:ssg-test_package_aide_installed:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th><th>Arch</th><th>Epoch</th><th>Release</th><th>Version</th><th>Evr</th><th>Signature keyid</th><th>Extended name</th></tr></thead><tbody><tr><td>aide</td><td>x86_64</td><td>(none)</td><td>24.1</td><td>0.16</td><td>0:0.16-24.1</td><td>70af9e8139db7c82</td><td>aide-0:0.16-24.1.x86_64</td></tr></tbody></table><h4><span class="label label-primary">run aide with cron</span>Â 
>        <span class="label label-default">oval:ssg-test_aide_periodic_cron_checking:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/crontab</td><td>05 4 * * * root /usr/bin/aide --check</td></tr></tbody></table><h4><span class="label label-primary">run aide with cron</span>Â 
>        <span class="label label-default">oval:ssg-test_aide_crond_checking:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="run aide with cron">oval:ssg-object_test_aide_crond_checking:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Filename</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/cron.d</td><td>^.*$</td><td>^(([0-9]*[\s]*[0-9]*[\s]*\*[\s]*\*[\s]*(\*|([0-7]|mon|tue|wed|thu|fri|sat|sun)|[0-7]-[0-7]))|@(hourly|daily|weekly))[\s]*root[\s]*\/usr\/bin\/aide[\s]*\-\-check.*$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">run aide with cron</span>Â 
>        <span class="label label-default">oval:ssg-test_aide_var_cron_checking:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="run aide with cron">oval:ssg-object_aide_var_cron_checking:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/var/spool/cron/root</td><td>^(([0-9]*[\s]*[0-9]*[\s]*\*[\s]*\*[\s]*(\*|([0-7]|mon|tue|wed|thu|fri|sat|sun)|[0-7]-[0-7]))|@(hourly|daily|weekly))[\s]*(root)?[\s]*\/usr\/bin\/aide[\s]*\-\-check.*$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">run aide with cron.(daily|weekly)</span>Â 
>        <span class="label label-default">oval:ssg-test_aide_crontabs_checking:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="run aide with cron.(daily|weekly)">oval:ssg-object_aide_crontabs_checking:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Filename</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>^/etc/cron.(daily|weekly)$</td><td>^.*$</td><td>^[^#]*\/usr\/bin\/aide\s+\-\-check\s*$</td><td>1</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_aide_verify_acls" id="rule-detail-id34294"><div class="keywords sr-only">Configure AIDE to Verify Access Control Lists (ACLs)xccdf_org.ssgproject.content_rule_aide_verify_acls lowCCE-85623-7 </div><div class="panel-heading"><h3 class="panel-title">Configure AIDE to Verify Access Control Lists (ACLs)</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_aide_verify_acls</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-aide_verify_acls:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:06+00:00</td></tr><tr><td>Severity</td><td>low</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
>            <abbr title="https://ncp.nist.gov/cce: CCE-85623-7">CCE-85623-7</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
>            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R51)</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.isaca.org/resources/cobit">APO01.06</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI06.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.02</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.5.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.4</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">SI-7</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">SI-7(1)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.DS-6</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.DS-8</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">SLES-15-040040</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-234986r622137_rule</a></p></td></tr><tr><td>Description</td><td><div class="description">By default, the <code>acl</code> option is added to the <code>FIPSR</code> ruleset in AIDE.
>If using a custom ruleset or the <code>acl</code> option is missing, add <code>acl</code>
>to the appropriate ruleset.
>For example, add <code>acl</code> to the following line in <code>/etc/aide.conf</code>:
><pre>FIPSR = p+i+n+u+g+s+m+c+acl+selinux+xattrs+sha256</pre>
>AIDE rules can be configured in multiple ways; this is merely one example that is already
>configured by default.
>
>The remediation provided with this rule adds <code>acl</code> to all rule sets available in
><code>/etc/aide.conf</code></div></td></tr><tr><td>Rationale</td><td><div class="rationale">ACLs can provide permissions beyond those permitted through the file mode and must be
>verified by the file integrity tools.</div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">package aide is installed</span>Â 
>        <span class="label label-default">oval:ssg-test_package_aide_installed:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th><th>Arch</th><th>Epoch</th><th>Release</th><th>Version</th><th>Evr</th><th>Signature keyid</th><th>Extended name</th></tr></thead><tbody><tr><td>aide</td><td>x86_64</td><td>(none)</td><td>24.1</td><td>0.16</td><td>0:0.16-24.1</td><td>70af9e8139db7c82</td><td>aide-0:0.16-24.1.x86_64</td></tr></tbody></table><h4><span class="label label-primary">acl is set in /etc/aide.conf</span>Â 
>        <span class="label label-default">oval:ssg-test_aide_verify_acls:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/aide.conf</td><td>Logs = p+i+n+u+g+S+acl+xattrs</td></tr><tr><td>/etc/aide.conf</td><td>Binlib = p+i+n+u+g+s+b+m+c+sha256+sha512+acl+xattrs</td></tr><tr><td>/etc/aide.conf</td><td>ManPages = p+i+n+u+g+s+b+m+c+sha256+sha512+acl+xattrs</td></tr><tr><td>/etc/aide.conf</td><td>ConfFiles = p+i+n+u+g+s+b+m+c+sha256+sha512+acl+xattrs</td></tr><tr><td>/etc/aide.conf</td><td>Databases = p+n+u+g+acl+xattrs</td></tr><tr><td>/etc/aide.conf</td><td>StaticDir = p+i+n+u+g+acl+xattrs</td></tr><tr><td>/etc/aide.conf</td><td>Devices = p+i+n+u+g+s+b+c+sha256+sha512+acl+xattrs</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_aide_verify_ext_attributes" id="rule-detail-id34295"><div class="keywords sr-only">Configure AIDE to Verify Extended Attributesxccdf_org.ssgproject.content_rule_aide_verify_ext_attributes lowCCE-85624-5 </div><div class="panel-heading"><h3 class="panel-title">Configure AIDE to Verify Extended Attributes</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_aide_verify_ext_attributes</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-aide_verify_ext_attributes:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:06+00:00</td></tr><tr><td>Severity</td><td>low</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
>            <abbr title="https://ncp.nist.gov/cce: CCE-85624-5">CCE-85624-5</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
>            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R51)</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.isaca.org/resources/cobit">APO01.06</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI06.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.02</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.5.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.4</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">SI-7</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">SI-7(1)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.DS-6</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.DS-8</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">SLES-15-040050</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-234987r622137_rule</a></p></td></tr><tr><td>Description</td><td><div class="description">By default, the <code>xattrs</code> option is added to the <code>FIPSR</code> ruleset in AIDE.
>If using a custom ruleset or the <code>xattrs</code> option is missing, add <code>xattrs</code>
>to the appropriate ruleset.
>For example, add <code>xattrs</code> to the following line in <code>/etc/aide.conf</code>:
><pre>FIPSR = p+i+n+u+g+s+m+c+acl+selinux+xattrs+sha256</pre>
>AIDE rules can be configured in multiple ways; this is merely one example that is already
>configured by default.
>
>The remediation provided with this rule adds <code>xattrs</code> to all rule sets available in
><code>/etc/aide.conf</code></div></td></tr><tr><td>Rationale</td><td><div class="rationale">Extended attributes in file systems are used to contain arbitrary data and file metadata
>with security implications.</div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">package aide is installed</span>Â 
>        <span class="label label-default">oval:ssg-test_package_aide_installed:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th><th>Arch</th><th>Epoch</th><th>Release</th><th>Version</th><th>Evr</th><th>Signature keyid</th><th>Extended name</th></tr></thead><tbody><tr><td>aide</td><td>x86_64</td><td>(none)</td><td>24.1</td><td>0.16</td><td>0:0.16-24.1</td><td>70af9e8139db7c82</td><td>aide-0:0.16-24.1.x86_64</td></tr></tbody></table><h4><span class="label label-primary">xattrs is set in /etc/aide.conf</span>Â 
>        <span class="label label-default">oval:ssg-test_aide_verify_ext_attributes:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/aide.conf</td><td>Logs = p+i+n+u+g+S+acl+xattrs</td></tr><tr><td>/etc/aide.conf</td><td>Binlib = p+i+n+u+g+s+b+m+c+sha256+sha512+acl+xattrs</td></tr><tr><td>/etc/aide.conf</td><td>ManPages = p+i+n+u+g+s+b+m+c+sha256+sha512+acl+xattrs</td></tr><tr><td>/etc/aide.conf</td><td>ConfFiles = p+i+n+u+g+s+b+m+c+sha256+sha512+acl+xattrs</td></tr><tr><td>/etc/aide.conf</td><td>Databases = p+n+u+g+acl+xattrs</td></tr><tr><td>/etc/aide.conf</td><td>StaticDir = p+i+n+u+g+acl+xattrs</td></tr><tr><td>/etc/aide.conf</td><td>Devices = p+i+n+u+g+s+b+c+sha256+sha512+acl+xattrs</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_sudo_add_use_pty" id="rule-detail-id34296"><div class="keywords sr-only">Ensure Only Users Logged In To Real tty Can Execute Sudo - sudo use_ptyxccdf_org.ssgproject.content_rule_sudo_add_use_pty mediumCCE-91190-9 </div><div class="panel-heading"><h3 class="panel-title">Ensure Only Users Logged In To Real tty Can Execute Sudo - sudo use_pty</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_sudo_add_use_pty</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-sudo_add_use_pty:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:06+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
>            <abbr title="https://ncp.nist.gov/cce: CCE-91190-9">CCE-91190-9</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
>            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R58)</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.2.5</a>, <a href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">10.2.1.5</a>, <a href="https://www.cisecurity.org/benchmark/suse_linux/">1.3.2</a></p></td></tr><tr><td>Description</td><td><div class="description">The sudo <code>use_pty</code> tag, when specified, will only execute sudo
>commands from users logged in to a real tty.
>This should be enabled by making sure that the <code>use_pty</code> tag exists in
><code>/etc/sudoers</code> configuration file or any sudo configuration snippets
>in <code>/etc/sudoers.d/</code>.</div></td></tr><tr><td>Rationale</td><td><div class="rationale">Requiring that sudo commands be run in a pseudo-terminal can prevent an attacker from retaining
>access to the user's terminal after the main program has finished executing.</div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">use_pty exists in /etc/sudoers or /etc/sudoers.d/</span>Â 
>        <span class="label label-default">oval:ssg-test_use_pty_sudoers:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/sudoers</td><td>Defaults use_pty</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_sudo_custom_logfile" id="rule-detail-id34297"><div class="keywords sr-only">Ensure Sudo Logfile Exists - sudo logfilexccdf_org.ssgproject.content_rule_sudo_custom_logfile lowCCE-91311-1 </div><div class="panel-heading"><h3 class="panel-title">Ensure Sudo Logfile Exists - sudo logfile</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_sudo_custom_logfile</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-sudo_custom_logfile:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:06+00:00</td></tr><tr><td>Severity</td><td>low</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
>            <abbr title="https://ncp.nist.gov/cce: CCE-91311-1">CCE-91311-1</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
>            <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.2.5</a>, <a href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">10.2.1.5</a>, <a href="https://www.cisecurity.org/benchmark/suse_linux/">1.3.3</a></p></td></tr><tr><td>Description</td><td><div class="description">A custom log sudo file can be configured with the 'logfile' tag. This rule configures
>a sudo custom logfile at the default location suggested by CIS, which uses
>/var/log/sudo.log.</div></td></tr><tr><td>Rationale</td><td><div class="rationale">A sudo log file simplifies auditing of sudo commands.</div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">logfile exists in /etc/sudoers or /etc/sudoers.d/</span>Â 
>        <span class="label label-default">oval:ssg-test_logfile_sudoers:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/sudoers</td><td>Defaults logfile=/var/log/sudo.log</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_ensure_gpgcheck_globally_activated" id="rule-detail-id34298"><div class="keywords sr-only">Ensure gpgcheck Enabled In Main zypper Configurationxccdf_org.ssgproject.content_rule_ensure_gpgcheck_globally_activated highCCE-83290-7 </div><div class="panel-heading"><h3 class="panel-title">Ensure gpgcheck Enabled In Main zypper Configuration</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_ensure_gpgcheck_globally_activated</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-ensure_gpgcheck_globally_activated:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:06+00:00</td></tr><tr><td>Severity</td><td>high</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
>            <abbr title="https://ncp.nist.gov/cce: CCE-83290-7">CCE-83290-7</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
>            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R15)</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.10.4.1</a>, <a href="https://www.isaca.org/resources/cobit">APO01.06</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI06.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.02</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.03</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.02</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.4.8</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001749</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(c)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(c)(2)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)(2)(i)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.3.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.3.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.5.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.6.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.4</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-5(3)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">SI-7</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">SC-12</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">SC-12(3)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">SA-12</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">SA-12(10)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-11(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-11(b)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.DS-6</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.DS-8</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.IP-1</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FPT_TUD_EXT.1</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FPT_TUD_EXT.2</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-6.2</a>, <a href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">6.3.3</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000366-GPOS-00153</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">SLES-15-010430</a>, <a href="https://www.cisecurity.org/benchmark/suse_linux/">1.2.3</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-234852r622137_rule</a></p></td></tr><tr><td>Description</td><td><div class="description">The <code>gpgcheck</code> option controls whether
>RPM packages' signatures are always checked prior to installation.
>To configure zypper to check package signatures before installing
>them, ensure the following line appears in <code>/etc/zypp/zypp.conf</code> in
>the <code>[main]</code> section:
><pre>gpgcheck=1</pre></div></td></tr><tr><td>Rationale</td><td><div class="rationale">Changes to any software components can have significant effects on the
>overall security of the operating system. This requirement ensures the
>software has not been tampered with and that it has been provided by a
>trusted vendor.
><br>
>Accordingly, patches, service packs, device drivers, or operating system
>components must be signed with a certificate recognized and approved by the
>organization.
><br>Verifying the authenticity of the software prior to installation
>validates the integrity of the patch or upgrade received from a vendor.
>This ensures the software has not been tampered with and that it has been
>provided by a trusted vendor. Self-signed certificates are disallowed by
>this requirement. Certificates used to verify the software must be from an
>approved Certificate Authority (CA).</div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">check value of gpgcheck in /etc/zypp/zypp.conf</span>Â 
>        <span class="label label-default">oval:ssg-test_ensure_gpgcheck_globally_activated:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/zypp/zypp.conf</td><td>gpgcheck = 1
></td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_banner_etc_issue" id="rule-detail-id34299"><div class="keywords sr-only">Modify the System Login Bannerxccdf_org.ssgproject.content_rule_banner_etc_issue mediumCCE-83262-6 </div><div class="panel-heading"><h3 class="panel-title">Modify the System Login Banner</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_banner_etc_issue</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-banner_etc_issue:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:06+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
>            <abbr title="https://ncp.nist.gov/cce: CCE-83262-6">CCE-83262-6</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
>            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.10</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.10</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.9</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000048</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000050</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001384</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001385</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001386</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001387</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001388</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.9</a>, <a href="https://www.iso.org/standard/54534.html">A.18.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.3</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-8(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-8(c)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-7</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FMT_MOF_EXT.1</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000023-GPOS-00006</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000228-GPOS-00088</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">SLES-15-010020</a>, <a href="https://www.cisecurity.org/benchmark/suse_linux/">1.8.1.2</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-234803r622137_rule</a></p></td></tr><tr><td>Description</td><td><div class="description">
>To configure the system login banner edit <code>/etc/issue</code>. Replace the
>default text with a message compliant with the local site policy or a legal
>disclaimer.
>
>
>The DoD required text is either:
><br><br>
><code>You are accessing a U.S. Government (USG) Information System (IS) that
>is provided for USG-authorized use only. By using this IS (which includes
>any device attached to this IS), you consent to the following conditions:
><br>-The USG routinely intercepts and monitors communications on this IS
>for purposes including, but not limited to, penetration testing, COMSEC
>monitoring, network operations and defense, personnel misconduct (PM), law
>enforcement (LE), and counterintelligence (CI) investigations.
><br>-At any time, the USG may inspect and seize data stored on this IS.
><br>-Communications using, or data stored on, this IS are not private,
>are subject to routine monitoring, interception, and search, and may be
>disclosed or used for any USG-authorized purpose.
><br>-This IS includes security measures (e.g., authentication and access
>controls) to protect USG interests -- not for your personal benefit or
>privacy.
><br>-Notwithstanding the above, using this IS does not constitute consent
>to PM, LE or CI investigative searching or monitoring of the content of
>privileged communications, or work product, related to personal
>representation or services by attorneys, psychotherapists, or clergy, and
>their assistants. Such communications and work product are private and
>confidential. See User Agreement for details.</code>
><br><br>
>OR:
><br><br>
><code>I've read &amp; consent to terms in IS user agreem't.</code></div></td></tr><tr><td>Rationale</td><td><div class="rationale">Display of a standardized and approved use notification before granting
>access to the operating system ensures privacy and security notification
>verbiage used is consistent with applicable federal laws, Executive Orders,
>directives, policies, regulations, standards, and guidance.
><br><br>
>System use notifications are required only for access via login interfaces
>with human users and are not required when such human interfaces do not
>exist.</div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">correct banner in /etc/issue</span>Â 
>        <span class="label label-default">oval:ssg-test_banner_etc_issue:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/issue.d/99-oscap-setting</td><td>Authorized uses only. All activity may be monitored and reported.
></td></tr><tr><td>/etc/issue.d/80-hostinfo-00-space</td><td>
></td></tr><tr><td>/etc/issue.d/00-OS</td><td>
></td></tr><tr><td>/etc/issue.d/90-OS</td><td>
></td></tr><tr><td>/etc/issue</td><td>
>
>Welcome to SUSE Linux Enterprise Server 15 SP5  (x86_64) - Kernel \r (\l).
>
>eth0: \4{eth0} \6{eth0}
>
>Current As Of:            Tue Oct 10 09:40:42 2023
>Network Interfaces
> eth0:                    (Unconfigured)
>
>
>
>Authorized uses only. All activity may be monitored and reported.
></td></tr><tr><td>/etc/issue.d/80-hostinfo-02-date</td><td>Current As Of:            Tue Oct 10 09:40:42 2023
></td></tr><tr><td>/etc/issue.d/80-hostinfo-06-network</td><td>Network Interfaces
> eth0:                    (Unconfigured)
></td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_banner_etc_motd" id="rule-detail-id34300"><div class="keywords sr-only">Modify the System Message of the Day Bannerxccdf_org.ssgproject.content_rule_banner_etc_motd mediumCCE-91349-1 </div><div class="panel-heading"><h3 class="panel-title">Modify the System Message of the Day Banner</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_banner_etc_motd</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-banner_etc_motd:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:06+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
>            <abbr title="https://ncp.nist.gov/cce: CCE-91349-1">CCE-91349-1</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
>            <a href="https://www.cisecurity.org/benchmark/suse_linux/">1.8.1.1</a></p></td></tr><tr><td>Description</td><td><div class="description">To configure the system message banner edit <code>/etc/motd</code>. Replace the
>default text with a message compliant with the local site policy or a legal
>disclaimer.
>
>The DoD required text is either:
><br><br>
><code>You are accessing a U.S. Government (USG) Information System (IS) that
>is provided for USG-authorized use only. By using this IS (which includes
>any device attached to this IS), you consent to the following conditions:
><br>-The USG routinely intercepts and monitors communications on this IS
>for purposes including, but not limited to, penetration testing, COMSEC
>monitoring, network operations and defense, personnel misconduct (PM), law
>enforcement (LE), and counterintelligence (CI) investigations.
><br>-At any time, the USG may inspect and seize data stored on this IS.
><br>-Communications using, or data stored on, this IS are not private,
>are subject to routine monitoring, interception, and search, and may be
>disclosed or used for any USG-authorized purpose.
><br>-This IS includes security measures (e.g., authentication and access
>controls) to protect USG interests -- not for your personal benefit or
>privacy.
><br>-Notwithstanding the above, using this IS does not constitute consent
>to PM, LE or CI investigative searching or monitoring of the content of
>privileged communications, or work product, related to personal
>representation or services by attorneys, psychotherapists, or clergy, and
>their assistants. Such communications and work product are private and
>confidential. See User Agreement for details.</code>
><br><br>
>OR:
><br><br>
><code>I've read &amp; consent to terms in IS user agreem't.</code></div></td></tr><tr><td>Rationale</td><td><div class="rationale">Display of a standardized and approved use notification before granting
>access to the operating system ensures privacy and security notification
>verbiage used is consistent with applicable federal laws, Executive Orders,
>directives, policies, regulations, standards, and guidance.
><br><br>
>System use notifications are required only for access via login interfaces
>with human users and are not required when such human interfaces do not
>exist.</div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">correct banner in /etc/motd</span>Â 
>        <span class="label label-default">oval:ssg-test_banner_etc_motd:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/motd</td><td>Authorized uses only. All activity may be monitored and reported.
></td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_file_groupowner_etc_issue" id="rule-detail-id34301"><div class="keywords sr-only">Verify Group Ownership of System Login Bannerxccdf_org.ssgproject.content_rule_file_groupowner_etc_issue mediumCCE-91355-8 </div><div class="panel-heading"><h3 class="panel-title">Verify Group Ownership of System Login Banner</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_file_groupowner_etc_issue</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-file_groupowner_etc_issue:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:06+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
>            <abbr title="https://ncp.nist.gov/cce: CCE-91355-8">CCE-91355-8</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
>            <a href="https://www.cisecurity.org/benchmark/suse_linux/">1.8.1.5</a></p></td></tr><tr><td>Description</td><td><div class="description">
>To properly set the group owner of <code>/etc/issue</code>, run the command:
><pre>$ sudo chgrp root /etc/issue</pre></div></td></tr><tr><td>Rationale</td><td><div class="rationale">Display of a standardized and approved use notification before granting
>access to the operating system ensures privacy and security notification
>verbiage used is consistent with applicable federal laws, Executive Orders,
>directives, policies, regulations, standards, and guidance.<br>
>Proper group ownership will ensure that only root user can modify the banner.</div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">Testing group ownership of /etc/issue.d/</span>Â 
>        <span class="label label-default">oval:ssg-test_file_groupowner_etc_issue_0:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="/etc/issue.d/">oval:ssg-object_file_groupowner_etc_issue_0:obj:1</abbr></strong> of type
>                <strong>file_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Behaviors</th><th>Path</th><th>Filename</th><th>Filter</th><th>Filter</th></tr></thead><tbody><tr><td>no value</td><td>/etc/issue.d</td><td>^.*$</td><td>oval:ssg-symlink_file_groupowner_etc_issue_uid_0:ste:1</td><td>oval:ssg-state_file_groupowner_etc_issue_gid_0_0:ste:1</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_file_owner_etc_issue" id="rule-detail-id34302"><div class="keywords sr-only">Verify ownership of System Login Bannerxccdf_org.ssgproject.content_rule_file_owner_etc_issue mediumCCE-91356-6 </div><div class="panel-heading"><h3 class="panel-title">Verify ownership of System Login Banner</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_file_owner_etc_issue</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-file_owner_etc_issue:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:06+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
>            <abbr title="https://ncp.nist.gov/cce: CCE-91356-6">CCE-91356-6</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
>            <a href="https://www.cisecurity.org/benchmark/suse_linux/">1.8.1.5</a></p></td></tr><tr><td>Description</td><td><div class="description">
>To properly set the owner of <code>/etc/issue</code>, run the command:
><pre>$ sudo chown root /etc/issue </pre></div></td></tr><tr><td>Rationale</td><td><div class="rationale">Display of a standardized and approved use notification before granting
>access to the operating system ensures privacy and security notification
>verbiage used is consistent with applicable federal laws, Executive Orders,
>directives, policies, regulations, standards, and guidance.<br>
>Proper ownership will ensure that only root user can modify the banner.</div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">Testing user ownership of /etc/issue.d/</span>Â 
>        <span class="label label-default">oval:ssg-test_file_owner_etc_issue_0:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="/etc/issue.d/">oval:ssg-object_file_owner_etc_issue_0:obj:1</abbr></strong> of type
>                <strong>file_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Behaviors</th><th>Path</th><th>Filename</th><th>Filter</th><th>Filter</th></tr></thead><tbody><tr><td>no value</td><td>/etc/issue.d</td><td>^.*$</td><td>oval:ssg-symlink_file_owner_etc_issue_uid_0:ste:1</td><td>oval:ssg-state_file_owner_etc_issue_uid_0_0:ste:1</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_accounts_password_pam_pwhistory_remember" id="rule-detail-id34303"><div class="keywords sr-only">Limit Password Reusexccdf_org.ssgproject.content_rule_accounts_password_pam_pwhistory_remember mediumCCE-91398-8 </div><div class="panel-heading"><h3 class="panel-title">Limit Password Reuse</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_accounts_password_pam_pwhistory_remember</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-accounts_password_pam_pwhistory_remember:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:06+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
>            <abbr title="https://ncp.nist.gov/cce: CCE-91398-8">CCE-91398-8</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
>            <a href="https://public.cyber.mil/stigs/cci/">CCI-000200</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000077-GPOS-00045</a>, <a href="https://www.cisecurity.org/benchmark/suse_linux/">5.3.3</a></p></td></tr><tr><td>Description</td><td><div class="description">Do not allow users to reuse recent passwords. This can be
>accomplished by using the <code>remember</code> option for the
><code>pam_pwhistory</code> PAM modules.
><br><br>
>In the file <code>/etc/pam.d/common-password</code>, make sure the parameters
><code>remember</code> and <code>use_authtok</code> are present, and that the value
>for the <code>remember</code> parameter is <abbr title="from TestResult: xccdf_org.ssgproject.content_value_var_password_pam_remember">5</abbr> or greater. For example:
><pre>password requisite pam_pwhistory.so <i>...existing_options...</i> remember=<abbr title="from TestResult: xccdf_org.ssgproject.content_value_var_password_pam_remember">5</abbr> use_authtok</pre>
>The DoD STIG requirement is 5 passwords.</div></td></tr><tr><td>Rationale</td><td><div class="rationale">Preventing re-use of previous passwords helps ensure that a compromised password is not re-used by a user.</div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">Verify remember configuation of pam_pwhistory.so</span>Â 
>        <span class="label label-default">oval:ssg-test_pam_password_pam_pwhistory_remember:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/pam.d/common-password</td><td>password requisite pam_pwhistory.so remember=5  use_authtok</td></tr></tbody></table><h4><span class="label label-primary">Verify use_authtok configuation of pam_pwhistory.so</span>Â 
>        <span class="label label-default">oval:ssg-test_pam_password_pam_pwhistory_use_authtok:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/pam.d/common-password</td><td>password requisite pam_pwhistory.so remember=5  use_authtok
></td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_accounts_passwords_pam_faildelay_delay" id="rule-detail-id34304"><div class="keywords sr-only">Enforce Delay After Failed Logon Attemptsxccdf_org.ssgproject.content_rule_accounts_passwords_pam_faildelay_delay mediumCCE-85619-5 </div><div class="panel-heading"><h3 class="panel-title">Enforce Delay After Failed Logon Attempts</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_accounts_passwords_pam_faildelay_delay</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-accounts_passwords_pam_faildelay_delay:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:06+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
>            <abbr title="https://ncp.nist.gov/cce: CCE-85619-5">CCE-85619-5</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
>            <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00226</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">SLES-15-040000</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-234982r622137_rule</a></p></td></tr><tr><td>Description</td><td><div class="description">To configure the system to introduce a delay after failed logon attempts,
>add or correct the <code>pam_faildelay</code> settings in
><code>/etc/pam.d/common-auth</code> to make sure its <code>delay</code> parameter
>is at least <abbr title="from TestResult: xccdf_org.ssgproject.content_value_var_password_pam_delay">4000000</abbr> or greater. For example:
><pre>auth required pam_faildelay.so delay=<abbr title="from TestResult: xccdf_org.ssgproject.content_value_var_password_pam_delay">4000000</abbr></pre></div></td></tr><tr><td>Rationale</td><td><div class="rationale">Limiting the number of logon attempts over a certain time interval reduces
>the chances that an unauthorized user may gain access to an account.</div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">Verify delay configuation of pam_faildelay.so</span>Â 
>        <span class="label label-default">oval:ssg-test_pam_auth_pam_faildelay_delay:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/pam.d/common-auth</td><td>auth required pam_faildelay.so delay=4000000
></td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_accounts_passwords_pam_tally2" id="rule-detail-id34305"><div class="keywords sr-only">Set Deny For Failed Password Attemptsxccdf_org.ssgproject.content_rule_accounts_passwords_pam_tally2 mediumCCE-85554-4 </div><div class="panel-heading"><h3 class="panel-title">Set Deny For Failed Password Attempts</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_accounts_passwords_pam_tally2</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-accounts_passwords_pam_tally2:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:06+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
>            <abbr title="https://ncp.nist.gov/cce: CCE-85554-4">CCE-85554-4</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
>            <a href="https://public.cyber.mil/stigs/cci/">CCI-000044</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-8.1.6</a>, <a href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">8.3.4</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000021-GPOS-00005</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">SLES-15-020010</a>, <a href="https://www.cisecurity.org/benchmark/suse_linux/">5.3.2</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-234867r622137_rule</a></p></td></tr><tr><td>Description</td><td><div class="description">The SUSE Linux Enterprise 15 operating system must lock an account after - at most - <abbr title="from TestResult: xccdf_org.ssgproject.content_value_var_password_pam_tally2">5</abbr>
>consecutive invalid access attempts.</div></td></tr><tr><td>Rationale</td><td><div class="rationale">By limiting the number of failed logon attempts, the risk of unauthorized
>system access via user password guessing, otherwise known as brute-force
>attacks, is reduced. Limits are imposed by locking the account.
>
>To configure the operating system to lock an account after three
>unsuccessful consecutive access attempts using <code>pam_tally2.so</code>,
>modify the content of both <code>/etc/pam.d/login</code> and
><code>/etc/pam.d/common-account</code> as follows:
><br><br>
><ul><li> add or modify the <code>pam_tally2.so</code> module line in
><code>/etc/pam.d/login</code> to ensure both <code>onerr=fail</code> and
><code>deny=<abbr title="from TestResult: xccdf_org.ssgproject.content_value_var_password_pam_tally2">5</abbr></code> are present. For example:
><pre>auth required pam_tally2.so onerr=fail silent audit deny=<abbr title="from TestResult: xccdf_org.ssgproject.content_value_var_password_pam_tally2">5</abbr></pre></li><li> add or modify the following line in <code>/etc/pam.d/common-account</code>:
><pre>account required pam_tally2.so</pre></li></ul></div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">Verify deny configuation of pam_tally2</span>Â 
>        <span class="label label-default">oval:ssg-test_accounts_passwords_pam_tally2_deny_auth:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/pam.d/login</td><td>auth    required    pam_tally2.so deny=5 onerr=fail
></td></tr></tbody></table><h4><span class="label label-primary">Verify deny configuation of pam_tally2_account</span>Â 
>        <span class="label label-default">oval:ssg-test_accounts_passwords_pam_tally2_deny_account:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/pam.d/common-account</td><td>account    required    pam_tally2.so </td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_cracklib_accounts_password_pam_dcredit" id="rule-detail-id34306"><div class="keywords sr-only">Set Password Strength Minimum Digit Charactersxccdf_org.ssgproject.content_rule_cracklib_accounts_password_pam_dcredit mediumCCE-85564-3 </div><div class="panel-heading"><h3 class="panel-title">Set Password Strength Minimum Digit Characters</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_cracklib_accounts_password_pam_dcredit</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-cracklib_accounts_password_pam_dcredit:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:06+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
>            <abbr title="https://ncp.nist.gov/cce: CCE-85564-3">CCE-85564-3</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
>            <a href="https://public.cyber.mil/stigs/cci/">CCI-000194</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-8.2.3</a>, <a href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">8.3.6</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000071-GPOS-00039</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">SLES-15-020150</a>, <a href="https://www.cisecurity.org/benchmark/suse_linux/">5.3.1</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-234884r622137_rule</a></p></td></tr><tr><td>Description</td><td><div class="description">The pam_cracklib module's <code>dcredit</code> parameter controls requirements
>for usage of digits in a password. When set to a negative number, any
>password will be required to contain that many digits. When set to a
>positive number, pam_cracklib will grant +1 additional length credit for
>each digit. Add <code>dcredit=-1</code> after pam_cracklib.so to require use of
>a digit in passwords.</div></td></tr><tr><td>Rationale</td><td><div class="rationale">Requiring digits makes password guessing attacks more difficult by ensuring
>a larger search space.</div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">Verify dcredit configuation of pam_cracklib.so</span>Â 
>        <span class="label label-default">oval:ssg-test_pam_password_pam_cracklib_dcredit:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/pam.d/common-password</td><td>password	requisite	pam_cracklib.so minlen=15 dcredit=-1 ucredit=-1 lcredit=-1 ocredit=-1 minclass=3	 difok=8  retry=3 </td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_cracklib_accounts_password_pam_difok" id="rule-detail-id34307"><div class="keywords sr-only">Set Password Strength Minimum Different Charactersxccdf_org.ssgproject.content_rule_cracklib_accounts_password_pam_difok mediumCCE-85677-3 </div><div class="panel-heading"><h3 class="panel-title">Set Password Strength Minimum Different Characters</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_cracklib_accounts_password_pam_difok</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-cracklib_accounts_password_pam_difok:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:06+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
>            <abbr title="https://ncp.nist.gov/cce: CCE-85677-3">CCE-85677-3</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
>            <a href="https://public.cyber.mil/stigs/cci/">CCI-000195</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(1).1(v)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(1)(b)</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000072-GPOS-00040</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">SLES-15-020160</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-234885r622137_rule</a></p></td></tr><tr><td>Description</td><td><div class="description">The pam_cracklib module's <code>difok</code> parameter controls requirements for
>usage of different characters during a password change. The number of
>changed characters refers to the number of changes required with respect to
>the total number of positions in the current password. In other words,
>characters may be the same within the two passwords; however, the positions
>of the like characters must be different.
>Make sure the <code>difok</code> parameter for the pam_cracklib module is
>configured to greater than or equal to <code><abbr title="from TestResult: xccdf_org.ssgproject.content_value_var_password_pam_difok">8</abbr></code>.</div></td></tr><tr><td>Rationale</td><td><div class="rationale">Requiring a minimum number of different characters during password changes
>ensures that newly changed passwords should not resemble previously
>compromised ones. Note that passwords which are changed on compromised
>systems will still be compromised, however.</div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">Verify difok configuation of pam_cracklib.so</span>Â 
>        <span class="label label-default">oval:ssg-test_pam_password_pam_cracklib_difok:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/pam.d/common-password</td><td>password	requisite	pam_cracklib.so minlen=15 dcredit=-1 ucredit=-1 lcredit=-1 ocredit=-1 minclass=3	 difok=8  retry=3 </td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_cracklib_accounts_password_pam_lcredit" id="rule-detail-id34308"><div class="keywords sr-only">Set Password Strength Minimum Lowercase Charactersxccdf_org.ssgproject.content_rule_cracklib_accounts_password_pam_lcredit mediumCCE-85676-5 </div><div class="panel-heading"><h3 class="panel-title">Set Password Strength Minimum Lowercase Characters</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_cracklib_accounts_password_pam_lcredit</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-cracklib_accounts_password_pam_lcredit:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:06+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
>            <abbr title="https://ncp.nist.gov/cce: CCE-85676-5">CCE-85676-5</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
>            <a href="https://public.cyber.mil/stigs/cci/">CCI-000193</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(1)(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(1).1(v)</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-8.2.3</a>, <a href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">8.3.6</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000070-GPOS-00038</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">SLES-15-020140</a>, <a href="https://www.cisecurity.org/benchmark/suse_linux/">5.3.1</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-234883r622137_rule</a></p></td></tr><tr><td>Description</td><td><div class="description">The pam_cracklib module's <code>lcredit=</code> parameter controls requirements
>for usage of lowercase letters in a password. When set to a negative
>number, any password will be required to contain that many lowercase
>characters. When set to a positive number, pam_cracklib will grant +1
>additional length credit for each lowercase character.
>Add <code>lcredit=-1</code> after pam_cracklib.so to require use of a
>lowercase character in passwords.</div></td></tr><tr><td>Rationale</td><td><div class="rationale">Requiring a minimum number of lowercase characters makes password guessing
>attacks more difficult by ensuring a larger search space.</div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">Verify lcredit configuation of pam_cracklib.so</span>Â 
>        <span class="label label-default">oval:ssg-test_pam_password_pam_cracklib_lcredit:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/pam.d/common-password</td><td>password	requisite	pam_cracklib.so minlen=15 dcredit=-1 ucredit=-1 lcredit=-1 ocredit=-1 minclass=3	 difok=8  retry=3 </td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_cracklib_accounts_password_pam_minlen" id="rule-detail-id34309"><div class="keywords sr-only">Set Password Minimum Lengthxccdf_org.ssgproject.content_rule_cracklib_accounts_password_pam_minlen mediumCCE-85573-4 </div><div class="panel-heading"><h3 class="panel-title">Set Password Minimum Length</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_cracklib_accounts_password_pam_minlen</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-cracklib_accounts_password_pam_minlen:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:06+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
>            <abbr title="https://ncp.nist.gov/cce: CCE-85573-4">CCE-85573-4</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
>            <a href="https://public.cyber.mil/stigs/cci/">CCI-000205</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-8.2.3</a>, <a href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">8.3.6</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000078-GPOS-00046</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">SLES-15-020260</a>, <a href="https://www.cisecurity.org/benchmark/suse_linux/">5.3.1</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-234895r622137_rule</a></p></td></tr><tr><td>Description</td><td><div class="description">The pam_cracklib module's <code>minlen</code> parameter controls requirements for
>minimum characters required in a password. Add <code>minlen=<abbr title="from TestResult: xccdf_org.ssgproject.content_value_var_password_pam_minlen">15</abbr></code>
> to set minimum password length requirements.</div></td></tr><tr><td>Rationale</td><td><div class="rationale">Password length is one factor of several that helps to determine
>strength and how long it takes to crack a password. Use of more characters in
>a password helps to exponentially increase the time and/or resources
>required to compromise the password.</div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">Verify minlen configuation of pam_cracklib.so</span>Â 
>        <span class="label label-default">oval:ssg-test_pam_password_pam_cracklib_minlen:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/pam.d/common-password</td><td>password	requisite	pam_cracklib.so minlen=15 dcredit=-1 ucredit=-1 lcredit=-1 ocredit=-1 minclass=3	 difok=8  retry=3 </td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_cracklib_accounts_password_pam_ocredit" id="rule-detail-id34310"><div class="keywords sr-only">Set Password Strength Minimum Special Charactersxccdf_org.ssgproject.content_rule_cracklib_accounts_password_pam_ocredit mediumCCE-85574-2 </div><div class="panel-heading"><h3 class="panel-title">Set Password Strength Minimum Special Characters</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_cracklib_accounts_password_pam_ocredit</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-cracklib_accounts_password_pam_ocredit:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:06+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
>            <abbr title="https://ncp.nist.gov/cce: CCE-85574-2">CCE-85574-2</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
>            <a href="https://public.cyber.mil/stigs/cci/">CCI-001619</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(v)</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-8.2.3</a>, <a href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">8.3.6</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000266-GPOS-00101</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">SLES-15-020270</a>, <a href="https://www.cisecurity.org/benchmark/suse_linux/">5.3.1</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-234896r622137_rule</a></p></td></tr><tr><td>Description</td><td><div class="description">The pam_cracklib module's <code>ocredit=</code> parameter controls requirements
>for usage of special (or ``other'') characters in a password. When set to a
>negative number, any password will be required to contain that many special
>characters. When set to a positive number, pam_cracklib will grant +1
>additional length credit for each special character.
>Make sure the <code>ocredit</code> parameter for the pam_cracklib module is
>set to less than or equal to <code><abbr title="from TestResult: xccdf_org.ssgproject.content_value_var_password_pam_ocredit">-1</abbr></code>. For example, <code>ocredit=<abbr title="from TestResult: xccdf_org.ssgproject.content_value_var_password_pam_ocredit">-1</abbr></code>.</div></td></tr><tr><td>Rationale</td><td><div class="rationale">Requiring a minimum number of special characters makes password guessing
>attacks more difficult by ensuring a larger search space.</div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">Verify ocredit configuation of pam_cracklib.so</span>Â 
>        <span class="label label-default">oval:ssg-test_pam_password_pam_cracklib_ocredit:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/pam.d/common-password</td><td>password	requisite	pam_cracklib.so minlen=15 dcredit=-1 ucredit=-1 lcredit=-1 ocredit=-1 minclass=3	 difok=8  retry=3 </td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_cracklib_accounts_password_pam_retry" id="rule-detail-id34311"><div class="keywords sr-only">Set Password Retry Limitxccdf_org.ssgproject.content_rule_cracklib_accounts_password_pam_retry mediumCCE-85575-9 </div><div class="panel-heading"><h3 class="panel-title">Set Password Retry Limit</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_cracklib_accounts_password_pam_retry</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-cracklib_accounts_password_pam_retry:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:06+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
>            <abbr title="https://ncp.nist.gov/cce: CCE-85575-9">CCE-85575-9</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
>            <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-8.1.6</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-8.1.7</a>, <a href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">8.3.4</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00225</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">SLES-15-020290</a>, <a href="https://www.cisecurity.org/benchmark/suse_linux/">5.3.1</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-234897r622137_rule</a></p></td></tr><tr><td>Description</td><td><div class="description">The pam_cracklib module's <code>retry</code> parameter controls the maximum
>number of times to prompt the user for the password before returning
>with error. Make sure it is configured with a value that is no more than
><abbr title="from TestResult: xccdf_org.ssgproject.content_value_var_password_pam_retry">3</abbr>. For example, <code>retry=1</code>.</div></td></tr><tr><td>Rationale</td><td><div class="rationale">To reduce opportunities for successful guesses and brute-force attacks.</div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">Verify retry configuation of pam_cracklib.so</span>Â 
>        <span class="label label-default">oval:ssg-test_pam_password_pam_cracklib_retry:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/pam.d/common-password</td><td>password	requisite	pam_cracklib.so minlen=15 dcredit=-1 ucredit=-1 lcredit=-1 ocredit=-1 minclass=3	 difok=8  retry=3 
>password	required	pam_unix.so	use_authtok nullok shadow try_first_pass  sha512</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_cracklib_accounts_password_pam_ucredit" id="rule-detail-id34312"><div class="keywords sr-only">Set Password Strength Minimum Uppercase Charactersxccdf_org.ssgproject.content_rule_cracklib_accounts_password_pam_ucredit mediumCCE-85675-7 </div><div class="panel-heading"><h3 class="panel-title">Set Password Strength Minimum Uppercase Characters</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_cracklib_accounts_password_pam_ucredit</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-cracklib_accounts_password_pam_ucredit:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:06+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
>            <abbr title="https://ncp.nist.gov/cce: CCE-85675-7">CCE-85675-7</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
>            <a href="https://public.cyber.mil/stigs/cci/">CCI-000192</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(1)(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(1).1(v)</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-8.2.3</a>, <a href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">8.3.6</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000069-GPOS-00037</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">SLES-15-020130</a>, <a href="https://www.cisecurity.org/benchmark/suse_linux/">5.3.1</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-234882r622137_rule</a></p></td></tr><tr><td>Description</td><td><div class="description">The pam_cracklib module's <code>ucredit=</code> parameter controls requirements
>for usage of uppercase letters in a password. When set to a negative
>number, any password will be required to contain that many uppercase
>characters. When set to a positive number, pam_cracklib will grant +1
>additional length credit for each uppercase character.
>Add <code>ucredit=-1</code> after pam_cracklib.so to require use of an upper
>case character in passwords.</div></td></tr><tr><td>Rationale</td><td><div class="rationale">Requiring a minimum number of uppercase characters makes password guessing
>attacks more difficult by ensuring a larger search space.</div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">Verify ucredit configuation of pam_cracklib.so</span>Â 
>        <span class="label label-default">oval:ssg-test_pam_password_pam_cracklib_ucredit:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/pam.d/common-password</td><td>password	requisite	pam_cracklib.so minlen=15 dcredit=-1 ucredit=-1 lcredit=-1 ocredit=-1 minclass=3	 difok=8  retry=3 </td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_set_password_hashing_algorithm_commonauth" id="rule-detail-id34313"><div class="keywords sr-only">Set PAM's Common Authentication Hashing Algorithmxccdf_org.ssgproject.content_rule_set_password_hashing_algorithm_commonauth mediumCCE-85754-0 </div><div class="panel-heading"><h3 class="panel-title">Set PAM's Common Authentication Hashing Algorithm</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_set_password_hashing_algorithm_commonauth</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-set_password_hashing_algorithm_commonauth:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:06+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
>            <abbr title="https://ncp.nist.gov/cce: CCE-85754-0">CCE-85754-0</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
>            <a href="https://public.cyber.mil/stigs/cci/">CCI-000803</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-7</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-7.1</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-8.2.1</a>, <a href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">8.3.2</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000120-GPOS-00061</a></p></td></tr><tr><td>Description</td><td><div class="description">The PAM system service can be configured to only store encrypted
>representations of passwords. In
><code>/etc/pam.d/common-auth</code>,
>the
><code>auth</code> section of the file controls which PAM modules execute
>during a password change. Set the <code>pam_unix.so</code> module in the
><code>auth</code> section to include the argument <code>sha512</code>, as shown
>below:
><br>
><pre>auth   required    pam_unix.so sha512 <i>other arguments...</i></pre>
><br>
>This will help ensure when local users change their authentication method,
>hashes for the new authentications will be generated using the SHA-512
>algorithm. This is the default.</div></td></tr><tr><td>Rationale</td><td><div class="rationale">Unapproved mechanisms used for authentication to the cryptographic module
>are not verified and therefore cannot be relied on to provide
>confidentiality or integrity, and data may be compromised.
>This setting ensures user and group account administration utilities are
>configured to store only encrypted representations of passwords.
>Additionally, the <code>crypt_style</code> configuration option ensures the use
>of a strong hashing algorithm that makes password cracking attacks more
>difficult.</div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">Verify sha512 configuation of pam_unix.so</span>Â 
>        <span class="label label-default">oval:ssg-test_pam_auth_pam_unix_sha512:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/pam.d/common-auth</td><td>auth	required	pam_unix.so	try_first_pass  sha512
>auth required pam_faildelay.so delay=4000000
></td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_set_password_hashing_algorithm_systemauth" id="rule-detail-id34314"><div class="keywords sr-only">Set PAM''s Password Hashing Algorithmxccdf_org.ssgproject.content_rule_set_password_hashing_algorithm_systemauth mediumCCE-85565-0 </div><div class="panel-heading"><h3 class="panel-title">Set PAM''s Password Hashing Algorithm</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_set_password_hashing_algorithm_systemauth</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-set_password_hashing_algorithm_systemauth:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:06+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
>            <abbr title="https://ncp.nist.gov/cce: CCE-85565-0">CCE-85565-0</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
>            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R32)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.6.2.2</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.10</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.10</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.13.11</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000196</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000803</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.cyber.gov.au/acsc/view-all-content/ism">0418</a>, <a href="https://www.cyber.gov.au/acsc/view-all-content/ism">1055</a>, <a href="https://www.cyber.gov.au/acsc/view-all-content/ism">1402</a>, <a href="https://www.iso.org/standard/54534.html">A.18.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.9.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.3</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(1)(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-6</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-7</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-8.2.1</a>, <a href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">8.3.2</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000073-GPOS-00041</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000120-GPOS-00061</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">SLES-15-020170</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-234886r622137_rule</a></p></td></tr><tr><td>Description</td><td><div class="description">The PAM system service can be configured to only store encrypted
>representations of passwords. In "/etc/pam.d/common-password", the
><code>password</code> section of the file controls which PAM modules execute
>during a password change. Set the <code>pam_unix.so</code> module in the
><code>password</code> section to include the argument <code>sha512</code>, as shown
>below:
><br>
>
><pre>password    required    pam_unix.so sha512 <i>other arguments...</i></pre>
>
><br>
>This will help ensure when local users change their passwords, hashes for
>the new passwords will be generated using the SHA-512 algorithm. This is
>the default.</div></td></tr><tr><td>Rationale</td><td><div class="rationale">Passwords need to be protected at all times, and encryption is the standard
>method for protecting passwords. If passwords are not encrypted, they can
>be plainly read (i.e., clear text) and easily compromised. Passwords that
>are encrypted with a weak algorithm are no more protected than if they are
>kepy in plain text.
><br><br>
>This setting ensures user and group account administration utilities are
>configured to store only encrypted representations of passwords.
>Additionally, the <code>crypt_style</code> configuration option ensures the use
>of a strong hashing algorithm that makes password cracking attacks more
>difficult.</div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">check /etc/pam.d/system-auth for correct settings</span>Â 
>        <span class="label label-default">oval:ssg-test_pam_unix_sha512:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/pam.d/common-password</td><td>password	required	pam_unix.so	use_authtok nullok shadow try_first_pass  sha512</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_display_login_attempts" id="rule-detail-id34315"><div class="keywords sr-only">Ensure PAM Displays Last Logon/Access Notificationxccdf_org.ssgproject.content_rule_display_login_attempts lowCCE-85560-1 </div><div class="panel-heading"><h3 class="panel-title">Ensure PAM Displays Last Logon/Access Notification</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_display_login_attempts</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-display_login_attempts:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:06+00:00</td></tr><tr><td>Severity</td><td>low</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
>            <abbr title="https://ncp.nist.gov/cce: CCE-85560-1">CCE-85560-1</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
>            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.5.2</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.10</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.10</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000052</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.9</a>, <a href="https://www.cyber.gov.au/acsc/view-all-content/ism">0582</a>, <a href="https://www.cyber.gov.au/acsc/view-all-content/ism">0584</a>, <a href="https://www.cyber.gov.au/acsc/view-all-content/ism">05885</a>, <a href="https://www.cyber.gov.au/acsc/view-all-content/ism">0586</a>, <a href="https://www.cyber.gov.au/acsc/view-all-content/ism">0846</a>, <a href="https://www.cyber.gov.au/acsc/view-all-content/ism">0957</a>, <a href="https://www.iso.org/standard/54534.html">A.18.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.3</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-9</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-9(1)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-7</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.2.4</a>, <a href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">10.2.1.4</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">SLES-15-020080</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-234873r622137_rule</a></p></td></tr><tr><td>Description</td><td><div class="description">To configure the system to notify users of last logon/access
>using <code>pam_lastlog</code>, add or correct the <code>pam_lastlog</code>
>settings in
><code>/etc/pam.d/login</code> to read as follows:
><pre>session     required pam_lastlog.so showfailed</pre>
>And make sure that the <code>silent</code> option is not set for
><code>pam_lastlog</code> module.</div></td></tr><tr><td>Rationale</td><td><div class="rationale">Users need to be aware of activity that occurs regarding
>their account. Providing users with information regarding the number
>of unsuccessful attempts that were made to login to their account
>allows the user to determine if any unauthorized activity has occurred
>and gives them an opportunity to notify administrators.</div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">Check the pam_lastlog configuration</span>Â 
>        <span class="label label-default">oval:ssg-test_display_login_attempts:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/pam.d/login</td><td>session     required    pam_lastlog.so showfailed
></td></tr></tbody></table><h4><span class="label label-primary">Forbid 'silent' option for pam_lastlog</span>Â 
>        <span class="label label-default">oval:ssg-test_display_login_attempts_silent:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_display_login_attempts_silent:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/pam.d/login</td><td>^\s*session\s+.*\s+pam_lastlog\.so(?:\s+[\w=]+)*\s+silent(\s|$)</td><td>1</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_smartcard_configure_ca" id="rule-detail-id34316"><div class="keywords sr-only">Configure Smart Card Certificate Authority Validationxccdf_org.ssgproject.content_rule_smartcard_configure_ca mediumCCE-83272-5 </div><div class="panel-heading"><h3 class="panel-title">Configure Smart Card Certificate Authority Validation</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_smartcard_configure_ca</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-smartcard_configure_ca:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:06+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
>            <abbr title="https://ncp.nist.gov/cce: CCE-83272-5">CCE-83272-5</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
>            <a href="https://public.cyber.mil/stigs/cci/">CCI-000185</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001991</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000066-GPOS-00034</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000384-GPOS-00167</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">SLES-15-010170</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-234817r622137_rule</a></p></td></tr><tr><td>Description</td><td><div class="description">Configure the operating system to do certificate status checking for PKI
>authentication. Modify all of the <code>cert_policy</code> lines in
><code>/etc/pam_pkcs11/pam_pkcs11.conf</code> to include <code>ca</code> like so:
><pre>cert_policy = ca, ocsp_on, signature;</pre></div></td></tr><tr><td>Rationale</td><td><div class="rationale">Using an authentication device, such as a CAC or token that is separate from
>the information system, ensures that even if the information system is
>compromised, that compromise will not affect credentials stored on the
>authentication device.
><br><br>
>Multifactor solutions that require devices separate from
>information systems gaining access include, for example, hardware tokens
>providing time-based or challenge-response authenticators and smart cards such
>as the U.S. Government Personal Identity Verification card and the DoD Common
>Access Card.</div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">package pam_pkcs11 is installed</span>Â 
>        <span class="label label-default">oval:ssg-test_package_pam_pkcs11_installed:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th><th>Arch</th><th>Epoch</th><th>Release</th><th>Version</th><th>Evr</th><th>Signature keyid</th><th>Extended name</th></tr></thead><tbody><tr><td>pam_pkcs11</td><td>x86_64</td><td>(none)</td><td>1.17</td><td>0.6.10</td><td>0:0.6.10-1.17</td><td>70af9e8139db7c82</td><td>pam_pkcs11-0:0.6.10-1.17.x86_64</td></tr></tbody></table><h4><span class="label label-primary">package mozilla-nss is installed</span>Â 
>        <span class="label label-default">oval:ssg-test_package_mozilla-nss_installed:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th><th>Arch</th><th>Epoch</th><th>Release</th><th>Version</th><th>Evr</th><th>Signature keyid</th><th>Extended name</th></tr></thead><tbody><tr><td>mozilla-nss</td><td>x86_64</td><td>(none)</td><td>150400.3.32.1</td><td>3.90</td><td>0:3.90-150400.3.32.1</td><td>70af9e8139db7c82</td><td>mozilla-nss-0:3.90-150400.3.32.1.x86_64</td></tr></tbody></table><h4><span class="label label-primary">package mozilla-nss-tools is installed</span>Â 
>        <span class="label label-default">oval:ssg-test_package_mozilla-nss-tools_installed:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th><th>Arch</th><th>Epoch</th><th>Release</th><th>Version</th><th>Evr</th><th>Signature keyid</th><th>Extended name</th></tr></thead><tbody><tr><td>mozilla-nss-tools</td><td>x86_64</td><td>(none)</td><td>150400.3.32.1</td><td>3.90</td><td>0:3.90-150400.3.32.1</td><td>70af9e8139db7c82</td><td>mozilla-nss-tools-0:3.90-150400.3.32.1.x86_64</td></tr></tbody></table><h4><span class="label label-primary">package pcsc-ccid is installed</span>Â 
>        <span class="label label-default">oval:ssg-test_package_pcsc-ccid_installed:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th><th>Arch</th><th>Epoch</th><th>Release</th><th>Version</th><th>Evr</th><th>Signature keyid</th><th>Extended name</th></tr></thead><tbody><tr><td>pcsc-ccid</td><td>x86_64</td><td>(none)</td><td>150400.1.5</td><td>1.4.36</td><td>0:1.4.36-150400.1.5</td><td>70af9e8139db7c82</td><td>pcsc-ccid-0:1.4.36-150400.1.5.x86_64</td></tr></tbody></table><h4><span class="label label-primary">package pcsc-lite is installed</span>Â 
>        <span class="label label-default">oval:ssg-test_package_pcsc-lite_installed:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th><th>Arch</th><th>Epoch</th><th>Release</th><th>Version</th><th>Evr</th><th>Signature keyid</th><th>Extended name</th></tr></thead><tbody><tr><td>pcsc-lite</td><td>x86_64</td><td>(none)</td><td>150400.1.9</td><td>1.9.4</td><td>0:1.9.4-150400.1.9</td><td>70af9e8139db7c82</td><td>pcsc-lite-0:1.9.4-150400.1.9.x86_64</td></tr></tbody></table><h4><span class="label label-primary">package pcsc-tools is installed</span>Â 
>        <span class="label label-default">oval:ssg-test_package_pcsc-tools_installed:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th><th>Arch</th><th>Epoch</th><th>Release</th><th>Version</th><th>Evr</th><th>Signature keyid</th><th>Extended name</th></tr></thead><tbody><tr><td>pcsc-tools</td><td>x86_64</td><td>(none)</td><td>150400.1.6</td><td>1.5.8</td><td>0:1.5.8-150400.1.6</td><td>70af9e8139db7c82</td><td>pcsc-tools-0:1.5.8-150400.1.6.x86_64</td></tr></tbody></table><h4><span class="label label-primary">package opensc is installed</span>Â 
>        <span class="label label-default">oval:ssg-test_package_opensc_installed:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th><th>Arch</th><th>Epoch</th><th>Release</th><th>Version</th><th>Evr</th><th>Signature keyid</th><th>Extended name</th></tr></thead><tbody><tr><td>opensc</td><td>x86_64</td><td>(none)</td><td>150400.3.3.1</td><td>0.22.0</td><td>0:0.22.0-150400.3.3.1</td><td>70af9e8139db7c82</td><td>opensc-0:0.22.0-150400.3.3.1.x86_64</td></tr></tbody></table><h4><span class="label label-primary">Test ca in /etc/pam_pkcs11/pkcs11.conf</span>Â 
>        <span class="label label-default">oval:ssg-test_pam_pkcs11_cert_policy_ca:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/pam_pkcs11/pam_pkcs11.conf</td><td>    cert_policy = ca, ocsp_on, signature;</td></tr><tr><td>/etc/pam_pkcs11/pam_pkcs11.conf</td><td>    cert_policy = ca, ocsp_on, signature;</td></tr><tr><td>/etc/pam_pkcs11/pam_pkcs11.conf</td><td>    cert_policy = ca, ocsp_on, signature;</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_smartcard_configure_cert_checking" id="rule-detail-id34317"><div class="keywords sr-only">Configure Smart Card Certificate Status Checkingxccdf_org.ssgproject.content_rule_smartcard_configure_cert_checking mediumCCE-83293-1 </div><div class="panel-heading"><h3 class="panel-title">Configure Smart Card Certificate Status Checking</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_smartcard_configure_cert_checking</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-smartcard_configure_cert_checking:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:06+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
>            <abbr title="https://ncp.nist.gov/cce: CCE-83293-1">CCE-83293-1</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
>            <a href="https://public.cyber.mil/stigs/cci/">CCI-001948</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001953</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001954</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000375-GPOS-00160</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000376-GPOS-00161</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000377-GPOS-00162</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000384-GPOS-00167</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">SLES-15-010470</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-234855r622137_rule</a></p></td></tr><tr><td>Description</td><td><div class="description">Configure the operating system to do certificate status checking for PKI
>authentication. Modify all of the <code>cert_policy</code> lines in
><code>/etc/pam_pkcs11/pam_pkcs11.conf</code> to include <code>ocsp_on</code> like so:
><pre>cert_policy = ca, ocsp_on, signature;</pre></div></td></tr><tr><td>Rationale</td><td><div class="rationale">Using an authentication device, such as a CAC or token that is separate from
>the information system, ensures that even if the information system is
>compromised, that compromise will not affect credentials stored on the
>authentication device.
><br><br>
>Multifactor solutions that require devices separate from
>information systems gaining access include, for example, hardware tokens
>providing time-based or challenge-response authenticators and smart cards such
>as the U.S. Government Personal Identity Verification card and the DoD Common
>Access Card.</div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">package pam_pkcs11 is installed</span>Â 
>        <span class="label label-default">oval:ssg-test_package_pam_pkcs11_installed:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th><th>Arch</th><th>Epoch</th><th>Release</th><th>Version</th><th>Evr</th><th>Signature keyid</th><th>Extended name</th></tr></thead><tbody><tr><td>pam_pkcs11</td><td>x86_64</td><td>(none)</td><td>1.17</td><td>0.6.10</td><td>0:0.6.10-1.17</td><td>70af9e8139db7c82</td><td>pam_pkcs11-0:0.6.10-1.17.x86_64</td></tr></tbody></table><h4><span class="label label-primary">package mozilla-nss is installed</span>Â 
>        <span class="label label-default">oval:ssg-test_package_mozilla-nss_installed:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th><th>Arch</th><th>Epoch</th><th>Release</th><th>Version</th><th>Evr</th><th>Signature keyid</th><th>Extended name</th></tr></thead><tbody><tr><td>mozilla-nss</td><td>x86_64</td><td>(none)</td><td>150400.3.32.1</td><td>3.90</td><td>0:3.90-150400.3.32.1</td><td>70af9e8139db7c82</td><td>mozilla-nss-0:3.90-150400.3.32.1.x86_64</td></tr></tbody></table><h4><span class="label label-primary">package mozilla-nss-tools is installed</span>Â 
>        <span class="label label-default">oval:ssg-test_package_mozilla-nss-tools_installed:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th><th>Arch</th><th>Epoch</th><th>Release</th><th>Version</th><th>Evr</th><th>Signature keyid</th><th>Extended name</th></tr></thead><tbody><tr><td>mozilla-nss-tools</td><td>x86_64</td><td>(none)</td><td>150400.3.32.1</td><td>3.90</td><td>0:3.90-150400.3.32.1</td><td>70af9e8139db7c82</td><td>mozilla-nss-tools-0:3.90-150400.3.32.1.x86_64</td></tr></tbody></table><h4><span class="label label-primary">package pcsc-ccid is installed</span>Â 
>        <span class="label label-default">oval:ssg-test_package_pcsc-ccid_installed:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th><th>Arch</th><th>Epoch</th><th>Release</th><th>Version</th><th>Evr</th><th>Signature keyid</th><th>Extended name</th></tr></thead><tbody><tr><td>pcsc-ccid</td><td>x86_64</td><td>(none)</td><td>150400.1.5</td><td>1.4.36</td><td>0:1.4.36-150400.1.5</td><td>70af9e8139db7c82</td><td>pcsc-ccid-0:1.4.36-150400.1.5.x86_64</td></tr></tbody></table><h4><span class="label label-primary">package pcsc-lite is installed</span>Â 
>        <span class="label label-default">oval:ssg-test_package_pcsc-lite_installed:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th><th>Arch</th><th>Epoch</th><th>Release</th><th>Version</th><th>Evr</th><th>Signature keyid</th><th>Extended name</th></tr></thead><tbody><tr><td>pcsc-lite</td><td>x86_64</td><td>(none)</td><td>150400.1.9</td><td>1.9.4</td><td>0:1.9.4-150400.1.9</td><td>70af9e8139db7c82</td><td>pcsc-lite-0:1.9.4-150400.1.9.x86_64</td></tr></tbody></table><h4><span class="label label-primary">package pcsc-tools is installed</span>Â 
>        <span class="label label-default">oval:ssg-test_package_pcsc-tools_installed:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th><th>Arch</th><th>Epoch</th><th>Release</th><th>Version</th><th>Evr</th><th>Signature keyid</th><th>Extended name</th></tr></thead><tbody><tr><td>pcsc-tools</td><td>x86_64</td><td>(none)</td><td>150400.1.6</td><td>1.5.8</td><td>0:1.5.8-150400.1.6</td><td>70af9e8139db7c82</td><td>pcsc-tools-0:1.5.8-150400.1.6.x86_64</td></tr></tbody></table><h4><span class="label label-primary">package opensc is installed</span>Â 
>        <span class="label label-default">oval:ssg-test_package_opensc_installed:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th><th>Arch</th><th>Epoch</th><th>Release</th><th>Version</th><th>Evr</th><th>Signature keyid</th><th>Extended name</th></tr></thead><tbody><tr><td>opensc</td><td>x86_64</td><td>(none)</td><td>150400.3.3.1</td><td>0.22.0</td><td>0:0.22.0-150400.3.3.1</td><td>70af9e8139db7c82</td><td>opensc-0:0.22.0-150400.3.3.1.x86_64</td></tr></tbody></table><h4><span class="label label-primary">Test ocsp_on in /etc/pam_pkcs11/pam_pkcs11.conf</span>Â 
>        <span class="label label-default">oval:ssg-test_pam_pkcs11_all_cert_policy_ocsp_on:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/pam_pkcs11/pam_pkcs11.conf</td><td>    cert_policy = ca, ocsp_on, signature;</td></tr><tr><td>/etc/pam_pkcs11/pam_pkcs11.conf</td><td>    cert_policy = ca, ocsp_on, signature;</td></tr><tr><td>/etc/pam_pkcs11/pam_pkcs11.conf</td><td>    cert_policy = ca, ocsp_on, signature;</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_disable_ctrlaltdel_burstaction" id="rule-detail-id34318"><div class="keywords sr-only">Disable Ctrl-Alt-Del Burst Actionxccdf_org.ssgproject.content_rule_disable_ctrlaltdel_burstaction highCCE-85665-8 </div><div class="panel-heading"><h3 class="panel-title">Disable Ctrl-Alt-Del Burst Action</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_disable_ctrlaltdel_burstaction</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-disable_ctrlaltdel_burstaction:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:06+00:00</td></tr><tr><td>Severity</td><td>high</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
>            <abbr title="https://ncp.nist.gov/cce: CCE-85665-8">CCE-85665-8</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
>            <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">18</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.isaca.org/resources/cobit">APO01.06</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.02</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.4.5</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(B)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(ii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(c)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.iso.org/standard/54534.html">A.10.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.6.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.5</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-003-8 R5.1.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-003-8 R5.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-004-6 R2.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R2.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R2.2</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R2.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.1.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.1.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(b)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6.1(iv)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.DS-5</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.2</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000324-GPOS-00125</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">SLES-15-040062</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-234990r622137_rule</a></p></td></tr><tr><td>Description</td><td><div class="description">By default, <code>SystemD</code> will reboot the system if the <code>Ctrl-Alt-Del</code>
>key sequence is pressed Ctrl-Alt-Delete more than 7 times in 2 seconds.
><br><br>
>To configure the system to ignore the <code>CtrlAltDelBurstAction</code>
>
>setting, add or modify the following to <code>/etc/systemd/system.conf</code>:
><pre>CtrlAltDelBurstAction=none</pre></div></td></tr><tr><td>Rationale</td><td><div class="rationale">A locally logged-in user who presses Ctrl-Alt-Del, when at the console,
>can reboot the system. If accidentally pressed, as could happen in
>the case of mixed OS environment, this can create the risk of short-term
>loss of availability of systems due to unintentional reboot.</div></td></tr><tr><td>Warnings</td><td><div class="panel panel-warning"><div class="panel-heading"><span class="label label-warning">warning</span>Â 
>                                Disabling the <code>Ctrl-Alt-Del</code> key sequence
>in <code>/etc/init/control-alt-delete.conf</code> DOES NOT disable the <code>Ctrl-Alt-Del</code>
>key sequence if running in <code>runlevel 6</code> (e.g. in GNOME, KDE, etc.)! The
><code>Ctrl-Alt-Del</code> key sequence will only be disabled if running in
>the non-graphical <code>runlevel 3</code>.</div></div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">check if CtrlAltDelBurstAction is set to none</span>Â 
>        <span class="label label-default">oval:ssg-test_disable_ctrlaltdel_burstaction:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/systemd/system.conf</td><td>CtrlAltDelBurstAction=none</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_account_disable_post_pw_expiration" id="rule-detail-id34319"><div class="keywords sr-only">Set Account Expiration Following Inactivityxccdf_org.ssgproject.content_rule_account_disable_post_pw_expiration mediumCCE-85558-5 </div><div class="panel-heading"><h3 class="panel-title">Set Account Expiration Following Inactivity</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_account_disable_post_pw_expiration</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-account_disable_post_pw_expiration:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:06+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
>            <abbr title="https://ncp.nist.gov/cce: CCE-85558-5">CCE-85558-5</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
>            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">18</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.6.2.1.1</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.10</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.10</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.5.6</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000017</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000795</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.18.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.6.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.9.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.5</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-004-6 R2.2.2</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-004-6 R2.2.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R.1.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.1.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.1.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.2.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.2.3</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-4(e)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-2(3)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-6</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-7</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-8.1.4</a>, <a href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">8.2.6</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000118-GPOS-00060</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">SLES-15-020050</a>, <a href="https://www.cisecurity.org/benchmark/suse_linux/">5.4.1.5</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-234871r622137_rule</a></p></td></tr><tr><td>Description</td><td><div class="description">To specify the number of days after a password expires (which
>signifies inactivity) until an account is permanently disabled, add or correct
>the following line in <code>/etc/default/useradd</code>:
><pre>INACTIVE=<i><abbr title="from TestResult: xccdf_org.ssgproject.content_value_var_account_disable_post_pw_expiration">35</abbr></i></pre>
>If a password is currently on the verge of expiration, then
><code><abbr title="from TestResult: xccdf_org.ssgproject.content_value_var_account_disable_post_pw_expiration">35</abbr></code>
>day(s) remain(s) until the account is automatically
>disabled. However, if the password will not expire for another 60 days, then 60
>days plus <code><abbr title="from TestResult: xccdf_org.ssgproject.content_value_var_account_disable_post_pw_expiration">35</abbr></code> day(s) could
>elapse until the account would be automatically disabled. See the
><code>useradd</code> man page for more information.</div></td></tr><tr><td>Rationale</td><td><div class="rationale">Inactive identifiers pose a risk to systems and applications because attackers may exploit an inactive identifier and potentially obtain undetected access to the system.
>Disabling inactive accounts ensures that accounts which may not have been responsibly removed are not available to attackers who may have compromised their credentials.
>Owners of inactive accounts will not notice if unauthorized access to their user account has been obtained.</div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">the value INACTIVE parameter should be set appropriately in /etc/default/useradd</span>Â 
>        <span class="label label-default">oval:ssg-test_etc_default_useradd_inactive:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/default/useradd</td><td>INACTIVE=35</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_accounts_maximum_age_login_defs" id="rule-detail-id34320"><div class="keywords sr-only">Set Password Maximum Agexccdf_org.ssgproject.content_rule_accounts_maximum_age_login_defs mediumCCE-85570-0 </div><div class="panel-heading"><h3 class="panel-title">Set Password Maximum Age</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_accounts_maximum_age_login_defs</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-accounts_maximum_age_login_defs:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:06+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
>            <abbr title="https://ncp.nist.gov/cce: CCE-85570-0">CCE-85570-0</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
>            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R18)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.6.2.1</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.10</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.10</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.5.6</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000199</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.cyber.gov.au/acsc/view-all-content/ism">0418</a>, <a href="https://www.cyber.gov.au/acsc/view-all-content/ism">1055</a>, <a href="https://www.cyber.gov.au/acsc/view-all-content/ism">1402</a>, <a href="https://www.iso.org/standard/54534.html">A.18.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.9.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.3</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(f)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(1)(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-6</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-7</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-8.2.4</a>, <a href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">8.3.10.1</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000076-GPOS-00044</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">SLES-15-020220</a>, <a href="https://www.cisecurity.org/benchmark/suse_linux/">5.4.1.2</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-234891r622137_rule</a></p></td></tr><tr><td>Description</td><td><div class="description">To specify password maximum age for new accounts,
>edit the file <code>/etc/login.defs</code>
>and add or correct the following line:
><pre>PASS_MAX_DAYS <abbr title="from TestResult: xccdf_org.ssgproject.content_value_var_accounts_maximum_age_login_defs">60</abbr></pre>
>A value of 180 days is sufficient for many environments.
>The DoD requirement is 60.
>The profile requirement is <code><abbr title="from TestResult: xccdf_org.ssgproject.content_value_var_accounts_maximum_age_login_defs">60</abbr></code>.</div></td></tr><tr><td>Rationale</td><td><div class="rationale">Any password, no matter how complex, can eventually be cracked. Therefore, passwords
>need to be changed periodically. If the operating system does not limit the lifetime
>of passwords and force users to change their passwords, there is the risk that the
>operating system passwords could be compromised.
><br><br>
>Setting the password maximum age ensures users are required to
>periodically change their passwords. Requiring shorter password lifetimes
>increases the risk of users writing down the password in a convenient
>location subject to physical compromise.</div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">The value of PASS_MAX_DAYS should be set appropriately in /etc/login.defs</span>Â 
>        <span class="label label-default">oval:ssg-test_pass_max_days:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Var ref</th><th>Value</th></tr></thead><tbody><tr><td>oval:ssg-variable_last_pass_max_days_instance_value:var:1</td><td>60</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_accounts_minimum_age_login_defs" id="rule-detail-id34321"><div class="keywords sr-only">Set Password Minimum Agexccdf_org.ssgproject.content_rule_accounts_minimum_age_login_defs mediumCCE-85720-1 </div><div class="panel-heading"><h3 class="panel-title">Set Password Minimum Age</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_accounts_minimum_age_login_defs</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-accounts_minimum_age_login_defs:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:06+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
>            <abbr title="https://ncp.nist.gov/cce: CCE-85720-1">CCE-85720-1</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
>            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.6.2.1.1</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.10</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.10</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.5.8</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000198</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.cyber.gov.au/acsc/view-all-content/ism">0418</a>, <a href="https://www.cyber.gov.au/acsc/view-all-content/ism">1055</a>, <a href="https://www.cyber.gov.au/acsc/view-all-content/ism">1402</a>, <a href="https://www.iso.org/standard/54534.html">A.18.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.9.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.3</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(1)(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(1).1(v)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-6</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-7</a>, <a href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">8.3.9</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000075-GPOS-00043</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">SLES-15-020200</a>, <a href="https://www.cisecurity.org/benchmark/suse_linux/">5.4.1.3</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-234889r622137_rule</a></p></td></tr><tr><td>Description</td><td><div class="description">To specify password minimum age for new accounts,
>edit the file <code>/etc/login.defs</code>
>and add or correct the following line:
><pre>PASS_MIN_DAYS <abbr title="from TestResult: xccdf_org.ssgproject.content_value_var_accounts_minimum_age_login_defs">7</abbr></pre>
>A value of 1 day is considered sufficient for many
>environments. The DoD requirement is 1.
>The profile requirement is <code><abbr title="from TestResult: xccdf_org.ssgproject.content_value_var_accounts_minimum_age_login_defs">7</abbr></code>.</div></td></tr><tr><td>Rationale</td><td><div class="rationale">Enforcing a minimum password lifetime helps to prevent repeated password
>changes to defeat the password reuse or history enforcement requirement. If
>users are allowed to immediately and continually change their password,
>then the password could be repeatedly changed in a short period of time to
>defeat the organization's policy regarding password reuse.
><br><br>
>Setting the minimum password age protects against users cycling back to a
>favorite password after satisfying the password reuse requirement.</div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">The value of PASS_MIN_DAYS should be set appropriately in /etc/login.defs</span>Â 
>        <span class="label label-default">oval:ssg-test_pass_min_days:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Var ref</th><th>Value</th></tr></thead><tbody><tr><td>oval:ssg-variable_last_pass_min_days_instance_value:var:1</td><td>7</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-fail rule-detail-id-xccdf_org.ssgproject.content_rule_accounts_password_set_max_life_existing" id="rule-detail-id34322"><div class="keywords sr-only">Set Existing Passwords Maximum Agexccdf_org.ssgproject.content_rule_accounts_password_set_max_life_existing mediumCCE-85571-8 </div><div class="panel-heading"><h3 class="panel-title">Set Existing Passwords Maximum Age</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_accounts_password_set_max_life_existing</td></tr><tr><td>Result</td><td class="rule-result rule-result-fail"><div><abbr title="The target system or system component did not satisfy at least one condition of the rule.">fail</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-accounts_password_set_max_life_existing:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:06+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
>            <abbr title="https://ncp.nist.gov/cce: CCE-85571-8">CCE-85571-8</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
>            <a href="https://public.cyber.mil/stigs/cci/">CCI-000199</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(f)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(1)(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000076-GPOS-00044</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">SLES-15-020230</a>, <a href="https://www.cisecurity.org/benchmark/suse_linux/">5.4.1.2</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-234892r622137_rule</a></p></td></tr><tr><td>Description</td><td><div class="description">Configure non-compliant accounts to enforce a <abbr title="from TestResult: xccdf_org.ssgproject.content_value_var_accounts_maximum_age_login_defs">60</abbr>-day maximum password lifetime
>restriction by running the following command:
><pre>$ sudo chage -M <abbr title="from TestResult: xccdf_org.ssgproject.content_value_var_accounts_maximum_age_login_defs">60</abbr> <i>USER</i></pre></div></td></tr><tr><td>Rationale</td><td><div class="rationale">Any password, no matter how complex, can eventually be cracked. Therefore,
>passwords need to be changed periodically. If the operating system does
>not limit the lifetime of passwords and force users to change their
>passwords, there is the risk that the operating system passwords could be
>compromised.</div></td></tr><tr class="noprint"><td colspan="2"><div class="remediation"><a class="btn btn-success" data-toggle="collapse" data-target="#id34453" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet â²</a><br><div class="panel-collapse collapse" id="id34453"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Reboot:</th><td>false</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>- name: XCCDF Value var_accounts_maximum_age_login_defs # promote to variable
>  set_fact:
>    var_accounts_maximum_age_login_defs: !!str <abbr title="from TestResult: xccdf_org.ssgproject.content_value_var_accounts_maximum_age_login_defs">60</abbr>
>  tags:
>    - always
>
>- name: Collect users with not correct maximum time period between password changes
>  ansible.builtin.command:
>    cmd: awk -F':' '(/^[^:]+:[^!*]/ &amp;&amp; ($5 &gt; {{ var_accounts_maximum_age_login_defs
>      }} || $5 == "")) {print $1}' /etc/shadow
>  register: user_names
>  tags:
>  - CCE-85571-8
>  - DISA-STIG-SLES-15-020230
>  - NIST-800-53-CM-6(a)
>  - NIST-800-53-IA-5(1)(d)
>  - NIST-800-53-IA-5(f)
>  - accounts_password_set_max_life_existing
>  - low_complexity
>  - low_disruption
>  - medium_severity
>  - no_reboot_needed
>  - restrict_strategy
>
>- name: Change the maximum time period between password changes
>  ansible.builtin.command:
>    cmd: passwd -q -x {{ var_accounts_maximum_age_login_defs }} {{ item }}
>  with_items: '{{ user_names.stdout_lines }}'
>  when: user_names.stdout_lines | length &gt; 0
>  tags:
>  - CCE-85571-8
>  - DISA-STIG-SLES-15-020230
>  - NIST-800-53-CM-6(a)
>  - NIST-800-53-IA-5(1)(d)
>  - NIST-800-53-IA-5(f)
>  - accounts_password_set_max_life_existing
>  - low_complexity
>  - low_disruption
>  - medium_severity
>  - no_reboot_needed
>  - restrict_strategy
></code></pre></div></div></td></tr><tr class="noprint"><td colspan="2"><div class="remediation"><a class="btn btn-success" data-toggle="collapse" data-target="#id34454" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script â²</a><br><div class="panel-collapse collapse" id="id34454"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Reboot:</th><td>false</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>
>var_accounts_maximum_age_login_defs='<abbr title="from TestResult: xccdf_org.ssgproject.content_value_var_accounts_maximum_age_login_defs">60</abbr>'
>
>
>while IFS= read -r i; do
>    
>    passwd -q -x $var_accounts_maximum_age_login_defs $i
>
>done &lt;   &lt;(awk -v var="$var_accounts_maximum_age_login_defs" -F: '(/^[^:]+:[^!*]/ &amp;&amp; ($5 &gt; var || $5 == "")) {print $1}' /etc/shadow)
></code></pre></div></div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">Compares a specific field in /etc/shadow with a specific variable value</span>Â 
>        <span class="label label-default">oval:ssg-test_accounts_password_set_max_life_existing_password_max_life_existing:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/shadow</td><td>bernhard:$6$xx2Cr31XbegkY0Jx$V0Xhl7QjOftSdXq1k1ejZahmx8dhysx2KpX3IF/qHX1lQU2eVDFcAfua9sgvK.DoXs8UGi80YIbT2hFMNp4Ov0:19640:7:60:7:35::
></td></tr></tbody></table><h4><span class="label label-primary">Compares a specific field in /etc/shadow with a specific variable value</span>Â 
>        <span class="label label-default">oval:ssg-test_accounts_password_set_max_life_existing_password_max_life_existing_minimum:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/shadow</td><td>bernhard:$6$xx2Cr31XbegkY0Jx$V0Xhl7QjOftSdXq1k1ejZahmx8dhysx2KpX3IF/qHX1lQU2eVDFcAfua9sgvK.DoXs8UGi80YIbT2hFMNp4Ov0:19640:7:60:7:35::
></td></tr></tbody></table><h4><span class="label label-primary">Passwords must have the maximum password age set non-empty in /etc/shadow.</span>Â 
>        <span class="label label-default">oval:ssg-test_accounts_password_set_max_life_existing_password_max_life_not_empty:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/shadow</td><td>root:$6$I.FmW36kPW.qLFcU$EB6aMvDmjklnyTxbT6gq8uniBa5hZJOqp1feBDeZaO3vJeaRYtoVAah81VD7sZzFd73DUJX1743uaRN3/zjFF.:19640::::::</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-fail rule-detail-id-xccdf_org.ssgproject.content_rule_accounts_password_set_min_life_existing" id="rule-detail-id34323"><div class="keywords sr-only">Set Existing Passwords Minimum Agexccdf_org.ssgproject.content_rule_accounts_password_set_min_life_existing mediumCCE-85710-2 </div><div class="panel-heading"><h3 class="panel-title">Set Existing Passwords Minimum Age</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_accounts_password_set_min_life_existing</td></tr><tr><td>Result</td><td class="rule-result rule-result-fail"><div><abbr title="The target system or system component did not satisfy at least one condition of the rule.">fail</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-accounts_password_set_min_life_existing:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:06+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
>            <abbr title="https://ncp.nist.gov/cce: CCE-85710-2">CCE-85710-2</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
>            <a href="https://public.cyber.mil/stigs/cci/">CCI-000198</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(1).1(v)</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000075-GPOS-00043</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">SLES-15-020210</a>, <a href="https://www.cisecurity.org/benchmark/suse_linux/">5.4.1.3</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-234890r622137_rule</a></p></td></tr><tr><td>Description</td><td><div class="description">Configure non-compliant accounts to enforce a 24 hours/1 day minimum password
>lifetime by running the following command:
><pre>$ sudo chage -m 1 <i>USER</i></pre></div></td></tr><tr><td>Rationale</td><td><div class="rationale">Enforcing a minimum password lifetime helps to prevent repeated password
>changes to defeat the password reuse or history enforcement requirement. If
>users are allowed to immediately and continually change their password, the
>password could be repeatedly changed in a short period of time to defeat the
>organization's policy regarding password reuse.</div></td></tr><tr class="noprint"><td colspan="2"><div class="remediation"><a class="btn btn-success" data-toggle="collapse" data-target="#id34455" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet â²</a><br><div class="panel-collapse collapse" id="id34455"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Reboot:</th><td>false</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>- name: XCCDF Value var_accounts_minimum_age_login_defs # promote to variable
>  set_fact:
>    var_accounts_minimum_age_login_defs: !!str <abbr title="from TestResult: xccdf_org.ssgproject.content_value_var_accounts_minimum_age_login_defs">7</abbr>
>  tags:
>    - always
>
>- name: Collect users with not correct minimum time period between password changes
>  command: |
>    awk -F':' '(/^[^:]+:[^!*]/ &amp;&amp; ($4 &lt; {{ var_accounts_minimum_age_login_defs }} || $4 == "")) {print $1}' /etc/shadow
>  register: user_names
>  tags:
>  - CCE-85710-2
>  - DISA-STIG-SLES-15-020210
>  - NIST-800-53-IA-5(1).1(v)
>  - accounts_password_set_min_life_existing
>  - low_complexity
>  - low_disruption
>  - medium_severity
>  - no_reboot_needed
>  - restrict_strategy
>
>- name: Change the minimum time period between password changes
>  command: |
>    passwd -q -n {{ var_accounts_minimum_age_login_defs }} {{ item }}
>  with_items: '{{ user_names.stdout_lines }}'
>  when: user_names.stdout_lines | length &gt; 0
>  tags:
>  - CCE-85710-2
>  - DISA-STIG-SLES-15-020210
>  - NIST-800-53-IA-5(1).1(v)
>  - accounts_password_set_min_life_existing
>  - low_complexity
>  - low_disruption
>  - medium_severity
>  - no_reboot_needed
>  - restrict_strategy
></code></pre></div></div></td></tr><tr class="noprint"><td colspan="2"><div class="remediation"><a class="btn btn-success" data-toggle="collapse" data-target="#id34456" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script â²</a><br><div class="panel-collapse collapse" id="id34456"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Reboot:</th><td>false</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>
>var_accounts_minimum_age_login_defs='<abbr title="from TestResult: xccdf_org.ssgproject.content_value_var_accounts_minimum_age_login_defs">7</abbr>'
>
>
>while IFS= read -r i; do
>    
>    passwd -q -n $var_accounts_minimum_age_login_defs $i
>
>done &lt;   &lt;(awk -v var="$var_accounts_minimum_age_login_defs" -F: '(/^[^:]+:[^!*]/ &amp;&amp; ($4 &lt; var || $4 == "")) {print $1}' /etc/shadow)
></code></pre></div></div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">Compares a specific field in /etc/shadow with a specific variable value</span>Â 
>        <span class="label label-default">oval:ssg-test_accounts_password_set_min_life_existing_password_max_life_existing:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/shadow</td><td>bernhard:$6$xx2Cr31XbegkY0Jx$V0Xhl7QjOftSdXq1k1ejZahmx8dhysx2KpX3IF/qHX1lQU2eVDFcAfua9sgvK.DoXs8UGi80YIbT2hFMNp4Ov0:19640:7:60:7:35::
></td></tr></tbody></table><h4><span class="label label-primary">Compares a specific field in /etc/shadow with a specific variable value</span>Â 
>        <span class="label label-default">oval:ssg-test_accounts_password_set_min_life_existing_password_max_life_existing_minimum:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/shadow</td><td>bernhard:$6$xx2Cr31XbegkY0Jx$V0Xhl7QjOftSdXq1k1ejZahmx8dhysx2KpX3IF/qHX1lQU2eVDFcAfua9sgvK.DoXs8UGi80YIbT2hFMNp4Ov0:19640:7:60:7:35::
></td></tr></tbody></table><h4><span class="label label-primary">Passwords must have the maximum password age set non-empty in /etc/shadow.</span>Â 
>        <span class="label label-default">oval:ssg-test_accounts_password_set_min_life_existing_password_max_life_not_empty:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/shadow</td><td>root:$6$I.FmW36kPW.qLFcU$EB6aMvDmjklnyTxbT6gq8uniBa5hZJOqp1feBDeZaO3vJeaRYtoVAah81VD7sZzFd73DUJX1743uaRN3/zjFF.:19640::::::</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_no_direct_root_logins" id="rule-detail-id34324"><div class="keywords sr-only">Direct root Logins Not Allowedxccdf_org.ssgproject.content_rule_no_direct_root_logins mediumCCE-91427-5 </div><div class="panel-heading"><h3 class="panel-title">Direct root Logins Not Allowed</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_no_direct_root_logins</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-no_direct_root_logins:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:06+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
>            <abbr title="https://ncp.nist.gov/cce: CCE-91427-5">CCE-91427-5</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
>            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R19)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.10</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.10</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.6</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(B)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(ii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(c)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.18.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.9.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-003-8 R5.1.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-003-8 R5.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-004-6 R2.2.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-004-6 R2.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.1.2</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.2</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.3.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.3.2</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.3.3</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-6</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-7</a>, <a href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">8.6.1</a>, <a href="https://www.cisecurity.org/benchmark/suse_linux/">5.5</a></p></td></tr><tr><td>Description</td><td><div class="description">To further limit access to the <code>root</code> account, administrators
>can disable root logins at the console by editing the <code>/etc/securetty</code> file.
>This file lists all devices the root user is allowed to login to. If the file does
>not exist at all, the root user can login through any communication device on the
>system, whether via the console or via a raw network interface. This is dangerous
>as user can login to the system as root via Telnet, which sends the password in
>plain text over the network. By default, SUSE Linux Enterprise 15's
><code>/etc/securetty</code> file only allows the root user to login at the console
>physically attached to the system. To prevent root from logging in, remove the
>contents of this file. To prevent direct root logins, remove the contents of this
>file by typing the following command:
><pre>
>$ sudo echo &gt; /etc/securetty
></pre></div></td></tr><tr><td>Rationale</td><td><div class="rationale">Disabling direct root logins ensures proper accountability and multifactor
>authentication to privileged accounts. Users will first login, then escalate
>to privileged (root) access via su / sudo. This is required for FISMA Low
>and FISMA Moderate systems.</div></td></tr><tr><td>Warnings</td><td><div class="panel panel-warning"><div class="panel-heading"><span class="label label-warning">warning</span>Â 
>                                This rule only checks the <code>/etc/securetty</code> file existence and its content.
>If you need to restrict user access using the <code>/etc/securetty</code> file, make sure
>the <code>pam_securetty.so</code> PAM module is properly enabled in relevant PAM files.</div></div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">no entries in /etc/securetty</span>Â 
>        <span class="label label-default">oval:ssg-test_no_direct_root_logins:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/securetty</td><td></td></tr></tbody></table><h4><span class="label label-primary">/etc/securetty file exists</span>Â 
>        <span class="label label-default">oval:ssg-test_etc_securetty_exists:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/securetty</td><td></td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_accounts_umask_etc_login_defs" id="rule-detail-id34325"><div class="keywords sr-only">Ensure the Default Umask is Set Correctly in login.defsxccdf_org.ssgproject.content_rule_accounts_umask_etc_login_defs mediumCCE-85659-1 </div><div class="panel-heading"><h3 class="panel-title">Ensure the Default Umask is Set Correctly in login.defs</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_accounts_umask_etc_login_defs</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-accounts_umask_etc_login_defs:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:06+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
>            <abbr title="https://ncp.nist.gov/cce: CCE-85659-1">CCE-85659-1</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
>            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R35)</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">18</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.02</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.03</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.02</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.03</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.05</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.3.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.3.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.5.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.6.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.5</a>, <a href="https://www.iso.org/standard/54534.html">A.6.1.5</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-003-8 R5.1.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-003-8 R5.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-004-6 R2.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R2.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R2.2</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R2.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.1.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.1.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(1)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.IP-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.IP-2</a>, <a href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">8.6.1</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00228</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">SLES-15-040420</a>, <a href="https://www.cisecurity.org/benchmark/suse_linux/">5.4.5</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-235030r622137_rule</a></p></td></tr><tr><td>Description</td><td><div class="description">To ensure the default umask controlled by <code>/etc/login.defs</code> is set properly,
>add or correct the <code>UMASK</code> setting in <code>/etc/login.defs</code> to read as follows:
><pre>UMASK <abbr title="from TestResult: xccdf_org.ssgproject.content_value_var_accounts_user_umask">027</abbr></pre></div></td></tr><tr><td>Rationale</td><td><div class="rationale">The umask value influences the permissions assigned to files when they are created.
>A misconfigured umask value could result in files with excessive permissions that can be read and
>written to by unauthorized users.</div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">Verify the existence of var_accounts_user_umask_as_number variable</span>Â 
>        <span class="label label-default">oval:ssg-test_existence_of_var_accounts_user_umask_as_number_variable:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Var ref</th><th>Value</th></tr></thead><tbody><tr><td>oval:ssg-var_accounts_user_umask_umask_as_number:var:1</td><td>23</td></tr></tbody></table><h4><span class="label label-primary">Test the retrieved /etc/login.defs umask value(s) match the var_accounts_user_umask requirement</span>Â 
>        <span class="label label-default">oval:ssg-tst_accounts_umask_etc_login_defs:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Var ref</th><th>Value</th></tr></thead><tbody><tr><td>oval:ssg-var_etc_login_defs_umask_as_number:var:1</td><td>23</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_accounts_umask_etc_profile" id="rule-detail-id34326"><div class="keywords sr-only">Ensure the Default Umask is Set Correctly in /etc/profilexccdf_org.ssgproject.content_rule_accounts_umask_etc_profile mediumCCE-91216-2 </div><div class="panel-heading"><h3 class="panel-title">Ensure the Default Umask is Set Correctly in /etc/profile</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_accounts_umask_etc_profile</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-accounts_umask_etc_profile:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:06+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
>            <abbr title="https://ncp.nist.gov/cce: CCE-91216-2">CCE-91216-2</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
>            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R35)</a>, <a href="https://www.cisecurity.org/controls/">18</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.02</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.03</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.3.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.5</a>, <a href="https://www.iso.org/standard/54534.html">A.6.1.5</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-003-8 R5.1.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-003-8 R5.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-004-6 R2.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R2.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R2.2</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R2.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.1.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.1.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(1)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.IP-2</a>, <a href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">8.6.1</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00228</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a>, <a href="https://www.cisecurity.org/benchmark/suse_linux/">5.4.5</a></p></td></tr><tr><td>Description</td><td><div class="description">To ensure the default umask controlled by <code>/etc/profile</code> is set properly,
>add or correct the <code>umask</code> setting in <code>/etc/profile</code> to read as follows:
><pre>umask <abbr title="from TestResult: xccdf_org.ssgproject.content_value_var_accounts_user_umask">027</abbr></pre>
>
>Note that <code>/etc/profile</code> also reads scrips within <code>/etc/profile.d</code> directory.
>These scripts are also valid files to set umask value. Therefore, they should also be
>considered during the check and properly remediated, if necessary.</div></td></tr><tr><td>Rationale</td><td><div class="rationale">The umask value influences the permissions assigned to files when they are created.
>A misconfigured umask value could result in files with excessive permissions that can be read or
>written to by unauthorized users.</div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">Verify the existence of var_accounts_user_umask_as_number variable</span>Â 
>        <span class="label label-default">oval:ssg-test_existence_of_var_accounts_user_umask_as_number_variable:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Var ref</th><th>Value</th></tr></thead><tbody><tr><td>oval:ssg-var_accounts_user_umask_umask_as_number:var:1</td><td>23</td></tr></tbody></table><h4><span class="label label-primary">umask value(s) from profile configuration files match the requirement</span>Â 
>        <span class="label label-default">oval:ssg-tst_accounts_umask_etc_profile:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Var ref</th><th>Value</th></tr></thead><tbody><tr><td>oval:ssg-var_etc_profile_umask_as_number:var:1</td><td>23</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_accounts_have_homedir_login_defs" id="rule-detail-id34327"><div class="keywords sr-only">Ensure Home Directories are Created for New Usersxccdf_org.ssgproject.content_rule_accounts_have_homedir_login_defs mediumCCE-85562-7 </div><div class="panel-heading"><h3 class="panel-title">Ensure Home Directories are Created for New Users</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_accounts_have_homedir_login_defs</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-accounts_have_homedir_login_defs:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:06+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
>            <abbr title="https://ncp.nist.gov/cce: CCE-85562-7">CCE-85562-7</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
>            <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">SLES-15-020110</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-234880r622137_rule</a></p></td></tr><tr><td>Description</td><td><div class="description">All local interactive user accounts, upon creation, should be assigned a home directory.
><br><br>
>Configure the operating system to assign home directories to all new local interactive users by setting the <code>CREATE_HOME</code>
>parameter in <code>/etc/login.defs</code> to <code>yes</code> as follows:
><br><br>
><pre>CREATE_HOME yes</pre></div></td></tr><tr><td>Rationale</td><td><div class="rationale">If local interactive users are not assigned a valid home directory, there is no place
>for the storage and control of files they should own.</div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">Check value of CREATE_HOME in /etc/login.defs</span>Â 
>        <span class="label label-default">oval:ssg-test_accounts_have_homedir_login_defs:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/login.defs</td><td>CREATE_HOME yes
></td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_accounts_tmout" id="rule-detail-id34328"><div class="keywords sr-only">Set Interactive Session Timeoutxccdf_org.ssgproject.content_rule_accounts_tmout mediumCCE-83269-1 </div><div class="panel-heading"><h3 class="panel-title">Set Interactive Session Timeout</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_accounts_tmout</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-accounts_tmout:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:06+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
>            <abbr title="https://ncp.nist.gov/cce: CCE-83269-1">CCE-83269-1</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
>            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R29)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.10</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.10</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.11</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000057</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001133</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002361</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.9</a>, <a href="https://www.iso.org/standard/54534.html">A.18.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-004-6 R2.2.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.2</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.3.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.3.2</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.3.3</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-12</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">SC-10</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-2(5)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-7</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FMT_MOF_EXT.1</a>, <a href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">8.6.1</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000163-GPOS-00072</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000029-GPOS-00010</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">SLES-15-010130</a>, <a href="https://www.cisecurity.org/benchmark/suse_linux/">5.4.4</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-234813r622137_rule</a></p></td></tr><tr><td>Description</td><td><div class="description">Setting the <code>TMOUT</code> option in <code>/etc/profile</code> ensures that
>all user sessions will terminate based on inactivity.
>The value of TMOUT should be exported and read only.
>The <code>TMOUT</code>
>
>setting in <code>/etc/profile.d/autologout.sh</code> should read as follows:
><pre>TMOUT=<abbr title="from TestResult: xccdf_org.ssgproject.content_value_var_accounts_tmout">900</abbr></pre>
>readonly TMOUT
>export TMOUT</div></td></tr><tr><td>Rationale</td><td><div class="rationale">Terminating an idle session within a short time period reduces
>the window of opportunity for unauthorized personnel to take control of a
>management session enabled on the console or console port that has been
>left unattended.</div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">TMOUT in /etc/profile</span>Â 
>        <span class="label label-default">oval:ssg-test_etc_profile_tmout:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_etc_profile_tmout:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/profile</td><td>^[\s]*TMOUT=([\w$]+)[\s]*readonly TMOUT[\s]*export TMOUT$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">TMOUT in /etc/profile.d/*.sh</span>Â 
>        <span class="label label-default">oval:ssg-test_etc_profiled_tmout:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/profile.d/autologout.sh</td><td>TMOUT=900
>readonly TMOUT
>export TMOUT</td></tr></tbody></table><h4><span class="label label-primary">Check that at least one TMOUT is defined</span>Â 
>        <span class="label label-default">oval:ssg-test_accounts_tmout_defined:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Var ref</th><th>Value</th></tr></thead><tbody><tr><td>oval:ssg-variable_count_of_tmout_instances:var:1</td><td>1</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_file_permissions_home_directories" id="rule-detail-id34329"><div class="keywords sr-only">All Interactive User Home Directories Must Have mode 0750 Or Less Permissivexccdf_org.ssgproject.content_rule_file_permissions_home_directories mediumCCE-85629-4 </div><div class="panel-heading"><h3 class="panel-title">All Interactive User Home Directories Must Have mode 0750 Or Less Permissive</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_file_permissions_home_directories</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-file_permissions_home_directories:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:06+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
>            <abbr title="https://ncp.nist.gov/cce: CCE-85629-4">CCE-85629-4</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
>            <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">SLES-15-040090</a>, <a href="https://www.cisecurity.org/benchmark/suse_linux/">6.2.6</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-234993r622137_rule</a></p></td></tr><tr><td>Description</td><td><div class="description">Change the mode of interactive users home directories to <code>0750</code>. To
>change the mode of interactive users home directory, use the
>following command:
><pre>$ sudo chmod 0750 /home/<i>USER</i></pre></div></td></tr><tr><td>Rationale</td><td><div class="rationale">Excessive permissions on local interactive user home directories may allow
>unauthorized access to user files by other users.</div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">All home directories have proper permissions</span>Â 
>        <span class="label label-default">oval:ssg-test_file_permissions_home_directories:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Type</th><th>UID</th><th>GID</th><th>Size (B)</th><th>Permissions</th></tr></thead><tbody><tr><td>/home/bernhard/</td><td>directory</td><td>1001</td><td>100</td><td>168</td><td><code>rwxr-x---Â </code></td></tr><tr><td>/home/azureuser/</td><td>directory</td><td>1000</td><td>100</td><td>168</td><td><code>rwxr-x---Â </code></td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_chmod" id="rule-detail-id34330"><div class="keywords sr-only">Record Events that Modify the System's Discretionary Access Controls - chmodxccdf_org.ssgproject.content_rule_audit_rules_dac_modification_chmod mediumCCE-85693-0 </div><div class="panel-heading"><h3 class="panel-title">Record Events that Modify the System's Discretionary Access Controls - chmod</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_chmod</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-audit_rules_dac_modification_chmod:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:07+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
>            <abbr title="https://ncp.nist.gov/cce: CCE-85693-0">CCE-85693-0</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
>            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R73)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000126</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000130</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000135</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000172</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002884</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-3</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-3.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12.1(iv)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12.1(ii)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">MA-4(1)(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.5.5</a>, <a href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">10.3.4</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000037-GPOS-00015</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000042-GPOS-00020</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000062-GPOS-00031</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000392-GPOS-00172</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000462-GPOS-00206</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000471-GPOS-00215</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000064-GPOS-00033</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000466-GPOS-00210</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000458-GPOS-00203</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">SLES-15-030290</a>, <a href="https://www.cisecurity.org/benchmark/suse_linux/">4.1.9</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-234928r622137_rule</a></p></td></tr><tr><td>Description</td><td><div class="description">At a minimum, the audit system should collect file permission
>changes for all users and root. If the <code>auditd</code> daemon is configured to
>use the <code>augenrules</code> program to read audit rules during daemon startup
>(the default), add the following line to a file with suffix <code>.rules</code> in
>the directory <code>/etc/audit/rules.d</code>:
><pre>-a always,exit -F arch=b32 -S chmod -F auid&gt;=1000 -F auid!=unset -F key=perm_mod</pre>
>If the system is 64 bit then also add the following line:
><pre>-a always,exit -F arch=b64 -S chmod -F auid&gt;=1000 -F auid!=unset -F key=perm_mod</pre>
>If the <code>auditd</code> daemon is configured to use the <code>auditctl</code>
>utility to read audit rules during daemon startup, add the following line to
><code>/etc/audit/audit.rules</code> file:
><pre>-a always,exit -F arch=b32 -S chmod -F auid&gt;=1000 -F auid!=unset -F key=perm_mod</pre>
>If the system is 64 bit then also add the following line:
><pre>-a always,exit -F arch=b64 -S chmod -F auid&gt;=1000 -F auid!=unset -F key=perm_mod</pre></div></td></tr><tr><td>Rationale</td><td><div class="rationale">The changing of file permissions could indicate that a user is attempting to
>gain access to information that would otherwise be disallowed. Auditing DAC modifications
>can facilitate the identification of patterns of abuse among both authorized and
>unauthorized users.</div></td></tr><tr><td>Warnings</td><td><div class="panel panel-warning"><div class="panel-heading"><span class="label label-warning">warning</span>Â 
>                                Note that these rules can be configured in a
>number of ways while still achieving the desired effect.  Here the system calls
>have been placed independent of other system calls.  Grouping these system
>calls with others as identifying earlier in this guide is more efficient.</div></div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">audit augenrules</span>Â 
>        <span class="label label-default">oval:ssg-test_audit_rules_augenrules:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>Requires=augenrules.service</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules 32-bit chmod</span>Â 
>        <span class="label label-default">oval:ssg-test_32bit_ardm_chmod_augenrules:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/perm_mod.rules</td><td>-a always,exit -F arch=b32 -S chmod -F auid&gt;=1000 -F auid!=unset -F key=perm_mod</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_x86_64:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_ppc_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="64 bit architecture">oval:ssg-object_system_info_architecture_ppcle_64:obj:1</abbr></strong> of type
>                <strong>uname_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_aarch_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_s390_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules 64-bit chmod</span>Â 
>        <span class="label label-default">oval:ssg-test_64bit_ardm_chmod_augenrules:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/perm_mod.rules</td><td>-a always,exit -F arch=b64 -S chmod -F auid&gt;=1000 -F auid!=unset -F key=perm_mod</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl</span>Â 
>        <span class="label label-default">oval:ssg-test_audit_rules_auditctl:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_audit_rules_auditctl:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>^ExecStartPost=\-\/sbin\/auditctl.*$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl 32-bit chmod</span>Â 
>        <span class="label label-default">oval:ssg-test_32bit_ardm_chmod_auditctl:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-a always,exit -F arch=b32 -S chmod -F auid&gt;=1000 -F auid!=unset -F key=perm_mod</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_x86_64:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_ppc_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="64 bit architecture">oval:ssg-object_system_info_architecture_ppcle_64:obj:1</abbr></strong> of type
>                <strong>uname_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_aarch_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_s390_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl 64-bit chmod</span>Â 
>        <span class="label label-default">oval:ssg-test_64bit_ardm_chmod_auditctl:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-a always,exit -F arch=b64 -S chmod -F auid&gt;=1000 -F auid!=unset -F key=perm_mod</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_chown" id="rule-detail-id34331"><div class="keywords sr-only">Record Events that Modify the System's Discretionary Access Controls - chownxccdf_org.ssgproject.content_rule_audit_rules_dac_modification_chown mediumCCE-85690-6 </div><div class="panel-heading"><h3 class="panel-title">Record Events that Modify the System's Discretionary Access Controls - chown</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_chown</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-audit_rules_dac_modification_chown:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:07+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
>            <abbr title="https://ncp.nist.gov/cce: CCE-85690-6">CCE-85690-6</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
>            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R73)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000126</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000130</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000135</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000172</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002884</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-3</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-3.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12.1(iv)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12.1(ii)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">MA-4(1)(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.5.5</a>, <a href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">10.3.4</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000037-GPOS-00015</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000042-GPOS-00020</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000062-GPOS-00031</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000392-GPOS-00172</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000462-GPOS-00206</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000471-GPOS-00215</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000064-GPOS-00033</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000466-GPOS-00210</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000458-GPOS-00203</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000474-GPOS-00219</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">SLES-15-030250</a>, <a href="https://www.cisecurity.org/benchmark/suse_linux/">4.1.9</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-234924r622137_rule</a></p></td></tr><tr><td>Description</td><td><div class="description">At a minimum, the audit system should collect file permission
>changes for all users and root. If the <code>auditd</code> daemon is configured to
>use the <code>augenrules</code> program to read audit rules during daemon startup
>(the default), add the following line to a file with suffix <code>.rules</code> in
>the directory <code>/etc/audit/rules.d</code>:
><pre>-a always,exit -F arch=b32 -S chown -F auid&gt;=1000 -F auid!=unset -F key=perm_mod</pre>
>If the system is 64 bit then also add the following line:
><pre>-a always,exit -F arch=b64 -S chown -F auid&gt;=1000 -F auid!=unset -F key=perm_mod</pre>
>If the <code>auditd</code> daemon is configured to use the <code>auditctl</code>
>utility to read audit rules during daemon startup, add the following line to
><code>/etc/audit/audit.rules</code> file:
><pre>-a always,exit -F arch=b32 -S chown -F auid&gt;=1000 -F auid!=unset -F key=perm_mod</pre>
>If the system is 64 bit then also add the following line:
><pre>-a always,exit -F arch=b64 -S chown -F auid&gt;=1000 -F auid!=unset -F key=perm_mod</pre></div></td></tr><tr><td>Rationale</td><td><div class="rationale">The changing of file permissions could indicate that a user is attempting to
>gain access to information that would otherwise be disallowed. Auditing DAC modifications
>can facilitate the identification of patterns of abuse among both authorized and
>unauthorized users.</div></td></tr><tr><td>Warnings</td><td><div class="panel panel-warning"><div class="panel-heading"><span class="label label-warning">warning</span>Â 
>                                Note that these rules can be configured in a
>number of ways while still achieving the desired effect.  Here the system calls
>have been placed independent of other system calls.  Grouping these system
>calls with others as identifying earlier in this guide is more efficient.</div></div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">audit augenrules</span>Â 
>        <span class="label label-default">oval:ssg-test_audit_rules_augenrules:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>Requires=augenrules.service</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules 32-bit chown</span>Â 
>        <span class="label label-default">oval:ssg-test_32bit_ardm_chown_augenrules:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/perm_mod.rules</td><td>-a always,exit -F arch=b32 -S chown -F auid&gt;=1000 -F auid!=unset -F key=perm_mod</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_x86_64:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_ppc_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="64 bit architecture">oval:ssg-object_system_info_architecture_ppcle_64:obj:1</abbr></strong> of type
>                <strong>uname_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_aarch_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_s390_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules 64-bit chown</span>Â 
>        <span class="label label-default">oval:ssg-test_64bit_ardm_chown_augenrules:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/perm_mod.rules</td><td>-a always,exit -F arch=b64 -S chown -F auid&gt;=1000 -F auid!=unset -F key=perm_mod</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl</span>Â 
>        <span class="label label-default">oval:ssg-test_audit_rules_auditctl:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_audit_rules_auditctl:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>^ExecStartPost=\-\/sbin\/auditctl.*$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl 32-bit chown</span>Â 
>        <span class="label label-default">oval:ssg-test_32bit_ardm_chown_auditctl:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-a always,exit -F arch=b32 -S chown -F auid&gt;=1000 -F auid!=unset -F key=perm_mod</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_x86_64:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_ppc_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="64 bit architecture">oval:ssg-object_system_info_architecture_ppcle_64:obj:1</abbr></strong> of type
>                <strong>uname_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_aarch_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_s390_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl 64-bit chown</span>Â 
>        <span class="label label-default">oval:ssg-test_64bit_ardm_chown_auditctl:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-a always,exit -F arch=b64 -S chown -F auid&gt;=1000 -F auid!=unset -F key=perm_mod</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_fchmod" id="rule-detail-id34332"><div class="keywords sr-only">Record Events that Modify the System's Discretionary Access Controls - fchmodxccdf_org.ssgproject.content_rule_audit_rules_dac_modification_fchmod mediumCCE-85694-8 </div><div class="panel-heading"><h3 class="panel-title">Record Events that Modify the System's Discretionary Access Controls - fchmod</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_fchmod</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-audit_rules_dac_modification_fchmod:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:07+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
>            <abbr title="https://ncp.nist.gov/cce: CCE-85694-8">CCE-85694-8</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
>            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R73)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000126</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000130</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000135</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000172</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002884</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-3</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-3.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12.1(iv)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12.1(ii)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">MA-4(1)(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.5.5</a>, <a href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">10.3.4</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000037-GPOS-00015</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000042-GPOS-00020</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000062-GPOS-00031</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000392-GPOS-00172</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000462-GPOS-00206</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000471-GPOS-00215</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000064-GPOS-00033</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000466-GPOS-00210</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000458-GPOS-00203</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">SLES-15-030290</a>, <a href="https://www.cisecurity.org/benchmark/suse_linux/">4.1.9</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-234928r622137_rule</a></p></td></tr><tr><td>Description</td><td><div class="description">At a minimum, the audit system should collect file permission
>changes for all users and root. If the <code>auditd</code> daemon is configured to
>use the <code>augenrules</code> program to read audit rules during daemon startup
>(the default), add the following line to a file with suffix <code>.rules</code> in
>the directory <code>/etc/audit/rules.d</code>:
><pre>-a always,exit -F arch=b32 -S fchmod -F auid&gt;=1000 -F auid!=unset -F key=perm_mod</pre>
>If the system is 64 bit then also add the following line:
><pre>-a always,exit -F arch=b64 -S fchmod -F auid&gt;=1000 -F auid!=unset -F key=perm_mod</pre>
>If the <code>auditd</code> daemon is configured to use the <code>auditctl</code>
>utility to read audit rules during daemon startup, add the following line to
><code>/etc/audit/audit.rules</code> file:
><pre>-a always,exit -F arch=b32 -S fchmod -F auid&gt;=1000 -F auid!=unset -F key=perm_mod</pre>
>If the system is 64 bit then also add the following line:
><pre>-a always,exit -F arch=b64 -S fchmod -F auid&gt;=1000 -F auid!=unset -F key=perm_mod</pre></div></td></tr><tr><td>Rationale</td><td><div class="rationale">The changing of file permissions could indicate that a user is attempting to
>gain access to information that would otherwise be disallowed. Auditing DAC modifications
>can facilitate the identification of patterns of abuse among both authorized and
>unauthorized users.</div></td></tr><tr><td>Warnings</td><td><div class="panel panel-warning"><div class="panel-heading"><span class="label label-warning">warning</span>Â 
>                                Note that these rules can be configured in a
>number of ways while still achieving the desired effect. Here the system calls
>have been placed independent of other system calls. Grouping these system
>calls with others as identifying earlier in this guide is more efficient.</div></div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">audit augenrules</span>Â 
>        <span class="label label-default">oval:ssg-test_audit_rules_augenrules:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>Requires=augenrules.service</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules 32-bit fchmod</span>Â 
>        <span class="label label-default">oval:ssg-test_32bit_ardm_fchmod_augenrules:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/perm_mod.rules</td><td>-a always,exit -F arch=b32 -S fchmod -F auid&gt;=1000 -F auid!=unset -F key=perm_mod</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_x86_64:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_ppc_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="64 bit architecture">oval:ssg-object_system_info_architecture_ppcle_64:obj:1</abbr></strong> of type
>                <strong>uname_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_aarch_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_s390_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules 64-bit fchmod</span>Â 
>        <span class="label label-default">oval:ssg-test_64bit_ardm_fchmod_augenrules:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/perm_mod.rules</td><td>-a always,exit -F arch=b64 -S fchmod -F auid&gt;=1000 -F auid!=unset -F key=perm_mod</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl</span>Â 
>        <span class="label label-default">oval:ssg-test_audit_rules_auditctl:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_audit_rules_auditctl:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>^ExecStartPost=\-\/sbin\/auditctl.*$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl 32-bit fchmod</span>Â 
>        <span class="label label-default">oval:ssg-test_32bit_ardm_fchmod_auditctl:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-a always,exit -F arch=b32 -S fchmod -F auid&gt;=1000 -F auid!=unset -F key=perm_mod</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_x86_64:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_ppc_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="64 bit architecture">oval:ssg-object_system_info_architecture_ppcle_64:obj:1</abbr></strong> of type
>                <strong>uname_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_aarch_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_s390_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl 64-bit fchmod</span>Â 
>        <span class="label label-default">oval:ssg-test_64bit_ardm_fchmod_auditctl:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-a always,exit -F arch=b64 -S fchmod -F auid&gt;=1000 -F auid!=unset -F key=perm_mod</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_fchmodat" id="rule-detail-id34333"><div class="keywords sr-only">Record Events that Modify the System's Discretionary Access Controls - fchmodatxccdf_org.ssgproject.content_rule_audit_rules_dac_modification_fchmodat mediumCCE-85695-5 </div><div class="panel-heading"><h3 class="panel-title">Record Events that Modify the System's Discretionary Access Controls - fchmodat</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_fchmodat</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-audit_rules_dac_modification_fchmodat:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:07+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
>            <abbr title="https://ncp.nist.gov/cce: CCE-85695-5">CCE-85695-5</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
>            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R73)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000126</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000130</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000135</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000172</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002884</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-3</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-3.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12.1(iv)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12.1(ii)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">MA-4(1)(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.5.5</a>, <a href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">10.3.4</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000037-GPOS-00015</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000042-GPOS-00020</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000062-GPOS-00031</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000392-GPOS-00172</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000462-GPOS-00206</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000471-GPOS-00215</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000064-GPOS-00033</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000466-GPOS-00210</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000458-GPOS-00203</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">SLES-15-030290</a>, <a href="https://www.cisecurity.org/benchmark/suse_linux/">4.1.9</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-234928r622137_rule</a></p></td></tr><tr><td>Description</td><td><div class="description">At a minimum, the audit system should collect file permission
>changes for all users and root. If the <code>auditd</code> daemon is configured to
>use the <code>augenrules</code> program to read audit rules during daemon startup
>(the default), add the following line to a file with suffix <code>.rules</code> in
>the directory <code>/etc/audit/rules.d</code>:
><pre>-a always,exit -F arch=b32 -S fchmodat -F auid&gt;=1000 -F auid!=unset -F key=perm_mod</pre>
>If the system is 64 bit then also add the following line:
><pre>-a always,exit -F arch=b64 -S fchmodat -F auid&gt;=1000 -F auid!=unset -F key=perm_mod</pre>
>If the <code>auditd</code> daemon is configured to use the <code>auditctl</code>
>utility to read audit rules during daemon startup, add the following line to
><code>/etc/audit/audit.rules</code> file:
><pre>-a always,exit -F arch=b32 -S fchmodat -F auid&gt;=1000 -F auid!=unset -F key=perm_mod</pre>
>If the system is 64 bit then also add the following line:
><pre>-a always,exit -F arch=b64 -S fchmodat -F auid&gt;=1000 -F auid!=unset -F key=perm_mod</pre></div></td></tr><tr><td>Rationale</td><td><div class="rationale">The changing of file permissions could indicate that a user is attempting to
>gain access to information that would otherwise be disallowed. Auditing DAC modifications
>can facilitate the identification of patterns of abuse among both authorized and
>unauthorized users.</div></td></tr><tr><td>Warnings</td><td><div class="panel panel-warning"><div class="panel-heading"><span class="label label-warning">warning</span>Â 
>                                Note that these rules can be configured in a
>number of ways while still achieving the desired effect. Here the system calls
>have been placed independent of other system calls. Grouping these system
>calls with others as identifying earlier in this guide is more efficient.</div></div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">audit augenrules</span>Â 
>        <span class="label label-default">oval:ssg-test_audit_rules_augenrules:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>Requires=augenrules.service</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules 32-bit fchmodat</span>Â 
>        <span class="label label-default">oval:ssg-test_32bit_ardm_fchmodat_augenrules:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/perm_mod.rules</td><td>-a always,exit -F arch=b32 -S fchmodat -F auid&gt;=1000 -F auid!=unset -F key=perm_mod</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_x86_64:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_ppc_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="64 bit architecture">oval:ssg-object_system_info_architecture_ppcle_64:obj:1</abbr></strong> of type
>                <strong>uname_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_aarch_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_s390_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules 64-bit fchmodat</span>Â 
>        <span class="label label-default">oval:ssg-test_64bit_ardm_fchmodat_augenrules:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/perm_mod.rules</td><td>-a always,exit -F arch=b64 -S fchmodat -F auid&gt;=1000 -F auid!=unset -F key=perm_mod</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl</span>Â 
>        <span class="label label-default">oval:ssg-test_audit_rules_auditctl:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_audit_rules_auditctl:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>^ExecStartPost=\-\/sbin\/auditctl.*$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl 32-bit fchmodat</span>Â 
>        <span class="label label-default">oval:ssg-test_32bit_ardm_fchmodat_auditctl:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-a always,exit -F arch=b32 -S fchmodat -F auid&gt;=1000 -F auid!=unset -F key=perm_mod</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_x86_64:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_ppc_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="64 bit architecture">oval:ssg-object_system_info_architecture_ppcle_64:obj:1</abbr></strong> of type
>                <strong>uname_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_aarch_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_s390_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl 64-bit fchmodat</span>Â 
>        <span class="label label-default">oval:ssg-test_64bit_ardm_fchmodat_auditctl:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-a always,exit -F arch=b64 -S fchmodat -F auid&gt;=1000 -F auid!=unset -F key=perm_mod</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_fchown" id="rule-detail-id34334"><div class="keywords sr-only">Record Events that Modify the System's Discretionary Access Controls - fchownxccdf_org.ssgproject.content_rule_audit_rules_dac_modification_fchown mediumCCE-85721-9 </div><div class="panel-heading"><h3 class="panel-title">Record Events that Modify the System's Discretionary Access Controls - fchown</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_fchown</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-audit_rules_dac_modification_fchown:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:07+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
>            <abbr title="https://ncp.nist.gov/cce: CCE-85721-9">CCE-85721-9</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
>            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R73)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000126</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000130</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000135</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000172</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002884</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-3</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-3.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12.1(iv)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12.1(ii)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">MA-4(1)(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.5.5</a>, <a href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">10.3.4</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000037-GPOS-00015</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000042-GPOS-00020</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000062-GPOS-00031</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000392-GPOS-00172</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000462-GPOS-00206</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000471-GPOS-00215</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000064-GPOS-00033</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000466-GPOS-00210</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000458-GPOS-00203</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000474-GPOS-00219</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">SLES-15-030250</a>, <a href="https://www.cisecurity.org/benchmark/suse_linux/">4.1.9</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-234924r622137_rule</a></p></td></tr><tr><td>Description</td><td><div class="description">At a minimum, the audit system should collect file permission
>changes for all users and root. If the <code>auditd</code> daemon is configured
>to use the <code>augenrules</code> program to read audit rules during daemon
>startup (the default), add the following line to a file with suffix
><code>.rules</code> in the directory <code>/etc/audit/rules.d</code>:
><pre>-a always,exit -F arch=b32 -S fchown -F auid&gt;=1000 -F auid!=unset -F key=perm_mod</pre>
>
>If the system is 64 bit then also add the following line:
><pre>-a always,exit -F arch=b64 -S fchown -F auid&gt;=1000 -F auid!=unset -F key=perm_mod</pre>
>
>If the <code>auditd</code> daemon is configured to use the <code>auditctl</code>
>utility to read audit rules during daemon startup, add the following line to
><code>/etc/audit/audit.rules</code> file:
><pre>-a always,exit -F arch=b32 -S fchown -F auid&gt;=1000 -F auid!=unset -F key=perm_mod</pre>
>
>If the system is 64 bit then also add the following line:
><pre>-a always,exit -F arch=b64 -S fchown -F auid&gt;=1000 -F auid!=unset -F key=perm_mod</pre></div></td></tr><tr><td>Rationale</td><td><div class="rationale">The changing of file permissions could indicate that a user is attempting to
>gain access to information that would otherwise be disallowed. Auditing DAC modifications
>can facilitate the identification of patterns of abuse among both authorized and
>unauthorized users.</div></td></tr><tr><td>Warnings</td><td><div class="panel panel-warning"><div class="panel-heading"><span class="label label-warning">warning</span>Â 
>                                Note that these rules can be configured in a
>number of ways while still achieving the desired effect. Here the system calls
>have been placed independent of other system calls. Grouping these system
>calls with others as identifying earlier in this guide is more efficient.</div></div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">audit augenrules</span>Â 
>        <span class="label label-default">oval:ssg-test_audit_rules_augenrules:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>Requires=augenrules.service</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules 32-bit fchown</span>Â 
>        <span class="label label-default">oval:ssg-test_32bit_ardm_fchown_augenrules:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/perm_mod.rules</td><td>-a always,exit -F arch=b32 -S fchown -F auid&gt;=1000 -F auid!=unset -F key=perm_mod</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_x86_64:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_ppc_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="64 bit architecture">oval:ssg-object_system_info_architecture_ppcle_64:obj:1</abbr></strong> of type
>                <strong>uname_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_aarch_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_s390_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules 64-bit fchown</span>Â 
>        <span class="label label-default">oval:ssg-test_64bit_ardm_fchown_augenrules:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/perm_mod.rules</td><td>-a always,exit -F arch=b64 -S fchown -F auid&gt;=1000 -F auid!=unset -F key=perm_mod</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl</span>Â 
>        <span class="label label-default">oval:ssg-test_audit_rules_auditctl:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_audit_rules_auditctl:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>^ExecStartPost=\-\/sbin\/auditctl.*$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl 32-bit fchown</span>Â 
>        <span class="label label-default">oval:ssg-test_32bit_ardm_fchown_auditctl:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-a always,exit -F arch=b32 -S fchown -F auid&gt;=1000 -F auid!=unset -F key=perm_mod</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_x86_64:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_ppc_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="64 bit architecture">oval:ssg-object_system_info_architecture_ppcle_64:obj:1</abbr></strong> of type
>                <strong>uname_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_aarch_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_s390_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl 64-bit fchown</span>Â 
>        <span class="label label-default">oval:ssg-test_64bit_ardm_fchown_auditctl:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-a always,exit -F arch=b64 -S fchown -F auid&gt;=1000 -F auid!=unset -F key=perm_mod</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_fchownat" id="rule-detail-id34335"><div class="keywords sr-only">Record Events that Modify the System's Discretionary Access Controls - fchownatxccdf_org.ssgproject.content_rule_audit_rules_dac_modification_fchownat mediumCCE-85692-2 </div><div class="panel-heading"><h3 class="panel-title">Record Events that Modify the System's Discretionary Access Controls - fchownat</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_fchownat</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-audit_rules_dac_modification_fchownat:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:07+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
>            <abbr title="https://ncp.nist.gov/cce: CCE-85692-2">CCE-85692-2</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
>            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R73)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000126</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000130</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000135</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000172</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002884</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-3</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-3.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12.1(iv)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12.1(ii)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">MA-4(1)(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.5.5</a>, <a href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">10.3.4</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000037-GPOS-00015</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000042-GPOS-00020</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000062-GPOS-00031</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000392-GPOS-00172</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000462-GPOS-00206</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000471-GPOS-00215</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000064-GPOS-00033</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000466-GPOS-00210</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000458-GPOS-00203</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000474-GPOS-00219</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">SLES-15-030250</a>, <a href="https://www.cisecurity.org/benchmark/suse_linux/">4.1.9</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-234924r622137_rule</a></p></td></tr><tr><td>Description</td><td><div class="description">At a minimum, the audit system should collect file permission
>changes for all users and root. If the <code>auditd</code> daemon is configured
>to use the <code>augenrules</code> program to read audit rules during daemon
>startup (the default), add the following line to a file with suffix
><code>.rules</code> in the directory <code>/etc/audit/rules.d</code>:
><pre>-a always,exit -F arch=b32 -S fchownat -F auid&gt;=1000 -F auid!=unset -F key=perm_mod</pre>
>If the system is 64 bit then also add the following line:
><pre>-a always,exit -F arch=b64 -S fchownat -F auid&gt;=1000 -F auid!=unset -F key=perm_mod</pre>
>If the <code>auditd</code> daemon is configured to use the <code>auditctl</code>
>utility to read audit rules during daemon startup, add the following line to
><code>/etc/audit/audit.rules</code> file:
><pre>-a always,exit -F arch=b32 -S fchownat -F auid&gt;=1000 -F auid!=unset -F key=perm_mod</pre>
>If the system is 64 bit then also add the following line:
><pre>-a always,exit -F arch=b64 -S fchownat -F auid&gt;=1000 -F auid!=unset -F key=perm_mod</pre></div></td></tr><tr><td>Rationale</td><td><div class="rationale">The changing of file permissions could indicate that a user is attempting to
>gain access to information that would otherwise be disallowed. Auditing DAC modifications
>can facilitate the identification of patterns of abuse among both authorized and
>unauthorized users.</div></td></tr><tr><td>Warnings</td><td><div class="panel panel-warning"><div class="panel-heading"><span class="label label-warning">warning</span>Â 
>                                Note that these rules can be configured in a
>number of ways while still achieving the desired effect. Here the system calls
>have been placed independent of other system calls. Grouping these system
>calls with others as identifying earlier in this guide is more efficient.</div></div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">audit augenrules</span>Â 
>        <span class="label label-default">oval:ssg-test_audit_rules_augenrules:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>Requires=augenrules.service</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules 32-bit fchownat</span>Â 
>        <span class="label label-default">oval:ssg-test_32bit_ardm_fchownat_augenrules:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/perm_mod.rules</td><td>-a always,exit -F arch=b32 -S fchownat -F auid&gt;=1000 -F auid!=unset -F key=perm_mod</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_x86_64:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_ppc_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="64 bit architecture">oval:ssg-object_system_info_architecture_ppcle_64:obj:1</abbr></strong> of type
>                <strong>uname_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_aarch_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_s390_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules 64-bit fchownat</span>Â 
>        <span class="label label-default">oval:ssg-test_64bit_ardm_fchownat_augenrules:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/perm_mod.rules</td><td>-a always,exit -F arch=b64 -S fchownat -F auid&gt;=1000 -F auid!=unset -F key=perm_mod</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl</span>Â 
>        <span class="label label-default">oval:ssg-test_audit_rules_auditctl:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_audit_rules_auditctl:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>^ExecStartPost=\-\/sbin\/auditctl.*$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl 32-bit fchownat</span>Â 
>        <span class="label label-default">oval:ssg-test_32bit_ardm_fchownat_auditctl:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-a always,exit -F arch=b32 -S fchownat -F auid&gt;=1000 -F auid!=unset -F key=perm_mod</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_x86_64:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_ppc_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="64 bit architecture">oval:ssg-object_system_info_architecture_ppcle_64:obj:1</abbr></strong> of type
>                <strong>uname_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_aarch_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_s390_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl 64-bit fchownat</span>Â 
>        <span class="label label-default">oval:ssg-test_64bit_ardm_fchownat_auditctl:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-a always,exit -F arch=b64 -S fchownat -F auid&gt;=1000 -F auid!=unset -F key=perm_mod</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_fremovexattr" id="rule-detail-id34336"><div class="keywords sr-only">Record Events that Modify the System's Discretionary Access Controls - fremovexattrxccdf_org.ssgproject.content_rule_audit_rules_dac_modification_fremovexattr mediumCCE-85686-4 </div><div class="panel-heading"><h3 class="panel-title">Record Events that Modify the System's Discretionary Access Controls - fremovexattr</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_fremovexattr</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-audit_rules_dac_modification_fremovexattr:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:07+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
>            <abbr title="https://ncp.nist.gov/cce: CCE-85686-4">CCE-85686-4</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
>            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R73)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000130</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000135</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000172</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002884</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12.1(ii)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12.1(iv)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-3</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-3.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">MA-4(1)(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.5.5</a>, <a href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">10.3.4</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000037-GPOS-00015</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000042-GPOS-00020</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000062-GPOS-00031</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000392-GPOS-00172</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000458-GPOS-00203</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000462-GPOS-00206</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000463-GPOS-00207</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000471-GPOS-00215</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000474-GPOS-00219</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000466-GPOS-00210</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000468-GPOS-00212</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000064-GPOS-00033</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">SLES-15-030190</a>, <a href="https://www.cisecurity.org/benchmark/suse_linux/">4.1.9</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-234918r622137_rule</a></p></td></tr><tr><td>Description</td><td><div class="description">At a minimum, the audit system should collect file permission
>changes for all users and root.
><br><br>
>If the <code>auditd</code> daemon is configured
>to use the <code>augenrules</code> program to read audit rules during daemon
>startup (the default), add the following line to a file with suffix
><code>.rules</code> in the directory <code>/etc/audit/rules.d</code>:
><pre>-a always,exit -F arch=b32 -S fremovexattr -F auid&gt;=1000 -F auid!=unset -F key=perm_mod</pre>
><br><br>
>If the system is 64 bit then also add the following line:
><pre>-a always,exit -F arch=b64 -S fremovexattr -F auid&gt;=1000 -F auid!=unset -F key=perm_mod</pre>
><br><br>
>If the <code>auditd</code> daemon is configured to use the <code>auditctl</code>
>utility to read audit rules during daemon startup, add the following line to
><code>/etc/audit/audit.rules</code> file:
><pre>-a always,exit -F arch=b32 -S fremovexattr -F auid&gt;=1000 -F auid!=unset -F key=perm_mod</pre>
><br><br>
>If the system is 64 bit then also add the following line:
><pre>-a always,exit -F arch=b64 -S fremovexattr -F auid&gt;=1000 -F auid!=unset -F key=perm_mod</pre></div></td></tr><tr><td>Rationale</td><td><div class="rationale">The changing of file permissions could indicate that a user is attempting to
>gain access to information that would otherwise be disallowed. Auditing DAC modifications
>can facilitate the identification of patterns of abuse among both authorized and
>unauthorized users.</div></td></tr><tr><td>Warnings</td><td><div class="panel panel-warning"><div class="panel-heading"><span class="label label-warning">warning</span>Â 
>                                Note that these rules can be configured in a
>number of ways while still achieving the desired effect. Here the system calls
>have been placed independent of other system calls. Grouping these system
>calls with others as identifying earlier in this guide is more efficient.</div></div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">audit augenrules</span>Â 
>        <span class="label label-default">oval:ssg-test_audit_rules_augenrules:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>Requires=augenrules.service</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules 32-bit fremovexattr</span>Â 
>        <span class="label label-default">oval:ssg-test_32bit_ardm_fremovexattr_augenrules:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/perm_mod.rules</td><td>-a always,exit -F arch=b32 -S fremovexattr -F auid&gt;=1000 -F auid!=unset -F key=perm_mod</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_x86_64:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_ppc_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="64 bit architecture">oval:ssg-object_system_info_architecture_ppcle_64:obj:1</abbr></strong> of type
>                <strong>uname_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_aarch_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_s390_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules 64-bit fremovexattr</span>Â 
>        <span class="label label-default">oval:ssg-test_64bit_ardm_fremovexattr_augenrules:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/perm_mod.rules</td><td>-a always,exit -F arch=b64 -S fremovexattr -F auid&gt;=1000 -F auid!=unset -F key=perm_mod</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl</span>Â 
>        <span class="label label-default">oval:ssg-test_audit_rules_auditctl:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_audit_rules_auditctl:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>^ExecStartPost=\-\/sbin\/auditctl.*$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl 32-bit fremovexattr</span>Â 
>        <span class="label label-default">oval:ssg-test_32bit_ardm_fremovexattr_auditctl:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-a always,exit -F arch=b32 -S fremovexattr -F auid&gt;=1000 -F auid!=unset -F key=perm_mod</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_x86_64:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_ppc_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="64 bit architecture">oval:ssg-object_system_info_architecture_ppcle_64:obj:1</abbr></strong> of type
>                <strong>uname_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_aarch_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_s390_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl 64-bit fremovexattr</span>Â 
>        <span class="label label-default">oval:ssg-test_64bit_ardm_fremovexattr_auditctl:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-a always,exit -F arch=b64 -S fremovexattr -F auid&gt;=1000 -F auid!=unset -F key=perm_mod</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_fsetxattr" id="rule-detail-id34337"><div class="keywords sr-only">Record Events that Modify the System's Discretionary Access Controls - fsetxattrxccdf_org.ssgproject.content_rule_audit_rules_dac_modification_fsetxattr mediumCCE-85688-0 </div><div class="panel-heading"><h3 class="panel-title">Record Events that Modify the System's Discretionary Access Controls - fsetxattr</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_fsetxattr</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-audit_rules_dac_modification_fsetxattr:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:07+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
>            <abbr title="https://ncp.nist.gov/cce: CCE-85688-0">CCE-85688-0</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
>            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R73)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000126</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000130</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000135</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000172</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002884</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12.1(ii)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12.1(iv)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-3</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-3.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">MA-4(1)(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.5.5</a>, <a href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">10.3.4</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000037-GPOS-00015</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000042-GPOS-00020</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000062-GPOS-00031</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000392-GPOS-00172</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000458-GPOS-00203</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000462-GPOS-00206</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000463-GPOS-00207</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000466-GPOS-00210</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000468-GPOS-00212</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000471-GPOS-00215</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000474-GPOS-00219</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000064-GPOS-00033</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">SLES-15-030190</a>, <a href="https://www.cisecurity.org/benchmark/suse_linux/">4.1.9</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-234918r622137_rule</a></p></td></tr><tr><td>Description</td><td><div class="description">At a minimum, the audit system should collect file permission
>changes for all users and root. If the <code>auditd</code> daemon is configured
>to use the <code>augenrules</code> program to read audit rules during daemon
>startup (the default), add the following line to a file with suffix
><code>.rules</code> in the directory <code>/etc/audit/rules.d</code>:
><pre>-a always,exit -F arch=b32 -S fsetxattr -F auid&gt;=1000 -F auid!=unset -F key=perm_mod</pre>
>If the system is 64 bit then also add the following line:
><pre>-a always,exit -F arch=b64 -S fsetxattr -F auid&gt;=1000 -F auid!=unset -F key=perm_mod</pre>
>If the <code>auditd</code> daemon is configured to use the <code>auditctl</code>
>utility to read audit rules during daemon startup, add the following line to
><code>/etc/audit/audit.rules</code> file:
><pre>-a always,exit -F arch=b32 -S fsetxattr -F auid&gt;=1000 -F auid!=unset -F key=perm_mod</pre>
>If the system is 64 bit then also add the following line:
><pre>-a always,exit -F arch=b64 -S fsetxattr -F auid&gt;=1000 -F auid!=unset -F key=perm_mod</pre></div></td></tr><tr><td>Rationale</td><td><div class="rationale">The changing of file permissions could indicate that a user is attempting to
>gain access to information that would otherwise be disallowed. Auditing DAC modifications
>can facilitate the identification of patterns of abuse among both authorized and
>unauthorized users.</div></td></tr><tr><td>Warnings</td><td><div class="panel panel-warning"><div class="panel-heading"><span class="label label-warning">warning</span>Â 
>                                Note that these rules can be configured in a
>number of ways while still achieving the desired effect. Here the system calls
>have been placed independent of other system calls. Grouping these system
>calls with others as identifying earlier in this guide is more efficient.</div></div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">audit augenrules</span>Â 
>        <span class="label label-default">oval:ssg-test_audit_rules_augenrules:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>Requires=augenrules.service</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules 32-bit fsetxattr</span>Â 
>        <span class="label label-default">oval:ssg-test_32bit_ardm_fsetxattr_augenrules:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/perm_mod.rules</td><td>-a always,exit -F arch=b32 -S fsetxattr -F auid&gt;=1000 -F auid!=unset -F key=perm_mod</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_x86_64:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_ppc_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="64 bit architecture">oval:ssg-object_system_info_architecture_ppcle_64:obj:1</abbr></strong> of type
>                <strong>uname_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_aarch_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_s390_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules 64-bit fsetxattr</span>Â 
>        <span class="label label-default">oval:ssg-test_64bit_ardm_fsetxattr_augenrules:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/perm_mod.rules</td><td>-a always,exit -F arch=b64 -S fsetxattr -F auid&gt;=1000 -F auid!=unset -F key=perm_mod</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl</span>Â 
>        <span class="label label-default">oval:ssg-test_audit_rules_auditctl:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_audit_rules_auditctl:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>^ExecStartPost=\-\/sbin\/auditctl.*$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl 32-bit fsetxattr</span>Â 
>        <span class="label label-default">oval:ssg-test_32bit_ardm_fsetxattr_auditctl:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-a always,exit -F arch=b32 -S fsetxattr -F auid&gt;=1000 -F auid!=unset -F key=perm_mod</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_x86_64:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_ppc_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="64 bit architecture">oval:ssg-object_system_info_architecture_ppcle_64:obj:1</abbr></strong> of type
>                <strong>uname_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_aarch_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_s390_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl 64-bit fsetxattr</span>Â 
>        <span class="label label-default">oval:ssg-test_64bit_ardm_fsetxattr_auditctl:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-a always,exit -F arch=b64 -S fsetxattr -F auid&gt;=1000 -F auid!=unset -F key=perm_mod</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_lchown" id="rule-detail-id34338"><div class="keywords sr-only">Record Events that Modify the System's Discretionary Access Controls - lchownxccdf_org.ssgproject.content_rule_audit_rules_dac_modification_lchown mediumCCE-85691-4 </div><div class="panel-heading"><h3 class="panel-title">Record Events that Modify the System's Discretionary Access Controls - lchown</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_lchown</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-audit_rules_dac_modification_lchown:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:07+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
>            <abbr title="https://ncp.nist.gov/cce: CCE-85691-4">CCE-85691-4</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
>            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R73)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000126</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000130</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000135</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000172</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002884</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-3</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-3.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12.1(iv)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12.1(ii)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">MA-4(1)(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.5.5</a>, <a href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">10.3.4</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000037-GPOS-00015</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000042-GPOS-00020</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000062-GPOS-00031</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000392-GPOS-00172</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000462-GPOS-00206</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000471-GPOS-00215</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000064-GPOS-00033</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000466-GPOS-00210</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000458-GPOS-00203</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000474-GPOS-00219</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">SLES-15-030250</a>, <a href="https://www.cisecurity.org/benchmark/suse_linux/">4.1.9</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-234924r622137_rule</a></p></td></tr><tr><td>Description</td><td><div class="description">At a minimum, the audit system should collect file permission
>changes for all users and root. If the <code>auditd</code> daemon is configured
>to use the <code>augenrules</code> program to read audit rules during daemon
>startup (the default), add the following line to a file with suffix
><code>.rules</code> in the directory <code>/etc/audit/rules.d</code>:
><pre>-a always,exit -F arch=b32 -S lchown -F auid&gt;=1000 -F auid!=unset -F key=perm_mod</pre>
>If the system is 64 bit then also add the following line:
><pre>-a always,exit -F arch=b64 -S lchown -F auid&gt;=1000 -F auid!=unset -F key=perm_mod</pre>
>If the <code>auditd</code> daemon is configured to use the <code>auditctl</code>
>utility to read audit rules during daemon startup, add the following line to
><code>/etc/audit/audit.rules</code> file:
><pre>-a always,exit -F arch=b32 -S lchown -F auid&gt;=1000 -F auid!=unset -F key=perm_mod</pre>
>If the system is 64 bit then also add the following line:
><pre>-a always,exit -F arch=b64 -S lchown -F auid&gt;=1000 -F auid!=unset -F key=perm_mod</pre></div></td></tr><tr><td>Rationale</td><td><div class="rationale">The changing of file permissions could indicate that a user is attempting to
>gain access to information that would otherwise be disallowed. Auditing DAC modifications
>can facilitate the identification of patterns of abuse among both authorized and
>unauthorized users.</div></td></tr><tr><td>Warnings</td><td><div class="panel panel-warning"><div class="panel-heading"><span class="label label-warning">warning</span>Â 
>                                Note that these rules can be configured in a
>number of ways while still achieving the desired effect. Here the system calls
>have been placed independent of other system calls. Grouping these system
>calls with others as identifying earlier in this guide is more efficient.</div></div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">audit augenrules</span>Â 
>        <span class="label label-default">oval:ssg-test_audit_rules_augenrules:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>Requires=augenrules.service</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules 32-bit lchown</span>Â 
>        <span class="label label-default">oval:ssg-test_32bit_ardm_lchown_augenrules:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/perm_mod.rules</td><td>-a always,exit -F arch=b32 -S lchown -F auid&gt;=1000 -F auid!=unset -F key=perm_mod</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_x86_64:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_ppc_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="64 bit architecture">oval:ssg-object_system_info_architecture_ppcle_64:obj:1</abbr></strong> of type
>                <strong>uname_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_aarch_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_s390_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules 64-bit lchown</span>Â 
>        <span class="label label-default">oval:ssg-test_64bit_ardm_lchown_augenrules:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/perm_mod.rules</td><td>-a always,exit -F arch=b64 -S lchown -F auid&gt;=1000 -F auid!=unset -F key=perm_mod</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl</span>Â 
>        <span class="label label-default">oval:ssg-test_audit_rules_auditctl:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_audit_rules_auditctl:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>^ExecStartPost=\-\/sbin\/auditctl.*$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl 32-bit lchown</span>Â 
>        <span class="label label-default">oval:ssg-test_32bit_ardm_lchown_auditctl:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-a always,exit -F arch=b32 -S lchown -F auid&gt;=1000 -F auid!=unset -F key=perm_mod</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_x86_64:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_ppc_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="64 bit architecture">oval:ssg-object_system_info_architecture_ppcle_64:obj:1</abbr></strong> of type
>                <strong>uname_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_aarch_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_s390_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl 64-bit lchown</span>Â 
>        <span class="label label-default">oval:ssg-test_64bit_ardm_lchown_auditctl:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-a always,exit -F arch=b64 -S lchown -F auid&gt;=1000 -F auid!=unset -F key=perm_mod</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_lremovexattr" id="rule-detail-id34339"><div class="keywords sr-only">Record Events that Modify the System's Discretionary Access Controls - lremovexattrxccdf_org.ssgproject.content_rule_audit_rules_dac_modification_lremovexattr mediumCCE-85685-6 </div><div class="panel-heading"><h3 class="panel-title">Record Events that Modify the System's Discretionary Access Controls - lremovexattr</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_lremovexattr</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-audit_rules_dac_modification_lremovexattr:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:07+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
>            <abbr title="https://ncp.nist.gov/cce: CCE-85685-6">CCE-85685-6</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
>            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R73)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000130</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000135</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000172</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002884</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-3</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-3.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12.1(iv)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12.1(ii)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">MA-4(1)(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.5.5</a>, <a href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">10.3.4</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000037-GPOS-00015</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000042-GPOS-00020</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000062-GPOS-00031</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000392-GPOS-00172</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000458-GPOS-00203</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000462-GPOS-00206</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000463-GPOS-00207</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000468-GPOS-00212</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000471-GPOS-00215</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000474-GPOS-00219</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000466-GPOS-00210</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000064-GPOS-00033</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">SLES-15-030190</a>, <a href="https://www.cisecurity.org/benchmark/suse_linux/">4.1.9</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-234918r622137_rule</a></p></td></tr><tr><td>Description</td><td><div class="description">At a minimum, the audit system should collect file permission
>changes for all users and root.
><br><br>
>If the <code>auditd</code> daemon is configured
>to use the <code>augenrules</code> program to read audit rules during daemon
>startup (the default), add the following line to a file with suffix
><code>.rules</code> in the directory <code>/etc/audit/rules.d</code>:
><pre>-a always,exit -F arch=b32 -S lremovexattr -F auid&gt;=1000 -F auid!=unset -F key=perm_mod</pre>
><br><br>
>If the system is 64 bit then also add the following line:
><pre>-a always,exit -F arch=b64 -S lremovexattr -F auid&gt;=1000 -F auid!=unset -F key=perm_mod</pre>
><br><br>
>If the <code>auditd</code> daemon is configured to use the <code>auditctl</code>
>utility to read audit rules during daemon startup, add the following line to
><code>/etc/audit/audit.rules</code> file:
><pre>-a always,exit -F arch=b32 -S lremovexattr -F auid&gt;=1000 -F auid!=unset -F key=perm_mod</pre>
><br><br>
>If the system is 64 bit then also add the following line:
><pre>-a always,exit -F arch=b64 -S lremovexattr -F auid&gt;=1000 -F auid!=unset -F key=perm_mod</pre></div></td></tr><tr><td>Rationale</td><td><div class="rationale">The changing of file permissions could indicate that a user is attempting to
>gain access to information that would otherwise be disallowed. Auditing DAC modifications
>can facilitate the identification of patterns of abuse among both authorized and
>unauthorized users.</div></td></tr><tr><td>Warnings</td><td><div class="panel panel-warning"><div class="panel-heading"><span class="label label-warning">warning</span>Â 
>                                Note that these rules can be configured in a
>number of ways while still achieving the desired effect. Here the system calls
>have been placed independent of other system calls. Grouping these system
>calls with others as identifying earlier in this guide is more efficient.</div></div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">audit augenrules</span>Â 
>        <span class="label label-default">oval:ssg-test_audit_rules_augenrules:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>Requires=augenrules.service</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules 32-bit lremovexattr</span>Â 
>        <span class="label label-default">oval:ssg-test_32bit_ardm_lremovexattr_augenrules:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/perm_mod.rules</td><td>-a always,exit -F arch=b32 -S lremovexattr -F auid&gt;=1000 -F auid!=unset -F key=perm_mod</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_x86_64:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_ppc_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="64 bit architecture">oval:ssg-object_system_info_architecture_ppcle_64:obj:1</abbr></strong> of type
>                <strong>uname_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_aarch_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_s390_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules 64-bit lremovexattr</span>Â 
>        <span class="label label-default">oval:ssg-test_64bit_ardm_lremovexattr_augenrules:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/perm_mod.rules</td><td>-a always,exit -F arch=b64 -S lremovexattr -F auid&gt;=1000 -F auid!=unset -F key=perm_mod</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl</span>Â 
>        <span class="label label-default">oval:ssg-test_audit_rules_auditctl:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_audit_rules_auditctl:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>^ExecStartPost=\-\/sbin\/auditctl.*$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl 32-bit lremovexattr</span>Â 
>        <span class="label label-default">oval:ssg-test_32bit_ardm_lremovexattr_auditctl:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-a always,exit -F arch=b32 -S lremovexattr -F auid&gt;=1000 -F auid!=unset -F key=perm_mod</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_x86_64:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_ppc_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="64 bit architecture">oval:ssg-object_system_info_architecture_ppcle_64:obj:1</abbr></strong> of type
>                <strong>uname_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_aarch_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_s390_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl 64-bit lremovexattr</span>Â 
>        <span class="label label-default">oval:ssg-test_64bit_ardm_lremovexattr_auditctl:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-a always,exit -F arch=b64 -S lremovexattr -F auid&gt;=1000 -F auid!=unset -F key=perm_mod</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_lsetxattr" id="rule-detail-id34340"><div class="keywords sr-only">Record Events that Modify the System's Discretionary Access Controls - lsetxattrxccdf_org.ssgproject.content_rule_audit_rules_dac_modification_lsetxattr mediumCCE-85689-8 </div><div class="panel-heading"><h3 class="panel-title">Record Events that Modify the System's Discretionary Access Controls - lsetxattr</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_lsetxattr</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-audit_rules_dac_modification_lsetxattr:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:07+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
>            <abbr title="https://ncp.nist.gov/cce: CCE-85689-8">CCE-85689-8</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
>            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R73)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000126</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000130</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000135</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000172</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002884</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12.1(ii)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12.1(iv)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-3</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-3.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">MA-4(1)(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.5.5</a>, <a href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">10.3.4</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000037-GPOS-00015</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000042-GPOS-00020</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000062-GPOS-00031</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000392-GPOS-00172</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000458-GPOS-00203</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000462-GPOS-00206</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000463-GPOS-00207</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000466-GPOS-00210</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000468-GPOS-00212</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000471-GPOS-00215</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000474-GPOS-00219</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000064-GPOS-00033</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">SLES-15-030190</a>, <a href="https://www.cisecurity.org/benchmark/suse_linux/">4.1.9</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-234918r622137_rule</a></p></td></tr><tr><td>Description</td><td><div class="description">At a minimum, the audit system should collect file permission
>changes for all users and root. If the <code>auditd</code> daemon is configured
>to use the <code>augenrules</code> program to read audit rules during daemon
>startup (the default), add the following line to a file with suffix
><code>.rules</code> in the directory <code>/etc/audit/rules.d</code>:
><pre>-a always,exit -F arch=b32 -S lsetxattr -F auid&gt;=1000 -F auid!=unset -F key=perm_mod</pre>
>If the system is 64 bit then also add the following line:
><pre>-a always,exit -F arch=b64 -S lsetxattr -F auid&gt;=1000 -F auid!=unset -F key=perm_mod</pre>
>If the <code>auditd</code> daemon is configured to use the <code>auditctl</code>
>utility to read audit rules during daemon startup, add the following line to
><code>/etc/audit/audit.rules</code> file:
><pre>-a always,exit -F arch=b32 -S lsetxattr -F auid&gt;=1000 -F auid!=unset -F key=perm_mod</pre>
>If the system is 64 bit then also add the following line:
><pre>-a always,exit -F arch=b64 -S lsetxattr -F auid&gt;=1000 -F auid!=unset -F key=perm_mod</pre></div></td></tr><tr><td>Rationale</td><td><div class="rationale">The changing of file permissions could indicate that a user is attempting to
>gain access to information that would otherwise be disallowed. Auditing DAC modifications
>can facilitate the identification of patterns of abuse among both authorized and
>unauthorized users.</div></td></tr><tr><td>Warnings</td><td><div class="panel panel-warning"><div class="panel-heading"><span class="label label-warning">warning</span>Â 
>                                Note that these rules can be configured in a
>number of ways while still achieving the desired effect. Here the system calls
>have been placed independent of other system calls. Grouping these system
>calls with others as identifying earlier in this guide is more efficient.</div></div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">audit augenrules</span>Â 
>        <span class="label label-default">oval:ssg-test_audit_rules_augenrules:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>Requires=augenrules.service</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules 32-bit lsetxattr</span>Â 
>        <span class="label label-default">oval:ssg-test_32bit_ardm_lsetxattr_augenrules:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/perm_mod.rules</td><td>-a always,exit -F arch=b32 -S lsetxattr -F auid&gt;=1000 -F auid!=unset -F key=perm_mod</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_x86_64:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_ppc_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="64 bit architecture">oval:ssg-object_system_info_architecture_ppcle_64:obj:1</abbr></strong> of type
>                <strong>uname_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_aarch_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_s390_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules 64-bit lsetxattr</span>Â 
>        <span class="label label-default">oval:ssg-test_64bit_ardm_lsetxattr_augenrules:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/perm_mod.rules</td><td>-a always,exit -F arch=b64 -S lsetxattr -F auid&gt;=1000 -F auid!=unset -F key=perm_mod</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl</span>Â 
>        <span class="label label-default">oval:ssg-test_audit_rules_auditctl:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_audit_rules_auditctl:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>^ExecStartPost=\-\/sbin\/auditctl.*$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl 32-bit lsetxattr</span>Â 
>        <span class="label label-default">oval:ssg-test_32bit_ardm_lsetxattr_auditctl:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-a always,exit -F arch=b32 -S lsetxattr -F auid&gt;=1000 -F auid!=unset -F key=perm_mod</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_x86_64:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_ppc_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="64 bit architecture">oval:ssg-object_system_info_architecture_ppcle_64:obj:1</abbr></strong> of type
>                <strong>uname_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_aarch_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_s390_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl 64-bit lsetxattr</span>Â 
>        <span class="label label-default">oval:ssg-test_64bit_ardm_lsetxattr_auditctl:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-a always,exit -F arch=b64 -S lsetxattr -F auid&gt;=1000 -F auid!=unset -F key=perm_mod</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_removexattr" id="rule-detail-id34341"><div class="keywords sr-only">Record Events that Modify the System's Discretionary Access Controls - removexattrxccdf_org.ssgproject.content_rule_audit_rules_dac_modification_removexattr mediumCCE-85684-9 </div><div class="panel-heading"><h3 class="panel-title">Record Events that Modify the System's Discretionary Access Controls - removexattr</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_removexattr</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-audit_rules_dac_modification_removexattr:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:07+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
>            <abbr title="https://ncp.nist.gov/cce: CCE-85684-9">CCE-85684-9</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
>            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R73)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000130</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000135</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000172</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002884</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12.1(ii)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12.1(iv)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-3</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-3.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">MA-4(1)(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.5.5</a>, <a href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">10.3.4</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000037-GPOS-00015</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000042-GPOS-00020</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000062-GPOS-00031</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000392-GPOS-00172</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000458-GPOS-00203</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000462-GPOS-00206</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000463-GPOS-00207</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000468-GPOS-00212</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000471-GPOS-00215</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000474-GPOS-00219</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000466-GPOS-00210</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000064-GPOS-00033</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">SLES-15-030190</a>, <a href="https://www.cisecurity.org/benchmark/suse_linux/">4.1.9</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-234918r622137_rule</a></p></td></tr><tr><td>Description</td><td><div class="description">At a minimum, the audit system should collect file permission
>changes for all users and root.
><br><br>
>If the <code>auditd</code> daemon is configured to use the <code>augenrules</code>
>program to read audit rules during daemon startup (the default), add the
>following line to a file with suffix <code>.rules</code> in the directory <code>/etc/audit/rules.d</code>:
><pre>-a always,exit -F arch=b32 -S removexattr -F auid&gt;=1000 -F auid!=unset -F key=perm_mod</pre>
><br><br>
>If the system is 64 bit then also add the following line:
><pre>-a always,exit -F arch=b64 -S removexattr -F auid&gt;=1000 -F auid!=unset -F key=perm_mod</pre>
><br><br>
>If the <code>auditd</code> daemon is configured to use the <code>auditctl</code>
>utility to read audit rules during daemon startup, add the following line to
><code>/etc/audit/audit.rules</code> file:
><pre>-a always,exit -F arch=b32 -S removexattr -F auid&gt;=1000 -F auid!=unset -F key=perm_mod</pre>
><br><br>
>If the system is 64 bit then also add the following line:
><pre>-a always,exit -F arch=b64 -S removexattr -F auid&gt;=1000 -F auid!=unset -F key=perm_mod</pre></div></td></tr><tr><td>Rationale</td><td><div class="rationale">The changing of file permissions could indicate that a user is attempting to
>gain access to information that would otherwise be disallowed. Auditing DAC modifications
>can facilitate the identification of patterns of abuse among both authorized and
>unauthorized users.</div></td></tr><tr><td>Warnings</td><td><div class="panel panel-warning"><div class="panel-heading"><span class="label label-warning">warning</span>Â 
>                                Note that these rules can be configured in a
>number of ways while still achieving the desired effect. Here the system calls
>have been placed independent of other system calls. Grouping these system
>calls with others as identifying earlier in this guide is more efficient.</div></div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">audit augenrules</span>Â 
>        <span class="label label-default">oval:ssg-test_audit_rules_augenrules:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>Requires=augenrules.service</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules 32-bit removexattr</span>Â 
>        <span class="label label-default">oval:ssg-test_32bit_ardm_removexattr_augenrules:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/perm_mod.rules</td><td>-a always,exit -F arch=b32 -S removexattr -F auid&gt;=1000 -F auid!=unset -F key=perm_mod</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_x86_64:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_ppc_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="64 bit architecture">oval:ssg-object_system_info_architecture_ppcle_64:obj:1</abbr></strong> of type
>                <strong>uname_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_aarch_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_s390_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules 64-bit removexattr</span>Â 
>        <span class="label label-default">oval:ssg-test_64bit_ardm_removexattr_augenrules:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/perm_mod.rules</td><td>-a always,exit -F arch=b64 -S removexattr -F auid&gt;=1000 -F auid!=unset -F key=perm_mod</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl</span>Â 
>        <span class="label label-default">oval:ssg-test_audit_rules_auditctl:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_audit_rules_auditctl:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>^ExecStartPost=\-\/sbin\/auditctl.*$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl 32-bit removexattr</span>Â 
>        <span class="label label-default">oval:ssg-test_32bit_ardm_removexattr_auditctl:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-a always,exit -F arch=b32 -S removexattr -F auid&gt;=1000 -F auid!=unset -F key=perm_mod</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_x86_64:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_ppc_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="64 bit architecture">oval:ssg-object_system_info_architecture_ppcle_64:obj:1</abbr></strong> of type
>                <strong>uname_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_aarch_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_s390_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl 64-bit removexattr</span>Â 
>        <span class="label label-default">oval:ssg-test_64bit_ardm_removexattr_auditctl:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-a always,exit -F arch=b64 -S removexattr -F auid&gt;=1000 -F auid!=unset -F key=perm_mod</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_setxattr" id="rule-detail-id34342"><div class="keywords sr-only">Record Events that Modify the System's Discretionary Access Controls - setxattrxccdf_org.ssgproject.content_rule_audit_rules_dac_modification_setxattr mediumCCE-85687-2 </div><div class="panel-heading"><h3 class="panel-title">Record Events that Modify the System's Discretionary Access Controls - setxattr</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_setxattr</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-audit_rules_dac_modification_setxattr:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:07+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
>            <abbr title="https://ncp.nist.gov/cce: CCE-85687-2">CCE-85687-2</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
>            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R73)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000126</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000130</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000135</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000172</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002884</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-3</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-3.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12.1(iv)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12.1(ii)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">MA-4(1)(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.5.5</a>, <a href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">10.3.4</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000037-GPOS-00015</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000042-GPOS-00020</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000062-GPOS-00031</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000392-GPOS-00172</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000462-GPOS-00206</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000466-GPOS-00210</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000471-GPOS-00215</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000064-GPOS-00033</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000458-GPOS-00203</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">SLES-15-030190</a>, <a href="https://www.cisecurity.org/benchmark/suse_linux/">4.1.9</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-234918r622137_rule</a></p></td></tr><tr><td>Description</td><td><div class="description">At a minimum, the audit system should collect file permission
>changes for all users and root. If the <code>auditd</code> daemon is configured
>to use the <code>augenrules</code> program to read audit rules during daemon
>startup (the default), add the following line to a file with suffix
><code>.rules</code> in the directory <code>/etc/audit/rules.d</code>:
><pre>-a always,exit -F arch=b32 -S setxattr -F auid&gt;=1000 -F auid!=unset -F key=perm_mod</pre>
>If the system is 64 bit then also add the following line:
><pre>-a always,exit -F arch=b64 -S setxattr -F auid&gt;=1000 -F auid!=unset -F key=perm_mod</pre>
>If the <code>auditd</code> daemon is configured to use the <code>auditctl</code>
>utility to read audit rules during daemon startup, add the following line to
><code>/etc/audit/audit.rules</code> file:
><pre>-a always,exit -F arch=b32 -S setxattr -F auid&gt;=1000 -F auid!=unset -F key=perm_mod</pre>
>If the system is 64 bit then also add the following line:
><pre>-a always,exit -F arch=b64 -S setxattr -F auid&gt;=1000 -F auid!=unset -F key=perm_mod</pre></div></td></tr><tr><td>Rationale</td><td><div class="rationale">The changing of file permissions could indicate that a user is attempting to
>gain access to information that would otherwise be disallowed. Auditing DAC modifications
>can facilitate the identification of patterns of abuse among both authorized and
>unauthorized users.</div></td></tr><tr><td>Warnings</td><td><div class="panel panel-warning"><div class="panel-heading"><span class="label label-warning">warning</span>Â 
>                                Note that these rules can be configured in a
>number of ways while still achieving the desired effect. Here the system calls
>have been placed independent of other system calls. Grouping these system
>calls with others as identifying earlier in this guide is more efficient.</div></div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">audit augenrules</span>Â 
>        <span class="label label-default">oval:ssg-test_audit_rules_augenrules:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>Requires=augenrules.service</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules 32-bit setxattr</span>Â 
>        <span class="label label-default">oval:ssg-test_32bit_ardm_setxattr_augenrules:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/perm_mod.rules</td><td>-a always,exit -F arch=b32 -S setxattr -F auid&gt;=1000 -F auid!=unset -F key=perm_mod</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_x86_64:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_ppc_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="64 bit architecture">oval:ssg-object_system_info_architecture_ppcle_64:obj:1</abbr></strong> of type
>                <strong>uname_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_aarch_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_s390_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules 64-bit setxattr</span>Â 
>        <span class="label label-default">oval:ssg-test_64bit_ardm_setxattr_augenrules:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/perm_mod.rules</td><td>-a always,exit -F arch=b64 -S setxattr -F auid&gt;=1000 -F auid!=unset -F key=perm_mod</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl</span>Â 
>        <span class="label label-default">oval:ssg-test_audit_rules_auditctl:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_audit_rules_auditctl:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>^ExecStartPost=\-\/sbin\/auditctl.*$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl 32-bit setxattr</span>Â 
>        <span class="label label-default">oval:ssg-test_32bit_ardm_setxattr_auditctl:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-a always,exit -F arch=b32 -S setxattr -F auid&gt;=1000 -F auid!=unset -F key=perm_mod</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_x86_64:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_ppc_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="64 bit architecture">oval:ssg-object_system_info_architecture_ppcle_64:obj:1</abbr></strong> of type
>                <strong>uname_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_aarch_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_s390_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl 64-bit setxattr</span>Â 
>        <span class="label label-default">oval:ssg-test_64bit_ardm_setxattr_auditctl:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-a always,exit -F arch=b64 -S setxattr -F auid&gt;=1000 -F auid!=unset -F key=perm_mod</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_umount" id="rule-detail-id34343"><div class="keywords sr-only">Record Events that Modify the System's Discretionary Access Controls - umountxccdf_org.ssgproject.content_rule_audit_rules_dac_modification_umount mediumCCE-85734-2 </div><div class="panel-heading"><h3 class="panel-title">Record Events that Modify the System's Discretionary Access Controls - umount</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_umount</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-audit_rules_dac_modification_umount:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:07+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
>            <abbr title="https://ncp.nist.gov/cce: CCE-85734-2">CCE-85734-2</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
>            <a href="https://public.cyber.mil/stigs/cci/">CCI-000130</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000172</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002884</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000037-GPOS-00015</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000062-GPOS-00031</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000392-GPOS-00172</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000462-GPOS-00206</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000471-GPOS-00215</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">SLES-15-030360</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-234935r622137_rule</a></p></td></tr><tr><td>Description</td><td><div class="description">At a minimum, the audit system should collect file system umount
>changes. If the <code>auditd</code> daemon is configured
>to use the <code>augenrules</code> program to read audit rules during daemon
>startup (the default), add the following line to a file with suffix
><code>.rules</code> in the directory <code>/etc/audit/rules.d</code>:
><pre>-a always,exit -F arch=b32 -S umount -F auid&gt;=1000 -F auid!=unset -F key=perm_mod</pre>
>If the <code>auditd</code> daemon is configured to use the <code>auditctl</code>
>utility to read audit rules during daemon startup, add the following line to
><code>/etc/audit/audit.rules</code> file:
><pre>-a always,exit -F arch=b32 -S umount -F auid&gt;=1000 -F auid!=unset -F key=perm_mod</pre></div></td></tr><tr><td>Rationale</td><td><div class="rationale">The changing of file permissions could indicate that a user is attempting to
>gain access to information that would otherwise be disallowed. Auditing DAC modifications
>can facilitate the identification of patterns of abuse among both authorized and
>unauthorized users.</div></td></tr><tr><td>Warnings</td><td><div class="panel panel-warning"><div class="panel-heading"><span class="label label-warning">warning</span>Â 
>                                Note that these rules can be configured in a
>number of ways while still achieving the desired effect. Here the system calls
>have been placed independent of other system calls. Grouping these system
>calls with others as identifying earlier in this guide is more efficient.</div></div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">audit augenrules</span>Â 
>        <span class="label label-default">oval:ssg-test_audit_rules_augenrules:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>Requires=augenrules.service</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules 32-bit umount</span>Â 
>        <span class="label label-default">oval:ssg-test_32bit_ardm_umount_augenrules:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/perm_mod.rules</td><td>-a always,exit -F arch=b32 -S umount -F auid&gt;=1000 -F auid!=unset -F key=perm_mod</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl</span>Â 
>        <span class="label label-default">oval:ssg-test_audit_rules_auditctl:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_audit_rules_auditctl:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>^ExecStartPost=\-\/sbin\/auditctl.*$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl 32-bit umount</span>Â 
>        <span class="label label-default">oval:ssg-test_32bit_ardm_umount_auditctl:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-a always,exit -F arch=b32 -S umount -F auid&gt;=1000 -F auid!=unset -F key=perm_mod</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_umount2" id="rule-detail-id34344"><div class="keywords sr-only">Record Events that Modify the System's Discretionary Access Controls - umount2xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_umount2 mediumCCE-91250-1 </div><div class="panel-heading"><h3 class="panel-title">Record Events that Modify the System's Discretionary Access Controls - umount2</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_umount2</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-audit_rules_dac_modification_umount2:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:07+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
>            <abbr title="https://ncp.nist.gov/cce: CCE-91250-1">CCE-91250-1</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
>            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R73)</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000130</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000172</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002884</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000037-GPOS-00015</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000062-GPOS-00031</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000392-GPOS-00172</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000462-GPOS-00206</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000471-GPOS-00215</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">SLES-15-030360</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-234935r622137_rule</a></p></td></tr><tr><td>Description</td><td><div class="description">At a minimum, the audit system should collect file system umount2
>changes. If the <code>auditd</code> daemon is configured
>to use the <code>augenrules</code> program to read audit rules during daemon
>startup (the default), add the following line to a file with suffix
><code>.rules</code> in the directory <code>/etc/audit/rules.d</code>:
><pre>-a always,exit -F arch=b32 -S umount2 -F auid&gt;=1000 -F auid!=unset -F key=perm_mod</pre>
>If the system is 64 bit then also add the following line:
><pre>-a always,exit -F arch=b64 -S umount2 -F auid&gt;=1000 -F auid!=unset -F key=perm_mod</pre>
>If the <code>auditd</code> daemon is configured to use the <code>auditctl</code>
>utility to read audit rules during daemon startup, add the following line to
><code>/etc/audit/audit.rules</code> file:
><pre>-a always,exit -F arch=b32 -S umount2 -F auid&gt;=1000 -F auid!=unset -F key=perm_mod</pre>
>If the system is 64 bit then also add the following line:
><pre>-a always,exit -F arch=b64 -S umount2 -F auid&gt;=1000 -F auid!=unset -F key=perm_mod</pre></div></td></tr><tr><td>Rationale</td><td><div class="rationale">The changing of file permissions could indicate that a user is attempting to
>gain access to information that would otherwise be disallowed. Auditing DAC modifications
>can facilitate the identification of patterns of abuse among both authorized and
>unauthorized users.</div></td></tr><tr><td>Warnings</td><td><div class="panel panel-warning"><div class="panel-heading"><span class="label label-warning">warning</span>Â 
>                                Note that these rules can be configured in a
>number of ways while still achieving the desired effect. Here the system calls
>have been placed independent of other system calls. Grouping these system
>calls with others as identifying earlier in this guide is more efficient.</div></div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">audit augenrules</span>Â 
>        <span class="label label-default">oval:ssg-test_audit_rules_augenrules:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>Requires=augenrules.service</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules 32-bit umount2</span>Â 
>        <span class="label label-default">oval:ssg-test_32bit_ardm_umount2_augenrules:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/perm_mod.rules</td><td>-a always,exit -F arch=b32 -S umount2 -F auid&gt;=1000 -F auid!=unset -F key=perm_mod</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_x86_64:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_ppc_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="64 bit architecture">oval:ssg-object_system_info_architecture_ppcle_64:obj:1</abbr></strong> of type
>                <strong>uname_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_aarch_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_s390_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules 64-bit umount2</span>Â 
>        <span class="label label-default">oval:ssg-test_64bit_ardm_umount2_augenrules:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/perm_mod.rules</td><td>-a always,exit -F arch=b64 -S umount2 -F auid&gt;=1000 -F auid!=unset -F key=perm_mod
></td></tr></tbody></table><h4><span class="label label-primary">audit auditctl</span>Â 
>        <span class="label label-default">oval:ssg-test_audit_rules_auditctl:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_audit_rules_auditctl:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>^ExecStartPost=\-\/sbin\/auditctl.*$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl 32-bit umount2</span>Â 
>        <span class="label label-default">oval:ssg-test_32bit_ardm_umount2_auditctl:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-a always,exit -F arch=b32 -S umount2 -F auid&gt;=1000 -F auid!=unset -F key=perm_mod</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_x86_64:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_ppc_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="64 bit architecture">oval:ssg-object_system_info_architecture_ppcle_64:obj:1</abbr></strong> of type
>                <strong>uname_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_aarch_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_s390_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl 64-bit umount2</span>Â 
>        <span class="label label-default">oval:ssg-test_64bit_ardm_umount2_auditctl:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-a always,exit -F arch=b64 -S umount2 -F auid&gt;=1000 -F auid!=unset -F key=perm_mod</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_execution_chacl" id="rule-detail-id34345"><div class="keywords sr-only">Record Any Attempts to Run chaclxccdf_org.ssgproject.content_rule_audit_rules_execution_chacl mediumCCE-85595-7 </div><div class="panel-heading"><h3 class="panel-title">Record Any Attempts to Run chacl</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_execution_chacl</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-audit_rules_execution_chacl:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:07+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
>            <abbr title="https://ncp.nist.gov/cce: CCE-85595-7">CCE-85595-7</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
>            <a href="https://public.cyber.mil/stigs/cci/">CCI-000130</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000135</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000172</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002884</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000037-GPOS-00015</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000042-GPOS-00020</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000062-GPOS-00031</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000392-GPOS-00172</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000462-GPOS-00206</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000471-GPOS-00215</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000466-GPOS-00210</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">SLES-15-030440</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-234943r622137_rule</a></p></td></tr><tr><td>Description</td><td><div class="description">At a minimum, the audit system should collect any execution attempt
>of the <code>chacl</code> command for all users and root. If the <code>auditd</code>
>daemon is configured to use the <code>augenrules</code> program to read audit rules
>during daemon startup (the default), add the following lines to a file with suffix
><code>.rules</code> in the directory <code>/etc/audit/rules.d</code>:
><pre>-a always,exit -F path=/usr/bin/chacl -F perm=x -F auid&gt;=1000 -F auid!=unset -F key=privileged</pre>
>If the <code>auditd</code> daemon is configured to use the <code>auditctl</code>
>utility to read audit rules during daemon startup, add the following lines to
><code>/etc/audit/audit.rules</code> file:
><pre>-a always,exit -F path=/usr/bin/chacl -F perm=x -F auid&gt;=1000 -F auid!=unset -F key=privileged</pre></div></td></tr><tr><td>Rationale</td><td><div class="rationale">Without generating audit records that are specific to the security and
>mission needs of the organization, it would be difficult to establish,
>correlate, and investigate the events relating to an incident or identify
>those responsible for one.
>Audit records can be generated from various components within the
>information system (e.g., module or policy filter).</div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">audit augenrules</span>Â 
>        <span class="label label-default">oval:ssg-test_audit_rules_augenrules:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>Requires=augenrules.service</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules chacl</span>Â 
>        <span class="label label-default">oval:ssg-test_audit_rules_execution_chacl_augenrules:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/privileged.rules</td><td>-a always,exit -F path=/usr/bin/chacl -F perm=x -F auid&gt;=1000 -F auid!=unset -F key=privileged</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl</span>Â 
>        <span class="label label-default">oval:ssg-test_audit_rules_auditctl:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_audit_rules_auditctl:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>^ExecStartPost=\-\/sbin\/auditctl.*$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl chacl</span>Â 
>        <span class="label label-default">oval:ssg-test_audit_rules_execution_chacl_auditctl:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-a always,exit -F path=/usr/bin/chacl -F perm=x -F auid&gt;=1000 -F auid!=unset -F key=privileged</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_execution_chmod" id="rule-detail-id34346"><div class="keywords sr-only">Record Any Attempts to Run chmodxccdf_org.ssgproject.content_rule_audit_rules_execution_chmod mediumCCE-85593-2 </div><div class="panel-heading"><h3 class="panel-title">Record Any Attempts to Run chmod</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_execution_chmod</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-audit_rules_execution_chmod:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:07+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
>            <abbr title="https://ncp.nist.gov/cce: CCE-85593-2">CCE-85593-2</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
>            <a href="https://public.cyber.mil/stigs/cci/">CCI-000130</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000172</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002884</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000037-GPOS-00015</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000062-GPOS-00031</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000392-GPOS-00172</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000462-GPOS-00206</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000471-GPOS-00215</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">SLES-15-030420</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-234941r622137_rule</a></p></td></tr><tr><td>Description</td><td><div class="description">At a minimum, the audit system should collect any execution attempt
>of the <code>chmod</code> command for all users and root. If the <code>auditd</code>
>daemon is configured to use the <code>augenrules</code> program to read audit rules
>during daemon startup (the default), add the following lines to a file with suffix
><code>.rules</code> in the directory <code>/etc/audit/rules.d</code>:
><pre>-a always,exit -F path=/usr/bin/chmod -F perm=x -F auid&gt;=1000 -F auid!=unset -F key=privileged</pre>
>If the <code>auditd</code> daemon is configured to use the <code>auditctl</code>
>utility to read audit rules during daemon startup, add the following lines to
><code>/etc/audit/audit.rules</code> file:
><pre>-a always,exit -F path=/usr/bin/chmod -F perm=x -F auid&gt;=1000 -F auid!=unset -F key=privileged</pre></div></td></tr><tr><td>Rationale</td><td><div class="rationale">Without generating audit records that are specific to the security and
>mission needs of the organization, it would be difficult to establish,
>correlate, and investigate the events relating to an incident or identify
>those responsible for one.
>
>Audit records can be generated from various components within the
>information system (e.g., module or policy filter).</div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">audit augenrules</span>Â 
>        <span class="label label-default">oval:ssg-test_audit_rules_augenrules:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>Requires=augenrules.service</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules chmod</span>Â 
>        <span class="label label-default">oval:ssg-test_audit_rules_execution_chmod_augenrules:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/privileged.rules</td><td>-a always,exit -F path=/usr/bin/chmod -F perm=x -F auid&gt;=1000 -F auid!=unset -F key=privileged</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl</span>Â 
>        <span class="label label-default">oval:ssg-test_audit_rules_auditctl:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_audit_rules_auditctl:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>^ExecStartPost=\-\/sbin\/auditctl.*$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl chmod</span>Â 
>        <span class="label label-default">oval:ssg-test_audit_rules_execution_chmod_auditctl:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-a always,exit -F path=/usr/bin/chmod -F perm=x -F auid&gt;=1000 -F auid!=unset -F key=privileged</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_execution_setfacl" id="rule-detail-id34347"><div class="keywords sr-only">Record Any Attempts to Run setfaclxccdf_org.ssgproject.content_rule_audit_rules_execution_setfacl mediumCCE-85594-0 </div><div class="panel-heading"><h3 class="panel-title">Record Any Attempts to Run setfacl</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_execution_setfacl</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-audit_rules_execution_setfacl:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:07+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
>            <abbr title="https://ncp.nist.gov/cce: CCE-85594-0">CCE-85594-0</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
>            <a href="https://public.cyber.mil/stigs/cci/">CCI-000130</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000135</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000172</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002884</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000037-GPOS-00015</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000042-GPOS-00020</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000062-GPOS-00031</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000392-GPOS-00172</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000462-GPOS-00206</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000471-GPOS-00215</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">SLES-15-030430</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-234942r622137_rule</a></p></td></tr><tr><td>Description</td><td><div class="description">At a minimum, the audit system should collect any execution attempt
>of the <code>setfacl</code> command for all users and root. If the <code>auditd</code>
>daemon is configured to use the <code>augenrules</code> program to read audit rules
>during daemon startup (the default), add the following lines to a file with suffix
><code>.rules</code> in the directory <code>/etc/audit/rules.d</code>:
><pre>-a always,exit -F path=/usr/bin/setfacl -F perm=x -F auid&gt;=1000 -F auid!=unset -F key=privileged</pre>
>If the <code>auditd</code> daemon is configured to use the <code>auditctl</code>
>utility to read audit rules during daemon startup, add the following lines to
><code>/etc/audit/audit.rules</code> file:
><pre>-a always,exit -F path=/usr/bin/setfacl -F perm=x -F auid&gt;=1000 -F auid!=unset -F key=privileged</pre></div></td></tr><tr><td>Rationale</td><td><div class="rationale">Without generating audit records that are specific to the security and
>mission needs of the organization, it would be difficult to establish,
>correlate, and investigate the events relating to an incident or identify
>those responsible for one.
>Audit records can be generated from various components within the
>information system (e.g., module or policy filter).</div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">audit augenrules</span>Â 
>        <span class="label label-default">oval:ssg-test_audit_rules_augenrules:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>Requires=augenrules.service</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules setfacl</span>Â 
>        <span class="label label-default">oval:ssg-test_audit_rules_execution_setfacl_augenrules:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/privileged.rules</td><td>-a always,exit -F path=/usr/bin/setfacl -F perm=x -F auid&gt;=1000 -F auid!=unset -F key=privileged</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl</span>Â 
>        <span class="label label-default">oval:ssg-test_audit_rules_auditctl:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_audit_rules_auditctl:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>^ExecStartPost=\-\/sbin\/auditctl.*$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl setfacl</span>Â 
>        <span class="label label-default">oval:ssg-test_audit_rules_execution_setfacl_auditctl:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-a always,exit -F path=/usr/bin/setfacl -F perm=x -F auid&gt;=1000 -F auid!=unset -F key=privileged</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_execution_chcon" id="rule-detail-id34348"><div class="keywords sr-only">Record Any Attempts to Run chconxccdf_org.ssgproject.content_rule_audit_rules_execution_chcon mediumCCE-85716-9 </div><div class="panel-heading"><h3 class="panel-title">Record Any Attempts to Run chcon</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_execution_chcon</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-audit_rules_execution_chcon:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:07+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
>            <abbr title="https://ncp.nist.gov/cce: CCE-85716-9">CCE-85716-9</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
>            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000130</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000135</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000172</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002884</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-3</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-3.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12.1(ii)AU-12.1(iv)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">MA-4(1)(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000037-GPOS-00015</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000042-GPOS-00020</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000062-GPOS-00031</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000392-GPOS-00172</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000462-GPOS-00206</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000468-GPOS-00212</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000471-GPOS-00215</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000463-GPOS-00207</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000465-GPOS-00209</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">SLES-15-030450</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-234944r622137_rule</a></p></td></tr><tr><td>Description</td><td><div class="description">At a minimum, the audit system should collect any execution attempt
>of the <code>chcon</code> command for all users and root. If the <code>auditd</code>
>daemon is configured to use the <code>augenrules</code> program to read audit rules
>during daemon startup (the default), add the following lines to a file with suffix
><code>.rules</code> in the directory <code>/etc/audit/rules.d</code>:
><pre>-a always,exit -F path=/usr/bin/chcon -F perm=x -F auid&gt;=1000 -F auid!=unset -F key=privileged</pre>
>If the <code>auditd</code> daemon is configured to use the <code>auditctl</code>
>utility to read audit rules during daemon startup, add the following lines to
><code>/etc/audit/audit.rules</code> file:
><pre>-a always,exit -F path=/usr/bin/chcon -F perm=x -F auid&gt;=1000 -F auid!=unset -F key=privileged</pre></div></td></tr><tr><td>Rationale</td><td><div class="rationale">Misuse of privileged functions, either intentionally or unintentionally by
>authorized users, or by unauthorized external entities that have compromised system accounts,
>is a serious and ongoing concern and can have significant adverse impacts on organizations.
>Auditing the use of privileged functions is one way to detect such misuse and identify
>the risk from insider and advanced persistent threats.
><br><br>
>Privileged programs are subject to escalation-of-privilege attacks,
>which attempt to subvert their normal role of providing some necessary but
>limited capability. As such, motivation exists to monitor these programs for
>unusual activity.</div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">audit augenrules</span>Â 
>        <span class="label label-default">oval:ssg-test_audit_rules_augenrules:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>Requires=augenrules.service</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules chcon</span>Â 
>        <span class="label label-default">oval:ssg-test_audit_rules_execution_chcon_augenrules:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/privileged.rules</td><td>-a always,exit -F path=/usr/bin/chcon -F perm=x -F auid&gt;=1000 -F auid!=unset -F key=privileged</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl</span>Â 
>        <span class="label label-default">oval:ssg-test_audit_rules_auditctl:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_audit_rules_auditctl:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>^ExecStartPost=\-\/sbin\/auditctl.*$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl chcon</span>Â 
>        <span class="label label-default">oval:ssg-test_audit_rules_execution_chcon_auditctl:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-a always,exit -F path=/usr/bin/chcon -F perm=x -F auid&gt;=1000 -F auid!=unset -F key=privileged</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_execution_rm" id="rule-detail-id34349"><div class="keywords sr-only">Record Any Attempts to Run rmxccdf_org.ssgproject.content_rule_audit_rules_execution_rm mediumCCE-85596-5 </div><div class="panel-heading"><h3 class="panel-title">Record Any Attempts to Run rm</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_execution_rm</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-audit_rules_execution_rm:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:07+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
>            <abbr title="https://ncp.nist.gov/cce: CCE-85596-5">CCE-85596-5</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
>            <a href="https://public.cyber.mil/stigs/cci/">CCI-000130</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000172</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002884</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000037-GPOS-00015</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000062-GPOS-00031</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000392-GPOS-00172</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000462-GPOS-00206</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000471-GPOS-00215</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">SLES-15-030460</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-234945r622137_rule</a></p></td></tr><tr><td>Description</td><td><div class="description">At a minimum, the audit system should collect any execution attempt
>of the <code>rm</code> command for all users and root. If the <code>auditd</code>
>daemon is configured to use the <code>augenrules</code> program to read audit rules
>during daemon startup (the default), add the following lines to a file with suffix
><code>.rules</code> in the directory <code>/etc/audit/rules.d</code>:
><pre>-a always,exit -F path=/usr/bin/rm -F perm=x -F auid&gt;=1000 -F auid!=unset -F key=privileged</pre>
>If the <code>auditd</code> daemon is configured to use the <code>auditctl</code>
>utility to read audit rules during daemon startup, add the following lines to
><code>/etc/audit/audit.rules</code> file:
><pre>-a always,exit -F path=/usr/bin/rm -F perm=x -F auid&gt;=1000 -F auid!=unset -F key=privileged</pre></div></td></tr><tr><td>Rationale</td><td><div class="rationale">Without generating audit records that are specific to the security and
>mission needs of the organization, it would be difficult to establish,
>correlate, and investigate the events relating to an incident or identify
>those responsible for one.
>
>Audit records can be generated from various components within the
>information system (e.g., module or policy filter).</div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">audit augenrules</span>Â 
>        <span class="label label-default">oval:ssg-test_audit_rules_augenrules:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>Requires=augenrules.service</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules rm</span>Â 
>        <span class="label label-default">oval:ssg-test_audit_rules_execution_rm_augenrules:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/privileged.rules</td><td>-a always,exit -F path=/usr/bin/rm -F perm=x -F auid&gt;=1000 -F auid!=unset -F key=privileged</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl</span>Â 
>        <span class="label label-default">oval:ssg-test_audit_rules_auditctl:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_audit_rules_auditctl:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>^ExecStartPost=\-\/sbin\/auditctl.*$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl rm</span>Â 
>        <span class="label label-default">oval:ssg-test_audit_rules_execution_rm_auditctl:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-a always,exit -F path=/usr/bin/rm -F perm=x -F auid&gt;=1000 -F auid!=unset -F key=privileged</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_file_deletion_events_rename" id="rule-detail-id34350"><div class="keywords sr-only">Ensure auditd Collects File Deletion Events by User - renamexccdf_org.ssgproject.content_rule_audit_rules_file_deletion_events_rename mediumCCE-85768-0 </div><div class="panel-heading"><h3 class="panel-title">Ensure auditd Collects File Deletion Events by User - rename</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_file_deletion_events_rename</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-audit_rules_file_deletion_events_rename:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:07+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
>            <abbr title="https://ncp.nist.gov/cce: CCE-85768-0">CCE-85768-0</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
>            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R73)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000130</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000135</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000172</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002884</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.MA-2</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.2.7</a>, <a href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">10.2.1.7</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000037-GPOS-00015</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000042-GPOS-00020</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000062-GPOS-00031</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000392-GPOS-00172</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000462-GPOS-00206</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000471-GPOS-00215</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000466-GPOS-00210</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000467-GPOS-00211</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000468-GPOS-00212</a>, <a href="https://www.cisecurity.org/benchmark/suse_linux/">4.1.13</a></p></td></tr><tr><td>Description</td><td><div class="description">At a minimum, the audit system should collect file deletion events
>for all users and root. If the <code>auditd</code> daemon is configured to use the
><code>augenrules</code> program to read audit rules during daemon startup (the
>default), add the following line to a file with suffix <code>.rules</code> in the
>directory <code>/etc/audit/rules.d</code>, setting ARCH to either b32 or b64 as
>appropriate for your system:
><pre>-a always,exit -F arch=ARCH -S rename -F auid&gt;=1000 -F auid!=unset -F key=delete</pre>
>If the <code>auditd</code> daemon is configured to use the <code>auditctl</code>
>utility to read audit rules during daemon startup, add the following line to
><code>/etc/audit/audit.rules</code> file, setting ARCH to either b32 or b64 as
>appropriate for your system:
><pre>-a always,exit -F arch=ARCH -S rename -F auid&gt;=1000 -F auid!=unset -F key=delete</pre></div></td></tr><tr><td>Rationale</td><td><div class="rationale">Auditing file deletions will create an audit trail for files that are removed
>from the system. The audit trail could aid in system troubleshooting, as well as, detecting
>malicious processes that attempt to delete log files to conceal their presence.</div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">audit augenrules</span>Â 
>        <span class="label label-default">oval:ssg-test_audit_rules_augenrules:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>Requires=augenrules.service</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules 32-bit rename</span>Â 
>        <span class="label label-default">oval:ssg-test_32bit_ardm_rename_augenrules:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/access.rules</td><td>-a always,exit -F arch=b32 -S rename -F exit=-EACCES -F auid&gt;=1000 -F auid!=unset -F key=access</td></tr><tr><td>/etc/audit/rules.d/delete.rules</td><td>-a always,exit -F arch=b32 -S rename -F auid&gt;=1000 -F auid!=unset -F key=delete</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_x86_64:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_ppc_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="64 bit architecture">oval:ssg-object_system_info_architecture_ppcle_64:obj:1</abbr></strong> of type
>                <strong>uname_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_aarch_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_s390_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules 64-bit rename</span>Â 
>        <span class="label label-default">oval:ssg-test_64bit_ardm_rename_augenrules:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/access.rules</td><td>-a always,exit -F arch=b64 -S rename -F exit=-EACCES -F auid&gt;=1000 -F auid!=unset -F key=access</td></tr><tr><td>/etc/audit/rules.d/delete.rules</td><td>-a always,exit -F arch=b64 -S rename -F auid&gt;=1000 -F auid!=unset -F key=delete</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl</span>Â 
>        <span class="label label-default">oval:ssg-test_audit_rules_auditctl:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_audit_rules_auditctl:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>^ExecStartPost=\-\/sbin\/auditctl.*$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl 32-bit rename</span>Â 
>        <span class="label label-default">oval:ssg-test_32bit_ardm_rename_auditctl:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-a always,exit -F arch=b32 -S rename -F exit=-EACCES -F auid&gt;=1000 -F auid!=unset -F key=access</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_x86_64:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_ppc_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="64 bit architecture">oval:ssg-object_system_info_architecture_ppcle_64:obj:1</abbr></strong> of type
>                <strong>uname_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_aarch_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_s390_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl 64-bit rename</span>Â 
>        <span class="label label-default">oval:ssg-test_64bit_ardm_rename_auditctl:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-a always,exit -F arch=b64 -S rename -F exit=-EACCES -F auid&gt;=1000 -F auid!=unset -F key=access</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_file_deletion_events_renameat" id="rule-detail-id34351"><div class="keywords sr-only">Ensure auditd Collects File Deletion Events by User - renameatxccdf_org.ssgproject.content_rule_audit_rules_file_deletion_events_renameat mediumCCE-85769-8 </div><div class="panel-heading"><h3 class="panel-title">Ensure auditd Collects File Deletion Events by User - renameat</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_file_deletion_events_renameat</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-audit_rules_file_deletion_events_renameat:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:07+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
>            <abbr title="https://ncp.nist.gov/cce: CCE-85769-8">CCE-85769-8</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
>            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R73)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000130</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000135</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000172</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002884</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.MA-2</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.2.7</a>, <a href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">10.2.1.7</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000037-GPOS-00015</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000042-GPOS-00020</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000062-GPOS-00031</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000392-GPOS-00172</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000462-GPOS-00206</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000471-GPOS-00215</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000466-GPOS-00210</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000467-GPOS-00211</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000468-GPOS-00212</a>, <a href="https://www.cisecurity.org/benchmark/suse_linux/">4.1.13</a></p></td></tr><tr><td>Description</td><td><div class="description">At a minimum, the audit system should collect file deletion events
>for all users and root. If the <code>auditd</code> daemon is configured to use the
><code>augenrules</code> program to read audit rules during daemon startup (the
>default), add the following line to a file with suffix <code>.rules</code> in the
>directory <code>/etc/audit/rules.d</code>, setting ARCH to either b32 or b64 as
>appropriate for your system:
><pre>-a always,exit -F arch=ARCH -S renameat -F auid&gt;=1000 -F auid!=unset -F key=delete</pre>
>If the <code>auditd</code> daemon is configured to use the <code>auditctl</code>
>utility to read audit rules during daemon startup, add the following line to
><code>/etc/audit/audit.rules</code> file, setting ARCH to either b32 or b64 as
>appropriate for your system:
><pre>-a always,exit -F arch=ARCH -S renameat -F auid&gt;=1000 -F auid!=unset -F key=delete</pre></div></td></tr><tr><td>Rationale</td><td><div class="rationale">Auditing file deletions will create an audit trail for files that are removed
>from the system. The audit trail could aid in system troubleshooting, as well as, detecting
>malicious processes that attempt to delete log files to conceal their presence.</div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">audit augenrules</span>Â 
>        <span class="label label-default">oval:ssg-test_audit_rules_augenrules:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>Requires=augenrules.service</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules 32-bit renameat</span>Â 
>        <span class="label label-default">oval:ssg-test_32bit_ardm_renameat_augenrules:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/access.rules</td><td>-a always,exit -F arch=b32 -S renameat -F exit=-EACCES -F auid&gt;=1000 -F auid!=unset -F key=access</td></tr><tr><td>/etc/audit/rules.d/delete.rules</td><td>-a always,exit -F arch=b32 -S renameat -F auid&gt;=1000 -F auid!=unset -F key=delete</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_x86_64:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_ppc_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="64 bit architecture">oval:ssg-object_system_info_architecture_ppcle_64:obj:1</abbr></strong> of type
>                <strong>uname_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_aarch_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_s390_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules 64-bit renameat</span>Â 
>        <span class="label label-default">oval:ssg-test_64bit_ardm_renameat_augenrules:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/access.rules</td><td>-a always,exit -F arch=b64 -S renameat -F exit=-EACCES -F auid&gt;=1000 -F auid!=unset -F key=access</td></tr><tr><td>/etc/audit/rules.d/delete.rules</td><td>-a always,exit -F arch=b64 -S renameat -F auid&gt;=1000 -F auid!=unset -F key=delete</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl</span>Â 
>        <span class="label label-default">oval:ssg-test_audit_rules_auditctl:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_audit_rules_auditctl:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>^ExecStartPost=\-\/sbin\/auditctl.*$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl 32-bit renameat</span>Â 
>        <span class="label label-default">oval:ssg-test_32bit_ardm_renameat_auditctl:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-a always,exit -F arch=b32 -S renameat -F exit=-EACCES -F auid&gt;=1000 -F auid!=unset -F key=access</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_x86_64:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_ppc_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="64 bit architecture">oval:ssg-object_system_info_architecture_ppcle_64:obj:1</abbr></strong> of type
>                <strong>uname_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_aarch_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_s390_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl 64-bit renameat</span>Â 
>        <span class="label label-default">oval:ssg-test_64bit_ardm_renameat_auditctl:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-a always,exit -F arch=b64 -S renameat -F exit=-EACCES -F auid&gt;=1000 -F auid!=unset -F key=access</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_file_deletion_events_unlink" id="rule-detail-id34352"><div class="keywords sr-only">Ensure auditd Collects File Deletion Events by User - unlinkxccdf_org.ssgproject.content_rule_audit_rules_file_deletion_events_unlink mediumCCE-85771-4 </div><div class="panel-heading"><h3 class="panel-title">Ensure auditd Collects File Deletion Events by User - unlink</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_file_deletion_events_unlink</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-audit_rules_file_deletion_events_unlink:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:07+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
>            <abbr title="https://ncp.nist.gov/cce: CCE-85771-4">CCE-85771-4</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
>            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R73)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000130</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000135</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000172</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002884</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.MA-2</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.2.7</a>, <a href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">10.2.1.7</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000037-GPOS-00015</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000042-GPOS-00020</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000062-GPOS-00031</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000392-GPOS-00172</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000462-GPOS-00206</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000471-GPOS-00215</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000466-GPOS-00210</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000467-GPOS-00211</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000468-GPOS-00212</a>, <a href="https://www.cisecurity.org/benchmark/suse_linux/">4.1.13</a></p></td></tr><tr><td>Description</td><td><div class="description">At a minimum, the audit system should collect file deletion events
>for all users and root. If the <code>auditd</code> daemon is configured to use the
><code>augenrules</code> program to read audit rules during daemon startup (the
>default), add the following line to a file with suffix <code>.rules</code> in the
>directory <code>/etc/audit/rules.d</code>, setting ARCH to either b32 or b64 as
>appropriate for your system:
><pre>-a always,exit -F arch=ARCH -S unlink -F auid&gt;=1000 -F auid!=unset -F key=delete</pre>
>If the <code>auditd</code> daemon is configured to use the <code>auditctl</code>
>utility to read audit rules during daemon startup, add the following line to
><code>/etc/audit/audit.rules</code> file, setting ARCH to either b32 or b64 as
>appropriate for your system:
><pre>-a always,exit -F arch=ARCH -S unlink -F auid&gt;=1000 -F auid!=unset -F key=delete</pre></div></td></tr><tr><td>Rationale</td><td><div class="rationale">Auditing file deletions will create an audit trail for files that are removed
>from the system. The audit trail could aid in system troubleshooting, as well as, detecting
>malicious processes that attempt to delete log files to conceal their presence.</div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">audit augenrules</span>Â 
>        <span class="label label-default">oval:ssg-test_audit_rules_augenrules:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>Requires=augenrules.service</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules 32-bit unlink</span>Â 
>        <span class="label label-default">oval:ssg-test_32bit_ardm_unlink_augenrules:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/access.rules</td><td>-a always,exit -F arch=b32 -S unlink -F exit=-EACCES -F auid&gt;=1000 -F auid!=unset -F key=access</td></tr><tr><td>/etc/audit/rules.d/delete.rules</td><td>-a always,exit -F arch=b32 -S unlink -F auid&gt;=1000 -F auid!=unset -F key=delete</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_x86_64:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_ppc_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="64 bit architecture">oval:ssg-object_system_info_architecture_ppcle_64:obj:1</abbr></strong> of type
>                <strong>uname_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_aarch_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_s390_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules 64-bit unlink</span>Â 
>        <span class="label label-default">oval:ssg-test_64bit_ardm_unlink_augenrules:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/delete.rules</td><td>-a always,exit -F arch=b64 -S unlink -F auid&gt;=1000 -F auid!=unset -F key=delete</td></tr><tr><td>/etc/audit/rules.d/access.rules</td><td>-a always,exit -F arch=b64 -S unlink -F exit=-EACCES -F auid&gt;=1000 -F auid!=unset -F key=access</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl</span>Â 
>        <span class="label label-default">oval:ssg-test_audit_rules_auditctl:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_audit_rules_auditctl:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>^ExecStartPost=\-\/sbin\/auditctl.*$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl 32-bit unlink</span>Â 
>        <span class="label label-default">oval:ssg-test_32bit_ardm_unlink_auditctl:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-a always,exit -F arch=b32 -S unlink -F exit=-EACCES -F auid&gt;=1000 -F auid!=unset -F key=access</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_x86_64:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_ppc_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="64 bit architecture">oval:ssg-object_system_info_architecture_ppcle_64:obj:1</abbr></strong> of type
>                <strong>uname_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_aarch_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_s390_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl 64-bit unlink</span>Â 
>        <span class="label label-default">oval:ssg-test_64bit_ardm_unlink_auditctl:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-a always,exit -F arch=b64 -S unlink -F exit=-EACCES -F auid&gt;=1000 -F auid!=unset -F key=access</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_file_deletion_events_unlinkat" id="rule-detail-id34353"><div class="keywords sr-only">Ensure auditd Collects File Deletion Events by User - unlinkatxccdf_org.ssgproject.content_rule_audit_rules_file_deletion_events_unlinkat mediumCCE-85772-2 </div><div class="panel-heading"><h3 class="panel-title">Ensure auditd Collects File Deletion Events by User - unlinkat</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_file_deletion_events_unlinkat</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-audit_rules_file_deletion_events_unlinkat:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:07+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
>            <abbr title="https://ncp.nist.gov/cce: CCE-85772-2">CCE-85772-2</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
>            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R73)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000130</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000135</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000172</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002884</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.MA-2</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.2.7</a>, <a href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">10.2.1.7</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000037-GPOS-00015</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000042-GPOS-00020</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000062-GPOS-00031</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000392-GPOS-00172</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000462-GPOS-00206</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000471-GPOS-00215</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000466-GPOS-00210</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000467-GPOS-00211</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000468-GPOS-00212</a>, <a href="https://www.cisecurity.org/benchmark/suse_linux/">4.1.13</a></p></td></tr><tr><td>Description</td><td><div class="description">At a minimum, the audit system should collect file deletion events
>for all users and root. If the <code>auditd</code> daemon is configured to use the
><code>augenrules</code> program to read audit rules during daemon startup (the
>default), add the following line to a file with suffix <code>.rules</code> in the
>directory <code>/etc/audit/rules.d</code>, setting ARCH to either b32 or b64 as
>appropriate for your system:
><pre>-a always,exit -F arch=ARCH -S unlinkat -F auid&gt;=1000 -F auid!=unset -F key=delete</pre>
>If the <code>auditd</code> daemon is configured to use the <code>auditctl</code>
>utility to read audit rules during daemon startup, add the following line to
><code>/etc/audit/audit.rules</code> file, setting ARCH to either b32 or b64 as
>appropriate for your system:
><pre>-a always,exit -F arch=ARCH -S unlinkat -F auid&gt;=1000 -F auid!=unset -F key=delete</pre></div></td></tr><tr><td>Rationale</td><td><div class="rationale">Auditing file deletions will create an audit trail for files that are removed
>from the system. The audit trail could aid in system troubleshooting, as well as, detecting
>malicious processes that attempt to delete log files to conceal their presence.</div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">audit augenrules</span>Â 
>        <span class="label label-default">oval:ssg-test_audit_rules_augenrules:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>Requires=augenrules.service</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules 32-bit unlinkat</span>Â 
>        <span class="label label-default">oval:ssg-test_32bit_ardm_unlinkat_augenrules:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/delete.rules</td><td>-a always,exit -F arch=b32 -S unlinkat -F auid&gt;=1000 -F auid!=unset -F key=delete</td></tr><tr><td>/etc/audit/rules.d/access.rules</td><td>-a always,exit -F arch=b32 -S unlinkat -F exit=-EACCES -F auid&gt;=1000 -F auid!=unset -F key=access</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_x86_64:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_ppc_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="64 bit architecture">oval:ssg-object_system_info_architecture_ppcle_64:obj:1</abbr></strong> of type
>                <strong>uname_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_aarch_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_s390_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules 64-bit unlinkat</span>Â 
>        <span class="label label-default">oval:ssg-test_64bit_ardm_unlinkat_augenrules:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/delete.rules</td><td>-a always,exit -F arch=b64 -S unlinkat -F auid&gt;=1000 -F auid!=unset -F key=delete
></td></tr><tr><td>/etc/audit/rules.d/access.rules</td><td>-a always,exit -F arch=b64 -S unlinkat -F exit=-EACCES -F auid&gt;=1000 -F auid!=unset -F key=access</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl</span>Â 
>        <span class="label label-default">oval:ssg-test_audit_rules_auditctl:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_audit_rules_auditctl:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>^ExecStartPost=\-\/sbin\/auditctl.*$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl 32-bit unlinkat</span>Â 
>        <span class="label label-default">oval:ssg-test_32bit_ardm_unlinkat_auditctl:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-a always,exit -F arch=b32 -S unlinkat -F exit=-EACCES -F auid&gt;=1000 -F auid!=unset -F key=access</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_x86_64:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_ppc_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="64 bit architecture">oval:ssg-object_system_info_architecture_ppcle_64:obj:1</abbr></strong> of type
>                <strong>uname_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_aarch_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_s390_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl 64-bit unlinkat</span>Â 
>        <span class="label label-default">oval:ssg-test_64bit_ardm_unlinkat_auditctl:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-a always,exit -F arch=b64 -S unlinkat -F exit=-EACCES -F auid&gt;=1000 -F auid!=unset -F key=access</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_creat" id="rule-detail-id34354"><div class="keywords sr-only">Record Unsuccessful Access Attempts to Files - creatxccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_creat mediumCCE-85681-5 </div><div class="panel-heading"><h3 class="panel-title">Record Unsuccessful Access Attempts to Files - creat</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_creat</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-audit_rules_unsuccessful_file_modification_creat:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:07+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
>            <abbr title="https://ncp.nist.gov/cce: CCE-85681-5">CCE-85681-5</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
>            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R73)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000130</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000135</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000172</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002884</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-3</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-3.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12.1(ii)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12.1(iv)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">MA-4(1)(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.2.4</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.2.1</a>, <a href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">10.2.1.1</a>, <a href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">10.2.1.4</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000037-GPOS-00015</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000042-GPOS-00020</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000062-GPOS-00031</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000392-GPOS-00172</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000462-GPOS-00206</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000471-GPOS-00215</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000064-GPOS-00033</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000458-GPOS-00203</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000461-GPOS-00205</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">SLES-15-030150</a>, <a href="https://www.cisecurity.org/benchmark/suse_linux/">4.1.10</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-234914r622137_rule</a></p></td></tr><tr><td>Description</td><td><div class="description">At a minimum, the audit system should collect unauthorized file
>accesses for all users and root. If the <code>auditd</code> daemon is configured
>to use the <code>augenrules</code> program to read audit rules during daemon
>startup (the default), add the following lines to a file with suffix
><code>.rules</code> in the directory <code>/etc/audit/rules.d</code>:
><pre>-a always,exit -F arch=b32 -S creat -F exit=-EACCES -F auid&gt;=1000 -F auid!=unset -F key=access
>-a always,exit -F arch=b32 -S creat -F exit=-EPERM -F auid&gt;=1000 -F auid!=unset -F key=access</pre>
>If the system is 64 bit then also add the following lines:
><pre>
>-a always,exit -F arch=b64 -S creat -F exit=-EACCES -F auid&gt;=1000 -F auid!=unset -F key=access
>-a always,exit -F arch=b64 -S creat -F exit=-EPERM -F auid&gt;=1000 -F auid!=unset -F key=access</pre>
>If the <code>auditd</code> daemon is configured to use the <code>auditctl</code>
>utility to read audit rules during daemon startup, add the following lines to
><code>/etc/audit/audit.rules</code> file:
><pre>-a always,exit -F arch=b32 -S creat -F exit=-EACCES -F auid&gt;=1000 -F auid!=unset -F key=access
>-a always,exit -F arch=b32 -S creat -F exit=-EPERM -F auid&gt;=1000 -F auid!=unset -F key=access</pre>
>If the system is 64 bit then also add the following lines:
><pre>
>-a always,exit -F arch=b64 -S creat -F exit=-EACCES -F auid&gt;=1000 -F auid!=unset -F key=access
>-a always,exit -F arch=b64 -S creat -F exit=-EPERM -F auid&gt;=1000 -F auid!=unset -F key=access</pre></div></td></tr><tr><td>Rationale</td><td><div class="rationale">Unsuccessful attempts to access files could be an indicator of malicious activity on a system. Auditing
>these events could serve as evidence of potential system compromise.</div></td></tr><tr><td>Warnings</td><td><div class="panel panel-warning"><div class="panel-heading"><span class="label label-warning">warning</span>Â 
>                                Note that these rules can be configured in a
>number of ways while still achieving the desired effect. Here the system calls
>have been placed independent of other system calls. Grouping these system
>calls with others as identifying earlier in this guide is more efficient.</div></div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">audit augenrules</span>Â 
>        <span class="label label-default">oval:ssg-test_audit_rules_augenrules:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>Requires=augenrules.service</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules 32-bit file eacces</span>Â 
>        <span class="label label-default">oval:ssg-test_32bit_arufm_eacces_creat_augenrules:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/access.rules</td><td>-a always,exit -F arch=b32 -S creat -F exit=-EACCES -F auid&gt;=1000 -F auid!=unset -F key=access</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules 32-bit file eperm</span>Â 
>        <span class="label label-default">oval:ssg-test_32bit_arufm_eperm_creat_augenrules:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/access.rules</td><td>-a always,exit -F arch=b32 -S creat -F exit=-EPERM -F auid&gt;=1000 -F auid!=unset -F key=access</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_x86_64:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_ppc_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="64 bit architecture">oval:ssg-object_system_info_architecture_ppcle_64:obj:1</abbr></strong> of type
>                <strong>uname_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_aarch_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_s390_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules 64-bit file eacces</span>Â 
>        <span class="label label-default">oval:ssg-test_64bit_arufm_eacces_creat_augenrules:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/access.rules</td><td>-a always,exit -F arch=b64 -S creat -F exit=-EACCES -F auid&gt;=1000 -F auid!=unset -F key=access</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules 64-bit file eperm</span>Â 
>        <span class="label label-default">oval:ssg-test_64bit_arufm_eperm_creat_augenrules:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/access.rules</td><td>-a always,exit -F arch=b64 -S creat -F exit=-EPERM -F auid&gt;=1000 -F auid!=unset -F key=access</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl</span>Â 
>        <span class="label label-default">oval:ssg-test_audit_rules_auditctl:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_audit_rules_auditctl:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>^ExecStartPost=\-\/sbin\/auditctl.*$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl 32-bit file eacces</span>Â 
>        <span class="label label-default">oval:ssg-test_32bit_arufm_eacces_creat_auditctl:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-a always,exit -F arch=b32 -S creat -F exit=-EACCES -F auid&gt;=1000 -F auid!=unset -F key=access</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl 32-bit file eperm</span>Â 
>        <span class="label label-default">oval:ssg-test_32bit_arufm_eperm_creat_auditctl:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-a always,exit -F arch=b32 -S creat -F exit=-EPERM -F auid&gt;=1000 -F auid!=unset -F key=access</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_x86_64:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_ppc_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="64 bit architecture">oval:ssg-object_system_info_architecture_ppcle_64:obj:1</abbr></strong> of type
>                <strong>uname_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_aarch_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_s390_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl 64-bit file eacces</span>Â 
>        <span class="label label-default">oval:ssg-test_64bit_arufm_eacces_creat_auditctl:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-a always,exit -F arch=b64 -S creat -F exit=-EACCES -F auid&gt;=1000 -F auid!=unset -F key=access</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl 64-bit file eperm</span>Â 
>        <span class="label label-default">oval:ssg-test_64bit_arufm_eperm_creat_auditctl:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-a always,exit -F arch=b64 -S creat -F exit=-EPERM -F auid&gt;=1000 -F auid!=unset -F key=access</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_ftruncate" id="rule-detail-id34355"><div class="keywords sr-only">Record Unsuccessful Access Attempts to Files - ftruncatexccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_ftruncate mediumCCE-85696-3 </div><div class="panel-heading"><h3 class="panel-title">Record Unsuccessful Access Attempts to Files - ftruncate</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_ftruncate</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-audit_rules_unsuccessful_file_modification_ftruncate:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:07+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
>            <abbr title="https://ncp.nist.gov/cce: CCE-85696-3">CCE-85696-3</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
>            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R73)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000130</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000135</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000172</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002884</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-3</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-3.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12.1(iv)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12.1(ii)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">MA-4(1)(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.2.4</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.2.1</a>, <a href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">10.2.1.1</a>, <a href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">10.2.1.4</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000037-GPOS-00015</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000042-GPOS-00020</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000062-GPOS-00031</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000392-GPOS-00172</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000462-GPOS-00206</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000471-GPOS-00215</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000064-GPOS-00033</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000458-GPOS-00203</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000461-GPOS-00205</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">SLES-15-030150</a>, <a href="https://www.cisecurity.org/benchmark/suse_linux/">4.1.10</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-234914r622137_rule</a></p></td></tr><tr><td>Description</td><td><div class="description">At a minimum, the audit system should collect unauthorized file
>accesses for all users and root. If the <code>auditd</code> daemon is configured
>to use the <code>augenrules</code> program to read audit rules during daemon
>startup (the default), add the following lines to a file with suffix
><code>.rules</code> in the directory <code>/etc/audit/rules.d</code>:
><pre>-a always,exit -F arch=b32 -S ftruncate -F exit=-EACCES -F auid&gt;=1000 -F auid!=unset -F key=access
>-a always,exit -F arch=b32 -S ftruncate -F exit=-EPERM -F auid&gt;=1000 -F auid!=unset -F key=access</pre>
>
>If the system is 64 bit then also add the following lines:
><pre>
>-a always,exit -F arch=b64 -S ftruncate -F exit=-EACCES -F auid&gt;=1000 -F auid!=unset -F key=access
>-a always,exit -F arch=b64 -S ftruncate -F exit=-EPERM -F auid&gt;=1000 -F auid!=unset -F key=access</pre>
>
>If the <code>auditd</code> daemon is configured to use the <code>auditctl</code>
>utility to read audit rules during daemon startup, add the following lines to
><code>/etc/audit/audit.rules</code> file:
><pre>-a always,exit -F arch=b32 -S ftruncate -F exit=-EACCES -F auid&gt;=1000 -F auid!=unset -F key=access
>-a always,exit -F arch=b32 -S ftruncate -F exit=-EPERM -F auid&gt;=1000 -F auid!=unset -F key=access</pre>
>
>If the system is 64 bit then also add the following lines:
><pre>
>-a always,exit -F arch=b64 -S ftruncate -F exit=-EACCES -F auid&gt;=1000 -F auid!=unset -F key=access
>-a always,exit -F arch=b64 -S ftruncate -F exit=-EPERM -F auid&gt;=1000 -F auid!=unset -F key=access</pre></div></td></tr><tr><td>Rationale</td><td><div class="rationale">Unsuccessful attempts to access files could be an indicator of malicious activity on a system. Auditing
>these events could serve as evidence of potential system compromise.</div></td></tr><tr><td>Warnings</td><td><div class="panel panel-warning"><div class="panel-heading"><span class="label label-warning">warning</span>Â 
>                                Note that these rules can be configured in a
>number of ways while still achieving the desired effect. Here the system calls
>have been placed independent of other system calls. Grouping these system
>calls with others as identifying earlier in this guide is more efficient.</div></div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">audit augenrules</span>Â 
>        <span class="label label-default">oval:ssg-test_audit_rules_augenrules:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>Requires=augenrules.service</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules 32-bit file eacces</span>Â 
>        <span class="label label-default">oval:ssg-test_32bit_arufm_eacces_ftruncate_augenrules:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/access.rules</td><td>-a always,exit -F arch=b32 -S ftruncate -F exit=-EACCES -F auid&gt;=1000 -F auid!=unset -F key=access</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules 32-bit file eperm</span>Â 
>        <span class="label label-default">oval:ssg-test_32bit_arufm_eperm_ftruncate_augenrules:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/access.rules</td><td>-a always,exit -F arch=b32 -S ftruncate -F exit=-EPERM -F auid&gt;=1000 -F auid!=unset -F key=access</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_x86_64:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_ppc_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="64 bit architecture">oval:ssg-object_system_info_architecture_ppcle_64:obj:1</abbr></strong> of type
>                <strong>uname_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_aarch_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_s390_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules 64-bit file eacces</span>Â 
>        <span class="label label-default">oval:ssg-test_64bit_arufm_eacces_ftruncate_augenrules:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/access.rules</td><td>-a always,exit -F arch=b64 -S ftruncate -F exit=-EACCES -F auid&gt;=1000 -F auid!=unset -F key=access</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules 64-bit file eperm</span>Â 
>        <span class="label label-default">oval:ssg-test_64bit_arufm_eperm_ftruncate_augenrules:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/access.rules</td><td>-a always,exit -F arch=b64 -S ftruncate -F exit=-EPERM -F auid&gt;=1000 -F auid!=unset -F key=access</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl</span>Â 
>        <span class="label label-default">oval:ssg-test_audit_rules_auditctl:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_audit_rules_auditctl:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>^ExecStartPost=\-\/sbin\/auditctl.*$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl 32-bit file eacces</span>Â 
>        <span class="label label-default">oval:ssg-test_32bit_arufm_eacces_ftruncate_auditctl:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-a always,exit -F arch=b32 -S ftruncate -F exit=-EACCES -F auid&gt;=1000 -F auid!=unset -F key=access</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl 32-bit file eperm</span>Â 
>        <span class="label label-default">oval:ssg-test_32bit_arufm_eperm_ftruncate_auditctl:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-a always,exit -F arch=b32 -S ftruncate -F exit=-EPERM -F auid&gt;=1000 -F auid!=unset -F key=access</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_x86_64:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_ppc_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="64 bit architecture">oval:ssg-object_system_info_architecture_ppcle_64:obj:1</abbr></strong> of type
>                <strong>uname_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_aarch_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_s390_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl 64-bit file eacces</span>Â 
>        <span class="label label-default">oval:ssg-test_64bit_arufm_eacces_ftruncate_auditctl:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-a always,exit -F arch=b64 -S ftruncate -F exit=-EACCES -F auid&gt;=1000 -F auid!=unset -F key=access</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl 64-bit file eperm</span>Â 
>        <span class="label label-default">oval:ssg-test_64bit_arufm_eperm_ftruncate_auditctl:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-a always,exit -F arch=b64 -S ftruncate -F exit=-EPERM -F auid&gt;=1000 -F auid!=unset -F key=access</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_open" id="rule-detail-id34356"><div class="keywords sr-only">Record Unsuccessful Access Attempts to Files - openxccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_open mediumCCE-85680-7 </div><div class="panel-heading"><h3 class="panel-title">Record Unsuccessful Access Attempts to Files - open</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_open</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-audit_rules_unsuccessful_file_modification_open:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:07+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
>            <abbr title="https://ncp.nist.gov/cce: CCE-85680-7">CCE-85680-7</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
>            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R73)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000130</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000135</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000172</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002884</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12.1(iv)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12.1(ii)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-3</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-3.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">MA-4(1)(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.2.4</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.2.1</a>, <a href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">10.2.1.1</a>, <a href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">10.2.1.4</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000037-GPOS-00015</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000042-GPOS-00020</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000062-GPOS-00031</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000392-GPOS-00172</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000462-GPOS-00206</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000471-GPOS-00215</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000064-GPOS-00033</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000458-GPOS-00203</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000461-GPOS-00205</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">SLES-15-030150</a>, <a href="https://www.cisecurity.org/benchmark/suse_linux/">4.1.10</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-234914r622137_rule</a></p></td></tr><tr><td>Description</td><td><div class="description">At a minimum, the audit system should collect unauthorized file
>accesses for all users and root. If the <code>auditd</code> daemon is configured
>to use the <code>augenrules</code> program to read audit rules during daemon
>startup (the default), add the following lines to a file with suffix
><code>.rules</code> in the directory <code>/etc/audit/rules.d</code>:
><pre>-a always,exit -F arch=b32 -S open -F exit=-EACCES -F auid&gt;=1000 -F auid!=unset -F key=access
>-a always,exit -F arch=b32 -S open -F exit=-EPERM -F auid&gt;=1000 -F auid!=unset -F key=access</pre>
>
>If the system is 64 bit then also add the following lines:
><pre>
>-a always,exit -F arch=b64 -S open -F exit=-EACCES -F auid&gt;=1000 -F auid!=unset -F key=access
>-a always,exit -F arch=b64 -S open -F exit=-EPERM -F auid&gt;=1000 -F auid!=unset -F key=access</pre>
>
>If the <code>auditd</code> daemon is configured to use the <code>auditctl</code>
>utility to read audit rules during daemon startup, add the following lines to
><code>/etc/audit/audit.rules</code> file:
><pre>-a always,exit -F arch=b32 -S open -F exit=-EACCES -F auid&gt;=1000 -F auid!=unset -F key=access
>-a always,exit -F arch=b32 -S open -F exit=-EPERM -F auid&gt;=1000 -F auid!=unset -F key=access</pre>
>
>If the system is 64 bit then also add the following lines:
><pre>
>-a always,exit -F arch=b64 -S open -F exit=-EACCES -F auid&gt;=1000 -F auid!=unset -F key=access
>-a always,exit -F arch=b64 -S open -F exit=-EPERM -F auid&gt;=1000 -F auid!=unset -F key=access</pre></div></td></tr><tr><td>Rationale</td><td><div class="rationale">Unsuccessful attempts to access files could be an indicator of malicious activity on a system. Auditing
>these events could serve as evidence of potential system compromise.</div></td></tr><tr><td>Warnings</td><td><div class="panel panel-warning"><div class="panel-heading"><span class="label label-warning">warning</span>Â 
>                                Note that these rules can be configured in a
>number of ways while still achieving the desired effect. Here the system calls
>have been placed independent of other system calls. Grouping these system
>calls with others as identifying earlier in this guide is more efficient.</div></div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">audit augenrules</span>Â 
>        <span class="label label-default">oval:ssg-test_audit_rules_augenrules:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>Requires=augenrules.service</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules 32-bit file eacces</span>Â 
>        <span class="label label-default">oval:ssg-test_32bit_arufm_eacces_open_augenrules:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/access.rules</td><td>-a always,exit -F arch=b32 -S open -F exit=-EACCES -F auid&gt;=1000 -F auid!=unset -F key=access</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules 32-bit file eperm</span>Â 
>        <span class="label label-default">oval:ssg-test_32bit_arufm_eperm_open_augenrules:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/access.rules</td><td>-a always,exit -F arch=b32 -S open -F exit=-EPERM -F auid&gt;=1000 -F auid!=unset -F key=access</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_x86_64:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_ppc_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="64 bit architecture">oval:ssg-object_system_info_architecture_ppcle_64:obj:1</abbr></strong> of type
>                <strong>uname_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_aarch_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_s390_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules 64-bit file eacces</span>Â 
>        <span class="label label-default">oval:ssg-test_64bit_arufm_eacces_open_augenrules:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/access.rules</td><td>-a always,exit -F arch=b64 -S open -F exit=-EACCES -F auid&gt;=1000 -F auid!=unset -F key=access</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules 64-bit file eperm</span>Â 
>        <span class="label label-default">oval:ssg-test_64bit_arufm_eperm_open_augenrules:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/access.rules</td><td>-a always,exit -F arch=b64 -S open -F exit=-EPERM -F auid&gt;=1000 -F auid!=unset -F key=access</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl</span>Â 
>        <span class="label label-default">oval:ssg-test_audit_rules_auditctl:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_audit_rules_auditctl:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>^ExecStartPost=\-\/sbin\/auditctl.*$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl 32-bit file eacces</span>Â 
>        <span class="label label-default">oval:ssg-test_32bit_arufm_eacces_open_auditctl:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-a always,exit -F arch=b32 -S open -F exit=-EACCES -F auid&gt;=1000 -F auid!=unset -F key=access</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl 32-bit file eperm</span>Â 
>        <span class="label label-default">oval:ssg-test_32bit_arufm_eperm_open_auditctl:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-a always,exit -F arch=b32 -S open -F exit=-EPERM -F auid&gt;=1000 -F auid!=unset -F key=access</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_x86_64:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_ppc_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="64 bit architecture">oval:ssg-object_system_info_architecture_ppcle_64:obj:1</abbr></strong> of type
>                <strong>uname_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_aarch_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_s390_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl 64-bit file eacces</span>Â 
>        <span class="label label-default">oval:ssg-test_64bit_arufm_eacces_open_auditctl:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-a always,exit -F arch=b64 -S open -F exit=-EACCES -F auid&gt;=1000 -F auid!=unset -F key=access</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl 64-bit file eperm</span>Â 
>        <span class="label label-default">oval:ssg-test_64bit_arufm_eperm_open_auditctl:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-a always,exit -F arch=b64 -S open -F exit=-EPERM -F auid&gt;=1000 -F auid!=unset -F key=access</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_open_by_handle_at" id="rule-detail-id34357"><div class="keywords sr-only">Record Unsuccessful Access Attempts to Files - open_by_handle_atxccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_open_by_handle_at mediumCCE-85683-1 </div><div class="panel-heading"><h3 class="panel-title">Record Unsuccessful Access Attempts to Files - open_by_handle_at</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_open_by_handle_at</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-audit_rules_unsuccessful_file_modification_open_by_handle_at:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:07+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
>            <abbr title="https://ncp.nist.gov/cce: CCE-85683-1">CCE-85683-1</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
>            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000130</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000135</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000172</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002884</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-3</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-3.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12.1(iv)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12.1(ii)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">MA-4(1)(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.2.4</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.2.1</a>, <a href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">10.2.1.1</a>, <a href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">10.2.1.4</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000037-GPOS-00015</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000042-GPOS-00020</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000062-GPOS-00031</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000392-GPOS-00172</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000462-GPOS-00206</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000471-GPOS-00215</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000064-GPOS-00033</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000458-GPOS-00203</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000461-GPOS-00205</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">SLES-15-030150</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-234914r622137_rule</a></p></td></tr><tr><td>Description</td><td><div class="description">At a minimum, the audit system should collect unauthorized file
>accesses for all users and root. If the <code>auditd</code> daemon is configured
>to use the <code>augenrules</code> program to read audit rules during daemon
>startup (the default), add the following lines to a file with suffix
><code>.rules</code> in the directory <code>/etc/audit/rules.d</code>:
><pre>-a always,exit -F arch=b32 -S open_by_handle_at -F exit=-EACCES -F auid&gt;=1000 -F auid!=unset -F key=access
>-a always,exit -F arch=b32 -S open_by_handle_at -F exit=-EPERM -F auid&gt;=1000 -F auid!=unset -F key=access</pre>
>If the system is 64 bit then also add the following lines:
><pre>
>-a always,exit -F arch=b64 -S open_by_handle_at -F exit=-EACCES -F auid&gt;=1000 -F auid!=unset -F key=access
>-a always,exit -F arch=b64 -S open_by_handle_at -F exit=-EPERM -F auid&gt;=1000 -F auid!=unset -F key=access</pre>
>If the <code>auditd</code> daemon is configured to use the <code>auditctl</code>
>utility to read audit rules during daemon startup, add the following lines to
><code>/etc/audit/audit.rules</code> file:
><pre>-a always,exit -F arch=b32 -S open_by_handle_at,truncate,ftruncate -F exit=-EACCES -F auid&gt;=1000 -F auid!=unset -F key=access
>-a always,exit -F arch=b32 -S open_by_handle_at,truncate,ftruncate -F exit=-EPERM -F auid&gt;=1000 -F auid!=unset -F key=access</pre>
>If the system is 64 bit then also add the following lines:
><pre>
>-a always,exit -F arch=b64 -S open_by_handle_at,truncate,ftruncate -F exit=-EACCES -F auid&gt;=1000 -F auid!=unset -F key=access
>-a always,exit -F arch=b64 -S open_by_handle_at,truncate,ftruncate -F exit=-EPERM -F auid&gt;=1000 -F auid!=unset -F key=access</pre></div></td></tr><tr><td>Rationale</td><td><div class="rationale">Unsuccessful attempts to access files could be an indicator of malicious activity on a system. Auditing
>these events could serve as evidence of potential system compromise.</div></td></tr><tr><td>Warnings</td><td><div class="panel panel-warning"><div class="panel-heading"><span class="label label-warning">warning</span>Â 
>                                Note that these rules can be configured in a
>number of ways while still achieving the desired effect. Here the system calls
>have been placed independent of other system calls. Grouping these system
>calls with others as identifying earlier in this guide is more efficient.</div></div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">audit augenrules</span>Â 
>        <span class="label label-default">oval:ssg-test_audit_rules_augenrules:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>Requires=augenrules.service</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules 32-bit file eacces</span>Â 
>        <span class="label label-default">oval:ssg-test_32bit_arufm_eacces_open_by_handle_at_augenrules:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/access.rules</td><td>-a always,exit -F arch=b32 -S open_by_handle_at -F exit=-EACCES -F auid&gt;=1000 -F auid!=unset -F key=access</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules 32-bit file eperm</span>Â 
>        <span class="label label-default">oval:ssg-test_32bit_arufm_eperm_open_by_handle_at_augenrules:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/access.rules</td><td>-a always,exit -F arch=b32 -S open_by_handle_at -F exit=-EPERM -F auid&gt;=1000 -F auid!=unset -F key=access</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_x86_64:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_ppc_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="64 bit architecture">oval:ssg-object_system_info_architecture_ppcle_64:obj:1</abbr></strong> of type
>                <strong>uname_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_aarch_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_s390_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules 64-bit file eacces</span>Â 
>        <span class="label label-default">oval:ssg-test_64bit_arufm_eacces_open_by_handle_at_augenrules:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/access.rules</td><td>-a always,exit -F arch=b64 -S open_by_handle_at -F exit=-EACCES -F auid&gt;=1000 -F auid!=unset -F key=access</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules 64-bit file eperm</span>Â 
>        <span class="label label-default">oval:ssg-test_64bit_arufm_eperm_open_by_handle_at_augenrules:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/access.rules</td><td>-a always,exit -F arch=b64 -S open_by_handle_at -F exit=-EPERM -F auid&gt;=1000 -F auid!=unset -F key=access</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl</span>Â 
>        <span class="label label-default">oval:ssg-test_audit_rules_auditctl:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_audit_rules_auditctl:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>^ExecStartPost=\-\/sbin\/auditctl.*$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl 32-bit file eacces</span>Â 
>        <span class="label label-default">oval:ssg-test_32bit_arufm_eacces_open_by_handle_at_auditctl:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-a always,exit -F arch=b32 -S open_by_handle_at -F exit=-EACCES -F auid&gt;=1000 -F auid!=unset -F key=access</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl 32-bit file eperm</span>Â 
>        <span class="label label-default">oval:ssg-test_32bit_arufm_eperm_open_by_handle_at_auditctl:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-a always,exit -F arch=b32 -S open_by_handle_at -F exit=-EPERM -F auid&gt;=1000 -F auid!=unset -F key=access</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_x86_64:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_ppc_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="64 bit architecture">oval:ssg-object_system_info_architecture_ppcle_64:obj:1</abbr></strong> of type
>                <strong>uname_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_aarch_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_s390_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl 64-bit file eacces</span>Â 
>        <span class="label label-default">oval:ssg-test_64bit_arufm_eacces_open_by_handle_at_auditctl:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-a always,exit -F arch=b64 -S open_by_handle_at -F exit=-EACCES -F auid&gt;=1000 -F auid!=unset -F key=access</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl 64-bit file eperm</span>Â 
>        <span class="label label-default">oval:ssg-test_64bit_arufm_eperm_open_by_handle_at_auditctl:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-a always,exit -F arch=b64 -S open_by_handle_at -F exit=-EPERM -F auid&gt;=1000 -F auid!=unset -F key=access</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_openat" id="rule-detail-id34358"><div class="keywords sr-only">Record Unsuccessful Access Attempts to Files - openatxccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_openat mediumCCE-85682-3 </div><div class="panel-heading"><h3 class="panel-title">Record Unsuccessful Access Attempts to Files - openat</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_openat</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-audit_rules_unsuccessful_file_modification_openat:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:07+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
>            <abbr title="https://ncp.nist.gov/cce: CCE-85682-3">CCE-85682-3</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
>            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R73)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000130</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000135</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000172</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002884</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12.1(ii)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12.1(iv)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-3</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-3.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">MA-4(1)(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.2.4</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.2.1</a>, <a href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">10.2.1.1</a>, <a href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">10.2.1.4</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000037-GPOS-00015</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000042-GPOS-00020</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000062-GPOS-00031</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000392-GPOS-00172</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000462-GPOS-00206</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000471-GPOS-00215</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000064-GPOS-00033</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000458-GPOS-00203</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000461-GPOS-00205</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">SLES-15-030150</a>, <a href="https://www.cisecurity.org/benchmark/suse_linux/">4.1.10</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-234914r622137_rule</a></p></td></tr><tr><td>Description</td><td><div class="description">At a minimum, the audit system should collect unauthorized file
>accesses for all users and root. If the <code>auditd</code> daemon is configured
>to use the <code>augenrules</code> program to read audit rules during daemon
>startup (the default), add the following lines to a file with suffix
><code>.rules</code> in the directory <code>/etc/audit/rules.d</code>:
><pre>-a always,exit -F arch=b32 -S openat -F exit=-EACCES -F auid&gt;=1000 -F auid!=unset -F key=access
>-a always,exit -F arch=b32 -S openat -F exit=-EPERM -F auid&gt;=1000 -F auid!=unset -F key=access</pre>
>
>If the system is 64 bit then also add the following lines:
><pre>
>-a always,exit -F arch=b64 -S openat -F exit=-EACCES -F auid&gt;=1000 -F auid!=unset -F key=access
>-a always,exit -F arch=b64 -S openat -F exit=-EPERM -F auid&gt;=1000 -F auid!=unset -F key=access</pre>
>
>If the <code>auditd</code> daemon is configured to use the <code>auditctl</code>
>utility to read audit rules during daemon startup, add the following lines to
><code>/etc/audit/audit.rules</code> file:
><pre>-a always,exit -F arch=b32 -S openat -F exit=-EACCES -F auid&gt;=1000 -F auid!=unset -F key=access
>-a always,exit -F arch=b32 -S openat -F exit=-EPERM -F auid&gt;=1000 -F auid!=unset -F key=access</pre>
>
>If the system is 64 bit then also add the following lines:
><pre>
>-a always,exit -F arch=b64 -S openat -F exit=-EACCES -F auid&gt;=1000 -F auid!=unset -F key=access
>-a always,exit -F arch=b64 -S openat -F exit=-EPERM -F auid&gt;=1000 -F auid!=unset -F key=access</pre></div></td></tr><tr><td>Rationale</td><td><div class="rationale">Unsuccessful attempts to access files could be an indicator of malicious activity on a system. Auditing
>these events could serve as evidence of potential system compromise.</div></td></tr><tr><td>Warnings</td><td><div class="panel panel-warning"><div class="panel-heading"><span class="label label-warning">warning</span>Â 
>                                Note that these rules can be configured in a
>number of ways while still achieving the desired effect. Here the system calls
>have been placed independent of other system calls. Grouping these system
>calls with others as identifying earlier in this guide is more efficient.</div></div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">audit augenrules</span>Â 
>        <span class="label label-default">oval:ssg-test_audit_rules_augenrules:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>Requires=augenrules.service</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules 32-bit file eacces</span>Â 
>        <span class="label label-default">oval:ssg-test_32bit_arufm_eacces_openat_augenrules:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/access.rules</td><td>-a always,exit -F arch=b32 -S openat -F exit=-EACCES -F auid&gt;=1000 -F auid!=unset -F key=access</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules 32-bit file eperm</span>Â 
>        <span class="label label-default">oval:ssg-test_32bit_arufm_eperm_openat_augenrules:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/access.rules</td><td>-a always,exit -F arch=b32 -S openat -F exit=-EPERM -F auid&gt;=1000 -F auid!=unset -F key=access</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_x86_64:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_ppc_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="64 bit architecture">oval:ssg-object_system_info_architecture_ppcle_64:obj:1</abbr></strong> of type
>                <strong>uname_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_aarch_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_s390_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules 64-bit file eacces</span>Â 
>        <span class="label label-default">oval:ssg-test_64bit_arufm_eacces_openat_augenrules:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/access.rules</td><td>-a always,exit -F arch=b64 -S openat -F exit=-EACCES -F auid&gt;=1000 -F auid!=unset -F key=access</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules 64-bit file eperm</span>Â 
>        <span class="label label-default">oval:ssg-test_64bit_arufm_eperm_openat_augenrules:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/access.rules</td><td>-a always,exit -F arch=b64 -S openat -F exit=-EPERM -F auid&gt;=1000 -F auid!=unset -F key=access</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl</span>Â 
>        <span class="label label-default">oval:ssg-test_audit_rules_auditctl:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_audit_rules_auditctl:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>^ExecStartPost=\-\/sbin\/auditctl.*$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl 32-bit file eacces</span>Â 
>        <span class="label label-default">oval:ssg-test_32bit_arufm_eacces_openat_auditctl:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-a always,exit -F arch=b32 -S openat -F exit=-EACCES -F auid&gt;=1000 -F auid!=unset -F key=access</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl 32-bit file eperm</span>Â 
>        <span class="label label-default">oval:ssg-test_32bit_arufm_eperm_openat_auditctl:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-a always,exit -F arch=b32 -S openat -F exit=-EPERM -F auid&gt;=1000 -F auid!=unset -F key=access</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_x86_64:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_ppc_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="64 bit architecture">oval:ssg-object_system_info_architecture_ppcle_64:obj:1</abbr></strong> of type
>                <strong>uname_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_aarch_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_s390_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl 64-bit file eacces</span>Â 
>        <span class="label label-default">oval:ssg-test_64bit_arufm_eacces_openat_auditctl:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-a always,exit -F arch=b64 -S openat -F exit=-EACCES -F auid&gt;=1000 -F auid!=unset -F key=access</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl 64-bit file eperm</span>Â 
>        <span class="label label-default">oval:ssg-test_64bit_arufm_eperm_openat_auditctl:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-a always,exit -F arch=b64 -S openat -F exit=-EPERM -F auid&gt;=1000 -F auid!=unset -F key=access</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_rename" id="rule-detail-id34359"><div class="keywords sr-only">Record Unsuccessful Delete Attempts to Files - renamexccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_rename mediumCCE-85701-1 </div><div class="panel-heading"><h3 class="panel-title">Record Unsuccessful Delete Attempts to Files - rename</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_rename</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-audit_rules_unsuccessful_file_modification_rename:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:07+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
>            <abbr title="https://ncp.nist.gov/cce: CCE-85701-1">CCE-85701-1</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
>            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000172</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002884</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12.1(iv)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.2.4</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.2.1</a>, <a href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">10.2.1.1</a>, <a href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">10.2.1.4</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000064-GPOS-00033</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000392-GPOS-00172</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000458-GPOS-00203</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000461-GPOS-00205</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000468-GPOS-00212</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">SLES-15-030740</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-234973r622137_rule</a></p></td></tr><tr><td>Description</td><td><div class="description">The audit system should collect unsuccessful file deletion
>attempts for all users and root. If the <code>auditd</code> daemon is configured
>to use the <code>augenrules</code> program to read audit rules during daemon
>startup (the default), add the following lines to a file with suffix
><code>.rules</code> in the directory <code>/etc/audit/rules.d</code>.
>If the <code>auditd</code> daemon is configured to use the <code>auditctl</code>
>utility to read audit rules during daemon startup, add the following lines to
><code>/etc/audit/audit.rules</code> file.
><pre>-a always,exit -F arch=b32 -S rename -F exit=-EACCES -F auid&gt;=1000 -F auid!=unset -F key=unsuccessful-delete
>-a always,exit -F arch=b32 -S rename -F exit=-EPERM -F auid&gt;=1000 -F auid!=unset -F key=unsuccessful-delete</pre>
>If the system is 64 bit then also add the following lines:
><pre>
>-a always,exit -F arch=b64 -S rename -F exit=-EACCES -F auid&gt;=1000 -F auid!=unset -F key=unsuccessful-delete
>-a always,exit -F arch=b64 -S rename -F exit=-EPERM -F auid&gt;=1000 -F auid!=unset -F key=unsuccessful-delete</pre></div></td></tr><tr><td>Rationale</td><td><div class="rationale">Unsuccessful attempts to delete files could be an indicator of malicious activity on a system. Auditing
>these events could serve as evidence of potential system compromise.</div></td></tr><tr><td>Warnings</td><td><div class="panel panel-warning"><div class="panel-heading"><span class="label label-warning">warning</span>Â 
>                                Note that these rules can be configured in a
>number of ways while still achieving the desired effect. Here the system calls
>have been placed independent of other system calls. Grouping system calls related
>to the same event is more efficient. See the following example:
><pre>-a always,exit -F arch=b32 -S unlink,unlinkat,rename,renameat -F exit=-EACCES -F auid&gt;=1000 -F auid!=unset -F key=unsuccesful-delete</pre></div></div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">audit augenrules</span>Â 
>        <span class="label label-default">oval:ssg-test_audit_rules_augenrules:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>Requires=augenrules.service</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules 32-bit file eacces</span>Â 
>        <span class="label label-default">oval:ssg-test_32bit_arufm_eacces_rename_augenrules:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/access.rules</td><td>-a always,exit -F arch=b32 -S rename -F exit=-EACCES -F auid&gt;=1000 -F auid!=unset -F key=access</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules 32-bit file eperm</span>Â 
>        <span class="label label-default">oval:ssg-test_32bit_arufm_eperm_rename_augenrules:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/access.rules</td><td>-a always,exit -F arch=b32 -S rename -F exit=-EPERM -F auid&gt;=1000 -F auid!=unset -F key=access</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_x86_64:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_ppc_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="64 bit architecture">oval:ssg-object_system_info_architecture_ppcle_64:obj:1</abbr></strong> of type
>                <strong>uname_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_aarch_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_s390_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules 64-bit file eacces</span>Â 
>        <span class="label label-default">oval:ssg-test_64bit_arufm_eacces_rename_augenrules:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/access.rules</td><td>-a always,exit -F arch=b64 -S rename -F exit=-EACCES -F auid&gt;=1000 -F auid!=unset -F key=access</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules 64-bit file eperm</span>Â 
>        <span class="label label-default">oval:ssg-test_64bit_arufm_eperm_rename_augenrules:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/access.rules</td><td>-a always,exit -F arch=b64 -S rename -F exit=-EPERM -F auid&gt;=1000 -F auid!=unset -F key=access</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl</span>Â 
>        <span class="label label-default">oval:ssg-test_audit_rules_auditctl:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_audit_rules_auditctl:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>^ExecStartPost=\-\/sbin\/auditctl.*$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl 32-bit file eacces</span>Â 
>        <span class="label label-default">oval:ssg-test_32bit_arufm_eacces_rename_auditctl:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-a always,exit -F arch=b32 -S rename -F exit=-EACCES -F auid&gt;=1000 -F auid!=unset -F key=access</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl 32-bit file eperm</span>Â 
>        <span class="label label-default">oval:ssg-test_32bit_arufm_eperm_rename_auditctl:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-a always,exit -F arch=b32 -S rename -F exit=-EPERM -F auid&gt;=1000 -F auid!=unset -F key=access</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_x86_64:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_ppc_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="64 bit architecture">oval:ssg-object_system_info_architecture_ppcle_64:obj:1</abbr></strong> of type
>                <strong>uname_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_aarch_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_s390_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl 64-bit file eacces</span>Â 
>        <span class="label label-default">oval:ssg-test_64bit_arufm_eacces_rename_auditctl:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-a always,exit -F arch=b64 -S rename -F exit=-EACCES -F auid&gt;=1000 -F auid!=unset -F key=access</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl 64-bit file eperm</span>Â 
>        <span class="label label-default">oval:ssg-test_64bit_arufm_eperm_rename_auditctl:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-a always,exit -F arch=b64 -S rename -F exit=-EPERM -F auid&gt;=1000 -F auid!=unset -F key=access</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_renameat" id="rule-detail-id34360"><div class="keywords sr-only">Record Unsuccessful Delete Attempts to Files - renameatxccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_renameat mediumCCE-85702-9 </div><div class="panel-heading"><h3 class="panel-title">Record Unsuccessful Delete Attempts to Files - renameat</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_renameat</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-audit_rules_unsuccessful_file_modification_renameat:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:07+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
>            <abbr title="https://ncp.nist.gov/cce: CCE-85702-9">CCE-85702-9</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
>            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000172</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002884</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12.1(iv)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.2.4</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.2.1</a>, <a href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">10.2.1.1</a>, <a href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">10.2.1.4</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000064-GPOS-00033</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000392-GPOS-00172</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000458-GPOS-00203</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000461-GPOS-00205</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000468-GPOS-00212</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">SLES-15-030740</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-234973r622137_rule</a></p></td></tr><tr><td>Description</td><td><div class="description">
>The operating system must generate audit records for all uses of the <code>renameat</code> system call.
>Without generating audit records specific to the security and mission needs of the organization, it would be
>difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
>Audit records can be generated from various components within the information system (e.g., module or policy filter).
>Add or update the following lines to <code>/etc/audit/rules.d/audit.rules</code> to configure the operating system to generate
>an audit record for all uses of the <code>renameat</code> system call:
><pre>
>-a always,exit -F arch=b32 -S renameat -F auid&gt;=1000 -F auid!=4294967295 -k perm_mod
>-a always,exit -F arch=b64 -S renameat -F auid&gt;=1000 -F auid!=4294967295 -k perm_mod
></pre></div></td></tr><tr><td>Rationale</td><td><div class="rationale">Unsuccessful attempts to delete files could be an indicator of malicious activity on a system. Auditing
>these events could serve as evidence of potential system compromise.</div></td></tr><tr><td>Warnings</td><td><div class="panel panel-warning"><div class="panel-heading"><span class="label label-warning">warning</span>Â 
>                                Note that these rules can be configured in a
>number of ways while still achieving the desired effect. Here the system calls
>have been placed independent of other system calls. Grouping system calls related
>to the same event is more efficient. See the following example:
>
><pre>
>-a always,exit -F arch=b32 -S renameat -F auid&gt;=1000 -F auid!=4294967295 -k perm_mod
>-a always,exit -F arch=b64 -S renameat -F auid&gt;=1000 -F auid!=4294967295 -k perm_mod
></pre></div></div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">audit augenrules</span>Â 
>        <span class="label label-default">oval:ssg-test_audit_rules_augenrules:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>Requires=augenrules.service</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules 32-bit file eacces</span>Â 
>        <span class="label label-default">oval:ssg-test_32bit_arufm_eacces_renameat_augenrules:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/access.rules</td><td>-a always,exit -F arch=b32 -S renameat -F exit=-EACCES -F auid&gt;=1000 -F auid!=unset -F key=access</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules 32-bit file eperm</span>Â 
>        <span class="label label-default">oval:ssg-test_32bit_arufm_eperm_renameat_augenrules:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/access.rules</td><td>-a always,exit -F arch=b32 -S renameat -F exit=-EPERM -F auid&gt;=1000 -F auid!=unset -F key=access</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_x86_64:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_ppc_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="64 bit architecture">oval:ssg-object_system_info_architecture_ppcle_64:obj:1</abbr></strong> of type
>                <strong>uname_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_aarch_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_s390_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules 64-bit file eacces</span>Â 
>        <span class="label label-default">oval:ssg-test_64bit_arufm_eacces_renameat_augenrules:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/access.rules</td><td>-a always,exit -F arch=b64 -S renameat -F exit=-EACCES -F auid&gt;=1000 -F auid!=unset -F key=access</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules 64-bit file eperm</span>Â 
>        <span class="label label-default">oval:ssg-test_64bit_arufm_eperm_renameat_augenrules:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/access.rules</td><td>-a always,exit -F arch=b64 -S renameat -F exit=-EPERM -F auid&gt;=1000 -F auid!=unset -F key=access</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl</span>Â 
>        <span class="label label-default">oval:ssg-test_audit_rules_auditctl:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_audit_rules_auditctl:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>^ExecStartPost=\-\/sbin\/auditctl.*$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl 32-bit file eacces</span>Â 
>        <span class="label label-default">oval:ssg-test_32bit_arufm_eacces_renameat_auditctl:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-a always,exit -F arch=b32 -S renameat -F exit=-EACCES -F auid&gt;=1000 -F auid!=unset -F key=access</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl 32-bit file eperm</span>Â 
>        <span class="label label-default">oval:ssg-test_32bit_arufm_eperm_renameat_auditctl:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-a always,exit -F arch=b32 -S renameat -F exit=-EPERM -F auid&gt;=1000 -F auid!=unset -F key=access</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_x86_64:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_ppc_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="64 bit architecture">oval:ssg-object_system_info_architecture_ppcle_64:obj:1</abbr></strong> of type
>                <strong>uname_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_aarch_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_s390_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl 64-bit file eacces</span>Â 
>        <span class="label label-default">oval:ssg-test_64bit_arufm_eacces_renameat_auditctl:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-a always,exit -F arch=b64 -S renameat -F exit=-EACCES -F auid&gt;=1000 -F auid!=unset -F key=access</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl 64-bit file eperm</span>Â 
>        <span class="label label-default">oval:ssg-test_64bit_arufm_eperm_renameat_auditctl:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-a always,exit -F arch=b64 -S renameat -F exit=-EPERM -F auid&gt;=1000 -F auid!=unset -F key=access</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_renameat2" id="rule-detail-id34361"><div class="keywords sr-only">Record Unsuccessful Delete Attempts to Files - renameat2xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_renameat2 mediumCCE-85726-8 </div><div class="panel-heading"><h3 class="panel-title">Record Unsuccessful Delete Attempts to Files - renameat2</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_renameat2</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-audit_rules_unsuccessful_file_modification_renameat2:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:07+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
>            <abbr title="https://ncp.nist.gov/cce: CCE-85726-8">CCE-85726-8</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
>            <a href="https://public.cyber.mil/stigs/cci/">CCI-000172</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12.1(iv)</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000468-GPOS-00212</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">SLES-15-030740</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-234973r622137_rule</a></p></td></tr><tr><td>Description</td><td><div class="description">The operating system must generate audit records for all uses of the <code>renameat2</code> system call.
>Without generating audit records specific to the security and mission needs of the organization, it would be 
>difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
>Audit records can be generated from various components within the information system (e.g., module or policy filter).
>Add or update the following lines to <code>/etc/audit/rules.d/audit.rules</code> to configure the operating system to generate 
>an audit record for all uses of the <code>renameat2</code> system call:  
><pre>
>-a always,exit -F arch=b32 -S renameat2 -F auid&gt;=1000 -F auid!=-1 -k perm_mod
>-a always,exit -F arch=b64 -S renameat2 -F auid&gt;=1000 -F auid!=-1 -k perm_mod</pre></div></td></tr><tr><td>Rationale</td><td><div class="rationale">Unsuccessful attempts to delete files could be an indicator of malicious activity on a system. Auditing
>these events could serve as evidence of potential system compromise.</div></td></tr><tr><td>Warnings</td><td><div class="panel panel-warning"><div class="panel-heading"><span class="label label-warning">warning</span>Â 
>                                Note that these rules can be configured in a
>number of ways while still achieving the desired effect. Here the system calls
>have been placed independent of other system calls. Grouping system calls related
>to the same event is more efficient. See the following example:
><pre>
>-a always,exit -F arch=b32 -S renameat2 -F auid&gt;=1000 -F auid!=4294967295 -k perm_mod
>-a always,exit -F arch=b64 -S renameat2 -F auid&gt;=1000 -F auid!=4294967295 -k perm_mod</pre></div></div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">audit augenrules</span>Â 
>        <span class="label label-default">oval:ssg-test_audit_rules_augenrules:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>Requires=augenrules.service</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules 32-bit file eacces</span>Â 
>        <span class="label label-default">oval:ssg-test_32bit_arufm_eacces_renameat2_augenrules:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/access.rules</td><td>-a always,exit -F arch=b32 -S renameat2 -F exit=-EACCES -F auid&gt;=1000 -F auid!=unset -F key=access</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules 32-bit file eperm</span>Â 
>        <span class="label label-default">oval:ssg-test_32bit_arufm_eperm_renameat2_augenrules:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/access.rules</td><td>-a always,exit -F arch=b32 -S renameat2 -F exit=-EPERM -F auid&gt;=1000 -F auid!=unset -F key=access</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_x86_64:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_ppc_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="64 bit architecture">oval:ssg-object_system_info_architecture_ppcle_64:obj:1</abbr></strong> of type
>                <strong>uname_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_aarch_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_s390_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules 64-bit file eacces</span>Â 
>        <span class="label label-default">oval:ssg-test_64bit_arufm_eacces_renameat2_augenrules:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/access.rules</td><td>-a always,exit -F arch=b64 -S renameat2 -F exit=-EACCES -F auid&gt;=1000 -F auid!=unset -F key=access</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules 64-bit file eperm</span>Â 
>        <span class="label label-default">oval:ssg-test_64bit_arufm_eperm_renameat2_augenrules:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/access.rules</td><td>-a always,exit -F arch=b64 -S renameat2 -F exit=-EPERM -F auid&gt;=1000 -F auid!=unset -F key=access</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl</span>Â 
>        <span class="label label-default">oval:ssg-test_audit_rules_auditctl:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_audit_rules_auditctl:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>^ExecStartPost=\-\/sbin\/auditctl.*$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl 32-bit file eacces</span>Â 
>        <span class="label label-default">oval:ssg-test_32bit_arufm_eacces_renameat2_auditctl:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-a always,exit -F arch=b32 -S renameat2 -F exit=-EACCES -F auid&gt;=1000 -F auid!=unset -F key=access</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl 32-bit file eperm</span>Â 
>        <span class="label label-default">oval:ssg-test_32bit_arufm_eperm_renameat2_auditctl:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-a always,exit -F arch=b32 -S renameat2 -F exit=-EPERM -F auid&gt;=1000 -F auid!=unset -F key=access</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_x86_64:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_ppc_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="64 bit architecture">oval:ssg-object_system_info_architecture_ppcle_64:obj:1</abbr></strong> of type
>                <strong>uname_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_aarch_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_s390_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl 64-bit file eacces</span>Â 
>        <span class="label label-default">oval:ssg-test_64bit_arufm_eacces_renameat2_auditctl:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-a always,exit -F arch=b64 -S renameat2 -F exit=-EACCES -F auid&gt;=1000 -F auid!=unset -F key=access</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl 64-bit file eperm</span>Â 
>        <span class="label label-default">oval:ssg-test_64bit_arufm_eperm_renameat2_auditctl:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-a always,exit -F arch=b64 -S renameat2 -F exit=-EPERM -F auid&gt;=1000 -F auid!=unset -F key=access</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_truncate" id="rule-detail-id34362"><div class="keywords sr-only">Record Unsuccessful Access Attempts to Files - truncatexccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_truncate mediumCCE-85608-8 </div><div class="panel-heading"><h3 class="panel-title">Record Unsuccessful Access Attempts to Files - truncate</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_truncate</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-audit_rules_unsuccessful_file_modification_truncate:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:07+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
>            <abbr title="https://ncp.nist.gov/cce: CCE-85608-8">CCE-85608-8</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
>            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R73)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000130</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000135</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000172</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002884</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.2.4</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.2.1</a>, <a href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">10.2.1.1</a>, <a href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">10.2.1.4</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000037-GPOS-00015</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000042-GPOS-00020</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000062-GPOS-00031</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000392-GPOS-00172</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000462-GPOS-00206</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000471-GPOS-00215</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000064-GPOS-00033</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000458-GPOS-00203</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000461-GPOS-00205</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">SLES-15-030150</a>, <a href="https://www.cisecurity.org/benchmark/suse_linux/">4.1.10</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-234914r622137_rule</a></p></td></tr><tr><td>Description</td><td><div class="description">At a minimum, the audit system should collect unauthorized file
>accesses for all users and root. If the <code>auditd</code> daemon is configured
>to use the <code>augenrules</code> program to read audit rules during daemon
>startup (the default), add the following lines to a file with suffix
><code>.rules</code> in the directory <code>/etc/audit/rules.d</code>:
><pre>-a always,exit -F arch=b32 -S truncate -F exit=-EACCES -F auid&gt;=1000 -F auid!=unset -F key=access
>-a always,exit -F arch=b32 -S truncate -F exit=-EPERM -F auid&gt;=1000 -F auid!=unset -F key=access</pre>
>
>If the system is 64 bit then also add the following lines:
><pre>
>-a always,exit -F arch=b64 -S truncate -F exit=-EACCES -F auid&gt;=1000 -F auid!=unset -F key=access
>-a always,exit -F arch=b64 -S truncate -F exit=-EPERM -F auid&gt;=1000 -F auid!=unset -F key=access</pre>
>
>If the <code>auditd</code> daemon is configured to use the <code>auditctl</code>
>utility to read audit rules during daemon startup, add the following lines to
><code>/etc/audit/audit.rules</code> file:
><pre>-a always,exit -F arch=b32 -S truncate -F exit=-EACCES -F auid&gt;=1000 -F auid!=unset -F key=access
>-a always,exit -F arch=b32 -S truncate -F exit=-EPERM -F auid&gt;=1000 -F auid!=unset -F key=access</pre>
>
>If the system is 64 bit then also add the following lines:
><pre>
>-a always,exit -F arch=b64 -S truncate -F exit=-EACCES -F auid&gt;=1000 -F auid!=unset -F key=access
>-a always,exit -F arch=b64 -S truncate -F exit=-EPERM -F auid&gt;=1000 -F auid!=unset -F key=access</pre></div></td></tr><tr><td>Rationale</td><td><div class="rationale">Unsuccessful attempts to access files could be an indicator of malicious activity on a system. Auditing
>these events could serve as evidence of potential system compromise.</div></td></tr><tr><td>Warnings</td><td><div class="panel panel-warning"><div class="panel-heading"><span class="label label-warning">warning</span>Â 
>                                Note that these rules can be configured in a
>number of ways while still achieving the desired effect. Here the system calls
>have been placed independent of other system calls. Grouping these system
>calls with others as identifying earlier in this guide is more efficient.</div></div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">audit augenrules</span>Â 
>        <span class="label label-default">oval:ssg-test_audit_rules_augenrules:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>Requires=augenrules.service</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules 32-bit file eacces</span>Â 
>        <span class="label label-default">oval:ssg-test_32bit_arufm_eacces_truncate_augenrules:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/access.rules</td><td>-a always,exit -F arch=b32 -S truncate -F exit=-EACCES -F auid&gt;=1000 -F auid!=unset -F key=access</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules 32-bit file eperm</span>Â 
>        <span class="label label-default">oval:ssg-test_32bit_arufm_eperm_truncate_augenrules:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/access.rules</td><td>-a always,exit -F arch=b32 -S truncate -F exit=-EPERM -F auid&gt;=1000 -F auid!=unset -F key=access</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_x86_64:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_ppc_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="64 bit architecture">oval:ssg-object_system_info_architecture_ppcle_64:obj:1</abbr></strong> of type
>                <strong>uname_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_aarch_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_s390_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules 64-bit file eacces</span>Â 
>        <span class="label label-default">oval:ssg-test_64bit_arufm_eacces_truncate_augenrules:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/access.rules</td><td>-a always,exit -F arch=b64 -S truncate -F exit=-EACCES -F auid&gt;=1000 -F auid!=unset -F key=access</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules 64-bit file eperm</span>Â 
>        <span class="label label-default">oval:ssg-test_64bit_arufm_eperm_truncate_augenrules:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/access.rules</td><td>-a always,exit -F arch=b64 -S truncate -F exit=-EPERM -F auid&gt;=1000 -F auid!=unset -F key=access</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl</span>Â 
>        <span class="label label-default">oval:ssg-test_audit_rules_auditctl:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_audit_rules_auditctl:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>^ExecStartPost=\-\/sbin\/auditctl.*$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl 32-bit file eacces</span>Â 
>        <span class="label label-default">oval:ssg-test_32bit_arufm_eacces_truncate_auditctl:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-a always,exit -F arch=b32 -S truncate -F exit=-EACCES -F auid&gt;=1000 -F auid!=unset -F key=access</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl 32-bit file eperm</span>Â 
>        <span class="label label-default">oval:ssg-test_32bit_arufm_eperm_truncate_auditctl:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-a always,exit -F arch=b32 -S truncate -F exit=-EPERM -F auid&gt;=1000 -F auid!=unset -F key=access</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_x86_64:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_ppc_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="64 bit architecture">oval:ssg-object_system_info_architecture_ppcle_64:obj:1</abbr></strong> of type
>                <strong>uname_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_aarch_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_s390_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl 64-bit file eacces</span>Â 
>        <span class="label label-default">oval:ssg-test_64bit_arufm_eacces_truncate_auditctl:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-a always,exit -F arch=b64 -S truncate -F exit=-EACCES -F auid&gt;=1000 -F auid!=unset -F key=access</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl 64-bit file eperm</span>Â 
>        <span class="label label-default">oval:ssg-test_64bit_arufm_eperm_truncate_auditctl:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-a always,exit -F arch=b64 -S truncate -F exit=-EPERM -F auid&gt;=1000 -F auid!=unset -F key=access</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_unlink" id="rule-detail-id34363"><div class="keywords sr-only">Record Unsuccessful Delete Attempts to Files - unlinkxccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_unlink mediumCCE-85703-7 </div><div class="panel-heading"><h3 class="panel-title">Record Unsuccessful Delete Attempts to Files - unlink</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_unlink</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-audit_rules_unsuccessful_file_modification_unlink:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:07+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
>            <abbr title="https://ncp.nist.gov/cce: CCE-85703-7">CCE-85703-7</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
>            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000172</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002884</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12.1(iv)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.2.4</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.2.1</a>, <a href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">10.2.1.1</a>, <a href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">10.2.1.4</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000064-GPOS-00033</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000392-GPOS-00172</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000458-GPOS-00203</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000461-GPOS-00205</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000468-GPOS-00212</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">SLES-15-030740</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-234973r622137_rule</a></p></td></tr><tr><td>Description</td><td><div class="description">
>The operating system must generate audit records for all uses of the <code>unlink</code> system call.
>Without generating audit records specific to the security and mission needs of the organization, it would be
>difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
>Audit records can be generated from various components within the information system (e.g., module or policy filter).
>Add or update the following lines to <code>/etc/audit/rules.d/audit.rules</code> to configure the operating system to generate
>an audit record for all uses of the <code>unlink</code> system call:
><pre>
>-a always,exit -F arch=b32 -S unlink -F auid&gt;=1000 -F auid!=-1 -k perm_mod
>-a always,exit -F arch=b64 -S unlink -F auid&gt;=1000 -F auid!=-1 -k perm_mod </pre></div></td></tr><tr><td>Rationale</td><td><div class="rationale">Unsuccessful attempts to delete files could be an indicator of malicious activity on a system. Auditing
>these events could serve as evidence of potential system compromise.</div></td></tr><tr><td>Warnings</td><td><div class="panel panel-warning"><div class="panel-heading"><span class="label label-warning">warning</span>Â 
>                                Note that these rules can be configured in a
>number of ways while still achieving the desired effect. Here the system calls
>have been placed independent of other system calls. Grouping system calls related
>to the same event is more efficient. See the following example:
>
><pre>
>-a always,exit -F arch=b32 -S unlink -F auid&gt;=1000 -F auid!=4294967295 -k perm_mod
>-a always,exit -F arch=b64 -S unlink -F auid&gt;=1000 -F auid!=4294967295 -k perm_mod</pre></div></div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">audit augenrules</span>Â 
>        <span class="label label-default">oval:ssg-test_audit_rules_augenrules:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>Requires=augenrules.service</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules 32-bit file eacces</span>Â 
>        <span class="label label-default">oval:ssg-test_32bit_arufm_eacces_unlink_augenrules:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/access.rules</td><td>-a always,exit -F arch=b32 -S unlink -F exit=-EACCES -F auid&gt;=1000 -F auid!=unset -F key=access</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules 32-bit file eperm</span>Â 
>        <span class="label label-default">oval:ssg-test_32bit_arufm_eperm_unlink_augenrules:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/access.rules</td><td>-a always,exit -F arch=b32 -S unlink -F exit=-EPERM -F auid&gt;=1000 -F auid!=unset -F key=access</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_x86_64:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_ppc_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="64 bit architecture">oval:ssg-object_system_info_architecture_ppcle_64:obj:1</abbr></strong> of type
>                <strong>uname_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_aarch_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_s390_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules 64-bit file eacces</span>Â 
>        <span class="label label-default">oval:ssg-test_64bit_arufm_eacces_unlink_augenrules:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/access.rules</td><td>-a always,exit -F arch=b64 -S unlink -F exit=-EACCES -F auid&gt;=1000 -F auid!=unset -F key=access</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules 64-bit file eperm</span>Â 
>        <span class="label label-default">oval:ssg-test_64bit_arufm_eperm_unlink_augenrules:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/access.rules</td><td>-a always,exit -F arch=b64 -S unlink -F exit=-EPERM -F auid&gt;=1000 -F auid!=unset -F key=access</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl</span>Â 
>        <span class="label label-default">oval:ssg-test_audit_rules_auditctl:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_audit_rules_auditctl:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>^ExecStartPost=\-\/sbin\/auditctl.*$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl 32-bit file eacces</span>Â 
>        <span class="label label-default">oval:ssg-test_32bit_arufm_eacces_unlink_auditctl:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-a always,exit -F arch=b32 -S unlink -F exit=-EACCES -F auid&gt;=1000 -F auid!=unset -F key=access</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl 32-bit file eperm</span>Â 
>        <span class="label label-default">oval:ssg-test_32bit_arufm_eperm_unlink_auditctl:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-a always,exit -F arch=b32 -S unlink -F exit=-EPERM -F auid&gt;=1000 -F auid!=unset -F key=access</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_x86_64:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_ppc_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="64 bit architecture">oval:ssg-object_system_info_architecture_ppcle_64:obj:1</abbr></strong> of type
>                <strong>uname_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_aarch_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_s390_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl 64-bit file eacces</span>Â 
>        <span class="label label-default">oval:ssg-test_64bit_arufm_eacces_unlink_auditctl:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-a always,exit -F arch=b64 -S unlink -F exit=-EACCES -F auid&gt;=1000 -F auid!=unset -F key=access</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl 64-bit file eperm</span>Â 
>        <span class="label label-default">oval:ssg-test_64bit_arufm_eperm_unlink_auditctl:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-a always,exit -F arch=b64 -S unlink -F exit=-EPERM -F auid&gt;=1000 -F auid!=unset -F key=access</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_unlinkat" id="rule-detail-id34364"><div class="keywords sr-only">Record Unsuccessful Delete Attempts to Files - unlinkatxccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_unlinkat mediumCCE-85704-5 </div><div class="panel-heading"><h3 class="panel-title">Record Unsuccessful Delete Attempts to Files - unlinkat</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_unlinkat</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-audit_rules_unsuccessful_file_modification_unlinkat:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:07+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
>            <abbr title="https://ncp.nist.gov/cce: CCE-85704-5">CCE-85704-5</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
>            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000172</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002884</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12.1(iv)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.2.4</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.2.1</a>, <a href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">10.2.1.1</a>, <a href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">10.2.1.4</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000064-GPOS-00033</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000392-GPOS-00172</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000458-GPOS-00203</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000461-GPOS-00205</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000468-GPOS-00212</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">SLES-15-030740</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-234973r622137_rule</a></p></td></tr><tr><td>Description</td><td><div class="description">
>The operating system must generate audit records for all uses of the <code>unlinkat</code> system call.
>Without generating audit records specific to the security and mission needs of the organization, it would be
>difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
>Audit records can be generated from various components within the information system (e.g., module or policy filter).
>Add or update the following lines to <code>/etc/audit/rules.d/audit.rules</code> to configure the operating system to generate
>an audit record for all uses of the <code>unlinkat</code> system call:
><pre>
>-a always,exit -F arch=b32 -S unlinkat -F auid&gt;=1000 -F auid!=-1 -k perm_mod
>-a always,exit -F arch=b64 -S unlinkat -F auid&gt;=1000 -F auid!=-1 -k perm_mod</pre></div></td></tr><tr><td>Rationale</td><td><div class="rationale">Unsuccessful attempts to delete files could be an indicator of malicious activity on a system. Auditing
>these events could serve as evidence of potential system compromise.</div></td></tr><tr><td>Warnings</td><td><div class="panel panel-warning"><div class="panel-heading"><span class="label label-warning">warning</span>Â 
>                                Note that these rules can be configured in a
>number of ways while still achieving the desired effect. Here the system calls
>have been placed independent of other system calls. Grouping system calls related
>to the same event is more efficient. See the following example:
>
><pre>
>-a always,exit -F arch=b32 -S unlinkat -F auid&gt;=1000 -F auid!=4294967295 -k perm_mod
>-a always,exit -F arch=b64 -S unlinkat -F auid&gt;=1000 -F auid!=4294967295 -k perm_mod</pre></div></div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">audit augenrules</span>Â 
>        <span class="label label-default">oval:ssg-test_audit_rules_augenrules:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>Requires=augenrules.service</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules 32-bit file eacces</span>Â 
>        <span class="label label-default">oval:ssg-test_32bit_arufm_eacces_unlinkat_augenrules:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/access.rules</td><td>-a always,exit -F arch=b32 -S unlinkat -F exit=-EACCES -F auid&gt;=1000 -F auid!=unset -F key=access</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules 32-bit file eperm</span>Â 
>        <span class="label label-default">oval:ssg-test_32bit_arufm_eperm_unlinkat_augenrules:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/access.rules</td><td>-a always,exit -F arch=b32 -S unlinkat -F exit=-EPERM -F auid&gt;=1000 -F auid!=unset -F key=access</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_x86_64:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_ppc_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="64 bit architecture">oval:ssg-object_system_info_architecture_ppcle_64:obj:1</abbr></strong> of type
>                <strong>uname_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_aarch_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_s390_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules 64-bit file eacces</span>Â 
>        <span class="label label-default">oval:ssg-test_64bit_arufm_eacces_unlinkat_augenrules:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/access.rules</td><td>-a always,exit -F arch=b64 -S unlinkat -F exit=-EACCES -F auid&gt;=1000 -F auid!=unset -F key=access</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules 64-bit file eperm</span>Â 
>        <span class="label label-default">oval:ssg-test_64bit_arufm_eperm_unlinkat_augenrules:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/access.rules</td><td>-a always,exit -F arch=b64 -S unlinkat -F exit=-EPERM -F auid&gt;=1000 -F auid!=unset -F key=access
></td></tr></tbody></table><h4><span class="label label-primary">audit auditctl</span>Â 
>        <span class="label label-default">oval:ssg-test_audit_rules_auditctl:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_audit_rules_auditctl:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>^ExecStartPost=\-\/sbin\/auditctl.*$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl 32-bit file eacces</span>Â 
>        <span class="label label-default">oval:ssg-test_32bit_arufm_eacces_unlinkat_auditctl:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-a always,exit -F arch=b32 -S unlinkat -F exit=-EACCES -F auid&gt;=1000 -F auid!=unset -F key=access</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl 32-bit file eperm</span>Â 
>        <span class="label label-default">oval:ssg-test_32bit_arufm_eperm_unlinkat_auditctl:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-a always,exit -F arch=b32 -S unlinkat -F exit=-EPERM -F auid&gt;=1000 -F auid!=unset -F key=access</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_x86_64:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_ppc_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="64 bit architecture">oval:ssg-object_system_info_architecture_ppcle_64:obj:1</abbr></strong> of type
>                <strong>uname_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_aarch_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_s390_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl 64-bit file eacces</span>Â 
>        <span class="label label-default">oval:ssg-test_64bit_arufm_eacces_unlinkat_auditctl:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-a always,exit -F arch=b64 -S unlinkat -F exit=-EACCES -F auid&gt;=1000 -F auid!=unset -F key=access</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl 64-bit file eperm</span>Â 
>        <span class="label label-default">oval:ssg-test_64bit_arufm_eperm_unlinkat_auditctl:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-a always,exit -F arch=b64 -S unlinkat -F exit=-EPERM -F auid&gt;=1000 -F auid!=unset -F key=access</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_kernel_module_loading_delete" id="rule-detail-id34365"><div class="keywords sr-only">Ensure auditd Collects Information on Kernel Module Unloading - delete_modulexccdf_org.ssgproject.content_rule_audit_rules_kernel_module_loading_delete mediumCCE-85748-2 </div><div class="panel-heading"><h3 class="panel-title">Ensure auditd Collects Information on Kernel Module Unloading - delete_module</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_kernel_module_loading_delete</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-audit_rules_kernel_module_loading_delete:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:07+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
>            <abbr title="https://ncp.nist.gov/cce: CCE-85748-2">CCE-85748-2</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
>            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R73)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000130</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000135</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000172</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002884</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-3</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-3.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12.1(ii)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12.1(iv)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">MA-4(1)(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.2.7</a>, <a href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">10.2.1.7</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000037-GPOS-00015</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000042-GPOS-00020</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000062-GPOS-00031</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000392-GPOS-00172</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000462-GPOS-00206</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000471-GPOS-00215</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000471-GPOS-00216</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000477-GPOS-00222</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">SLES-15-030520</a>, <a href="https://www.cisecurity.org/benchmark/suse_linux/">4.1.16</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-234951r622137_rule</a></p></td></tr><tr><td>Description</td><td><div class="description">To capture kernel module unloading events, use following line, setting ARCH to
>either b32 for 32-bit system, or having two lines for both b32 and b64 in case your system is 64-bit:
>
><pre>-a always,exit -F arch=<i>ARCH</i> -S delete_module -F key=modules</pre>
>
>
>Place to add the line depends on a way <code>auditd</code> daemon is configured. If it is configured
>to use the <code>augenrules</code> program (the default), add the line to a file with suffix
><code>.rules</code> in the directory <code>/etc/audit/rules.d</code>.
>
>If the <code>auditd</code> daemon is configured to use the <code>auditctl</code> utility,
>add the line to file <code>/etc/audit/audit.rules</code>.</div></td></tr><tr><td>Rationale</td><td><div class="rationale">The removal of kernel modules can be used to alter the behavior of
>the kernel and potentially introduce malicious code into kernel space. It is important
>to have an audit trail of modules that have been introduced into the kernel.</div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">audit augenrules</span>Â 
>        <span class="label label-default">oval:ssg-test_audit_rules_augenrules:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>Requires=augenrules.service</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules 32-bit delete_module</span>Â 
>        <span class="label label-default">oval:ssg-test_32bit_ardm_delete_module_augenrules:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/modules.rules</td><td>-a always,exit -F arch=b32 -S delete_module -F key=modules</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_x86_64:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_ppc_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="64 bit architecture">oval:ssg-object_system_info_architecture_ppcle_64:obj:1</abbr></strong> of type
>                <strong>uname_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_aarch_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_s390_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules 64-bit delete_module</span>Â 
>        <span class="label label-default">oval:ssg-test_64bit_ardm_delete_module_augenrules:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/modules.rules</td><td>-a always,exit -F arch=b64 -S delete_module -F key=modules</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl</span>Â 
>        <span class="label label-default">oval:ssg-test_audit_rules_auditctl:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_audit_rules_auditctl:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>^ExecStartPost=\-\/sbin\/auditctl.*$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl 32-bit delete_module</span>Â 
>        <span class="label label-default">oval:ssg-test_32bit_ardm_delete_module_auditctl:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-a always,exit -F arch=b32 -S delete_module -F key=modules</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_x86_64:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_ppc_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="64 bit architecture">oval:ssg-object_system_info_architecture_ppcle_64:obj:1</abbr></strong> of type
>                <strong>uname_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_aarch_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_s390_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl 64-bit delete_module</span>Â 
>        <span class="label label-default">oval:ssg-test_64bit_ardm_delete_module_auditctl:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-a always,exit -F arch=b64 -S delete_module -F key=modules</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_kernel_module_loading_finit" id="rule-detail-id34366"><div class="keywords sr-only">Ensure auditd Collects Information on Kernel Module Loading and Unloading - finit_modulexccdf_org.ssgproject.content_rule_audit_rules_kernel_module_loading_finit mediumCCE-85749-0 </div><div class="panel-heading"><h3 class="panel-title">Ensure auditd Collects Information on Kernel Module Loading and Unloading - finit_module</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_kernel_module_loading_finit</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-audit_rules_kernel_module_loading_finit:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:07+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
>            <abbr title="https://ncp.nist.gov/cce: CCE-85749-0">CCE-85749-0</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
>            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R73)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000130</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000135</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000172</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002884</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-3</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-3.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12.1(ii)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12.1(iv)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">MA-4(1)(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.2.7</a>, <a href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">10.2.1.7</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000037-GPOS-00015</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000042-GPOS-00020</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000062-GPOS-00031</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000392-GPOS-00172</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000462-GPOS-00206</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000471-GPOS-00215</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000471-GPOS-00216</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000477-GPOS-00222</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">SLES-15-030530</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-234952r622137_rule</a></p></td></tr><tr><td>Description</td><td><div class="description">If the <code>auditd</code> daemon is configured to use the <code>augenrules</code> program
>to read audit rules during daemon startup (the default), add the following lines to a file
>with suffix <code>.rules</code> in the directory <code>/etc/audit/rules.d</code> to capture kernel module
>loading and unloading events, setting ARCH to either b32 or b64 as appropriate for your system:
>
><pre>-a always,exit -F arch=<i>ARCH</i> -S finit_module -F key=modules</pre>
>    If the <code>auditd</code> daemon is configured to use the <code>auditctl</code> utility to read audit
>rules during daemon startup, add the following lines to <code>/etc/audit/audit.rules</code> file
>in order to capture kernel module loading and unloading events, setting ARCH to either b32 or
>b64 as appropriate for your system:
>
><pre>-a always,exit -F arch=<i>ARCH</i> -S finit_module -F key=modules</pre></div></td></tr><tr><td>Rationale</td><td><div class="rationale">The addition/removal of kernel modules can be used to alter the behavior of
>the kernel and potentially introduce malicious code into kernel space. It is important
>to have an audit trail of modules that have been introduced into the kernel.</div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">audit augenrules</span>Â 
>        <span class="label label-default">oval:ssg-test_audit_rules_augenrules:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>Requires=augenrules.service</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules 32-bit finit_module</span>Â 
>        <span class="label label-default">oval:ssg-test_32bit_ardm_finit_module_augenrules:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/modules.rules</td><td>-a always,exit -F arch=b32 -S finit_module -F key=modules</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_x86_64:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_ppc_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="64 bit architecture">oval:ssg-object_system_info_architecture_ppcle_64:obj:1</abbr></strong> of type
>                <strong>uname_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_aarch_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_s390_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules 64-bit finit_module</span>Â 
>        <span class="label label-default">oval:ssg-test_64bit_ardm_finit_module_augenrules:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/modules.rules</td><td>-a always,exit -F arch=b64 -S finit_module -F key=modules</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl</span>Â 
>        <span class="label label-default">oval:ssg-test_audit_rules_auditctl:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_audit_rules_auditctl:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>^ExecStartPost=\-\/sbin\/auditctl.*$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl 32-bit finit_module</span>Â 
>        <span class="label label-default">oval:ssg-test_32bit_ardm_finit_module_auditctl:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-a always,exit -F arch=b32 -S finit_module -F key=modules</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_x86_64:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_ppc_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="64 bit architecture">oval:ssg-object_system_info_architecture_ppcle_64:obj:1</abbr></strong> of type
>                <strong>uname_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_aarch_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_s390_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl 64-bit finit_module</span>Â 
>        <span class="label label-default">oval:ssg-test_64bit_ardm_finit_module_auditctl:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-a always,exit -F arch=b64 -S finit_module -F key=modules</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_kernel_module_loading_init" id="rule-detail-id34367"><div class="keywords sr-only">Ensure auditd Collects Information on Kernel Module Loading - init_modulexccdf_org.ssgproject.content_rule_audit_rules_kernel_module_loading_init mediumCCE-85750-8 </div><div class="panel-heading"><h3 class="panel-title">Ensure auditd Collects Information on Kernel Module Loading - init_module</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_kernel_module_loading_init</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-audit_rules_kernel_module_loading_init:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:07+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
>            <abbr title="https://ncp.nist.gov/cce: CCE-85750-8">CCE-85750-8</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
>            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R73)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000130</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000135</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000172</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002884</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-3</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-3.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12.1(ii)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12.1(iv)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">MA-4(1)(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.2.7</a>, <a href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">10.2.1.7</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000037-GPOS-00015</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000042-GPOS-00020</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000062-GPOS-00031</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000392-GPOS-00172</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000462-GPOS-00206</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000471-GPOS-00215</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000471-GPOS-00216</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000477-GPOS-00222</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">SLES-15-030530</a>, <a href="https://www.cisecurity.org/benchmark/suse_linux/">4.1.16</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-234952r622137_rule</a></p></td></tr><tr><td>Description</td><td><div class="description">To capture kernel module loading events, use following line, setting ARCH to
>either b32 for 32-bit system, or having two lines for both b32 and b64 in case your system is 64-bit:
>
><pre>-a always,exit -F arch=<i>ARCH</i> -S init_module -F key=modules</pre>
>
>
>Place to add the line depends on a way <code>auditd</code> daemon is configured. If it is configured
>to use the <code>augenrules</code> program (the default), add the line to a file with suffix
><code>.rules</code> in the directory <code>/etc/audit/rules.d</code>.
>
>If the <code>auditd</code> daemon is configured to use the <code>auditctl</code> utility,
>add the line to file <code>/etc/audit/audit.rules</code>.</div></td></tr><tr><td>Rationale</td><td><div class="rationale">The addition of kernel modules can be used to alter the behavior of
>the kernel and potentially introduce malicious code into kernel space. It is important
>to have an audit trail of modules that have been introduced into the kernel.</div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">audit augenrules</span>Â 
>        <span class="label label-default">oval:ssg-test_audit_rules_augenrules:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>Requires=augenrules.service</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules 32-bit init_module</span>Â 
>        <span class="label label-default">oval:ssg-test_32bit_ardm_init_module_augenrules:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/modules.rules</td><td>-a always,exit -F arch=b32 -S init_module -F key=modules</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_x86_64:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_ppc_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="64 bit architecture">oval:ssg-object_system_info_architecture_ppcle_64:obj:1</abbr></strong> of type
>                <strong>uname_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_aarch_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_s390_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules 64-bit init_module</span>Â 
>        <span class="label label-default">oval:ssg-test_64bit_ardm_init_module_augenrules:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/modules.rules</td><td>-a always,exit -F arch=b64 -S init_module -F key=modules</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl</span>Â 
>        <span class="label label-default">oval:ssg-test_audit_rules_auditctl:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_audit_rules_auditctl:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>^ExecStartPost=\-\/sbin\/auditctl.*$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl 32-bit init_module</span>Â 
>        <span class="label label-default">oval:ssg-test_32bit_ardm_init_module_auditctl:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-a always,exit -F arch=b32 -S init_module -F key=modules</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_x86_64:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_ppc_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="64 bit architecture">oval:ssg-object_system_info_architecture_ppcle_64:obj:1</abbr></strong> of type
>                <strong>uname_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_aarch_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_s390_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl 64-bit init_module</span>Â 
>        <span class="label label-default">oval:ssg-test_64bit_ardm_init_module_auditctl:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-a always,exit -F arch=b64 -S init_module -F key=modules</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_login_events_faillock" id="rule-detail-id34368"><div class="keywords sr-only">Record Attempts to Alter Logon and Logout Events - faillockxccdf_org.ssgproject.content_rule_audit_rules_login_events_faillock mediumCCE-91449-9 </div><div class="panel-heading"><h3 class="panel-title">Record Attempts to Alter Logon and Logout Events - faillock</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_login_events_faillock</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-audit_rules_login_events_faillock:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:07+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
>            <abbr title="https://ncp.nist.gov/cce: CCE-91449-9">CCE-91449-9</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
>            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R73)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000126</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000172</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002884</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.2.3</a>, <a href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">10.2.1.3</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000392-GPOS-00172</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000470-GPOS-00214</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000473-GPOS-00218</a>, <a href="https://www.cisecurity.org/benchmark/suse_linux/">4.1.7</a></p></td></tr><tr><td>Description</td><td><div class="description">The audit system already collects login information for all users
>and root. If the <code>auditd</code> daemon is configured to use the
><code>augenrules</code> program to read audit rules during daemon startup (the
>default), add the following lines to a file with suffix <code>.rules</code> in the
>directory <code>/etc/audit/rules.d</code> in order to watch for attempted manual
>edits of files involved in storing logon events:
><pre>-w /var/run/faillock -p wa -k logins</pre>
>If the <code>auditd</code> daemon is configured to use the <code>auditctl</code>
>utility to read audit rules during daemon startup, add the following lines to
><code>/etc/audit/audit.rules</code> file in order to watch for unattempted manual
>edits of files involved in storing logon events:
><pre>-w /var/run/faillock -p wa -k logins</pre></div></td></tr><tr><td>Rationale</td><td><div class="rationale">Manual editing of these files may indicate nefarious activity, such
>as an attacker attempting to remove evidence of an intrusion.</div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">audit augenrules</span>Â 
>        <span class="label label-default">oval:ssg-test_audit_rules_augenrules:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>Requires=augenrules.service</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules faillock</span>Â 
>        <span class="label label-default">oval:ssg-test_arle_faillock_augenrules:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/logins.rules</td><td>-w /var/run/faillock -p wa -k logins</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl</span>Â 
>        <span class="label label-default">oval:ssg-test_audit_rules_auditctl:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_audit_rules_auditctl:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>^ExecStartPost=\-\/sbin\/auditctl.*$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl faillock</span>Â 
>        <span class="label label-default">oval:ssg-test_arle_faillock_auditctl:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-w /var/run/faillock -p wa -k logins</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_login_events_lastlog" id="rule-detail-id34369"><div class="keywords sr-only">Record Attempts to Alter Logon and Logout Events - lastlogxccdf_org.ssgproject.content_rule_audit_rules_login_events_lastlog mediumCCE-85598-1 </div><div class="panel-heading"><h3 class="panel-title">Record Attempts to Alter Logon and Logout Events - lastlog</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_login_events_lastlog</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-audit_rules_login_events_lastlog:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:07+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
>            <abbr title="https://ncp.nist.gov/cce: CCE-85598-1">CCE-85598-1</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
>            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R73)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000126</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000130</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000135</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000172</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002884</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.2.3</a>, <a href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">10.2.1.3</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000037-GPOS-00015</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000042-GPOS-00020</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000062-GPOS-00031</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000392-GPOS-00172</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000462-GPOS-00206</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000471-GPOS-00215</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000473-GPOS-00218</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000470-GPOS-00214</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">SLES-15-030480</a>, <a href="https://www.cisecurity.org/benchmark/suse_linux/">4.1.7</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-234947r622137_rule</a></p></td></tr><tr><td>Description</td><td><div class="description">The audit system already collects login information for all users
>and root. If the <code>auditd</code> daemon is configured to use the
><code>augenrules</code> program to read audit rules during daemon startup (the
>default), add the following lines to a file with suffix <code>.rules</code> in the
>directory <code>/etc/audit/rules.d</code> in order to watch for attempted manual
>edits of files involved in storing logon events:
><pre>-w /var/log/lastlog -p wa -k logins</pre>
>If the <code>auditd</code> daemon is configured to use the <code>auditctl</code>
>utility to read audit rules during daemon startup, add the following lines to
><code>/etc/audit/audit.rules</code> file in order to watch for unattempted manual
>edits of files involved in storing logon events:
><pre>-w /var/log/lastlog -p wa -k logins</pre></div></td></tr><tr><td>Rationale</td><td><div class="rationale">Manual editing of these files may indicate nefarious activity, such
>as an attacker attempting to remove evidence of an intrusion.</div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">audit augenrules</span>Â 
>        <span class="label label-default">oval:ssg-test_audit_rules_augenrules:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>Requires=augenrules.service</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules lastlog</span>Â 
>        <span class="label label-default">oval:ssg-test_arle_lastlog_augenrules:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/logins.rules</td><td>-w /var/log/lastlog -p wa -k logins</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl</span>Â 
>        <span class="label label-default">oval:ssg-test_audit_rules_auditctl:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_audit_rules_auditctl:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>^ExecStartPost=\-\/sbin\/auditctl.*$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl lastlog</span>Â 
>        <span class="label label-default">oval:ssg-test_arle_lastlog_auditctl:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-w /var/log/lastlog -p wa -k logins</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_login_events_tallylog" id="rule-detail-id34370"><div class="keywords sr-only">Record Attempts to Alter Logon and Logout Events - tallylogxccdf_org.ssgproject.content_rule_audit_rules_login_events_tallylog mediumCCE-85597-3 </div><div class="panel-heading"><h3 class="panel-title">Record Attempts to Alter Logon and Logout Events - tallylog</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_login_events_tallylog</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-audit_rules_login_events_tallylog:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:07+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
>            <abbr title="https://ncp.nist.gov/cce: CCE-85597-3">CCE-85597-3</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
>            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000172</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002884</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000126</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.2.3</a>, <a href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">10.2.1.3</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000392-GPOS-00172</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000470-GPOS-00214</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000473-GPOS-00218</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">SLES-15-030470</a>, <a href="https://www.cisecurity.org/benchmark/suse_linux/">4.1.7</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-234946r622137_rule</a></p></td></tr><tr><td>Description</td><td><div class="description">The audit system already collects login information for all users
>and root. If the <code>auditd</code> daemon is configured to use the
><code>augenrules</code> program to read audit rules during daemon startup (the
>default), add the following lines to a file with suffix <code>.rules</code> in the
>directory <code>/etc/audit/rules.d</code> in order to watch for attempted manual
>edits of files involved in storing logon events:
><pre>-w /var/log/tallylog -p wa -k logins</pre>
>If the <code>auditd</code> daemon is configured to use the <code>auditctl</code>
>utility to read audit rules during daemon startup, add the following lines to
><code>/etc/audit/audit.rules</code> file in order to watch for unattempted manual
>edits of files involved in storing logon events:
><pre>-w /var/log/tallylog -p wa -k logins</pre></div></td></tr><tr><td>Rationale</td><td><div class="rationale">Manual editing of these files may indicate nefarious activity, such
>as an attacker attempting to remove evidence of an intrusion.</div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">audit augenrules</span>Â 
>        <span class="label label-default">oval:ssg-test_audit_rules_augenrules:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>Requires=augenrules.service</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules tallylog</span>Â 
>        <span class="label label-default">oval:ssg-test_arle_tallylog_augenrules:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/logins.rules</td><td>-w /var/log/tallylog -p wa -k logins</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl</span>Â 
>        <span class="label label-default">oval:ssg-test_audit_rules_auditctl:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_audit_rules_auditctl:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>^ExecStartPost=\-\/sbin\/auditctl.*$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl tallylog</span>Â 
>        <span class="label label-default">oval:ssg-test_arle_tallylog_auditctl:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-w /var/log/tallylog -p wa -k logins</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_chage" id="rule-detail-id34371"><div class="keywords sr-only">Ensure auditd Collects Information on the Use of Privileged Commands - chagexccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_chage mediumCCE-85587-4 </div><div class="panel-heading"><h3 class="panel-title">Ensure auditd Collects Information on the Use of Privileged Commands - chage</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_chage</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-audit_rules_privileged_commands_chage:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:07+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
>            <abbr title="https://ncp.nist.gov/cce: CCE-85587-4">CCE-85587-4</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
>            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000130</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000135</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000172</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002884</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-004-6 R2.2.2</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-004-6 R2.2.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R.1.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.1.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.1.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.2.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.2.3</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-2(4)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000037-GPOS-00015</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000042-GPOS-00020</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000062-GPOS-00031</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000392-GPOS-00172</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000462-GPOS-00206</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000468-GPOS-00212</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000471-GPOS-00215</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=application-servers">SRG-APP-000029-CTR-000085</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">SLES-15-030120</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-234911r622137_rule</a></p></td></tr><tr><td>Description</td><td><div class="description">At a minimum, the audit system should collect the execution of
>privileged commands for all users and root. If the <code>auditd</code> daemon is
>configured to use the <code>augenrules</code> program to read audit rules during
>daemon startup (the default), add a line of the following form to a file with
>suffix <code>.rules</code> in the directory <code>/etc/audit/rules.d</code>:
><pre>-a always,exit -F path=/usr/bin/chage -F perm=x -F auid&gt;=1000 -F auid!=unset -F key=privileged</pre>
>If the <code>auditd</code> daemon is configured to use the <code>auditctl</code>
>utility to read audit rules during daemon startup, add a line of the following
>form to <code>/etc/audit/audit.rules</code>:
><pre>-a always,exit -F path=/usr/bin/chage -F perm=x -F auid&gt;=1000 -F auid!=unset -F key=privileged</pre></div></td></tr><tr><td>Rationale</td><td><div class="rationale">Misuse of privileged functions, either intentionally or unintentionally by
>authorized users, or by unauthorized external entities that have compromised system accounts,
>is a serious and ongoing concern and can have significant adverse impacts on organizations.
>Auditing the use of privileged functions is one way to detect such misuse and identify
>the risk from insider and advanced persistent threats.
><br><br>
>Privileged programs are subject to escalation-of-privilege attacks,
>which attempt to subvert their normal role of providing some necessary but
>limited capability. As such, motivation exists to monitor these programs for
>unusual activity.</div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">audit augenrules</span>Â 
>        <span class="label label-default">oval:ssg-test_audit_rules_augenrules:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>Requires=augenrules.service</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules chage</span>Â 
>        <span class="label label-default">oval:ssg-test_audit_rules_privileged_commands_chage_augenrules:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/privileged.rules</td><td>-a always,exit -F path=/usr/bin/chage -F perm=x -F auid&gt;=1000 -F auid!=unset -F key=privileged</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl</span>Â 
>        <span class="label label-default">oval:ssg-test_audit_rules_auditctl:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_audit_rules_auditctl:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>^ExecStartPost=\-\/sbin\/auditctl.*$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl chage</span>Â 
>        <span class="label label-default">oval:ssg-test_audit_rules_privileged_commands_chage_auditctl:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-a always,exit -F path=/usr/bin/chage -F perm=x -F auid&gt;=1000 -F auid!=unset -F key=privileged</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_chfn" id="rule-detail-id34372"><div class="keywords sr-only">Ensure auditd Collects Information on the Use of Privileged Commands - chfnxccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_chfn mediumCCE-85589-0 </div><div class="panel-heading"><h3 class="panel-title">Ensure auditd Collects Information on the Use of Privileged Commands - chfn</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_chfn</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-audit_rules_privileged_commands_chfn:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:07+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
>            <abbr title="https://ncp.nist.gov/cce: CCE-85589-0">CCE-85589-0</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
>            <a href="https://public.cyber.mil/stigs/cci/">CCI-000130</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000172</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002884</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-3</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">MA-4(1)(a)</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">SLES-15-030340</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-234933r622137_rule</a></p></td></tr><tr><td>Description</td><td><div class="description">At a minimum, the audit system should collect the execution of
>privileged commands for all users and root. If the <code>auditd</code> daemon is
>configured to use the <code>augenrules</code> program to read audit rules during
>daemon startup (the default), add a line of the following form to a file with
>suffix <code>.rules</code> in the directory <code>/etc/audit/rules.d</code>:
><pre>-a always,exit -F path=/usr/bin/chfn -F perm=x -F auid&gt;=1000 -F auid!=unset -F key=privileged</pre>
>If the <code>auditd</code> daemon is configured to use the <code>auditctl</code>
>utility to read audit rules during daemon startup, add a line of the following
>form to <code>/etc/audit/audit.rules</code>:
><pre>-a always,exit -F path=/usr/bin/chfn -F perm=x -F auid&gt;=1000 -F auid!=unset -F key=privileged</pre></div></td></tr><tr><td>Rationale</td><td><div class="rationale">Without generating audit records that are specific to the security and
>mission needs of the organization, it would be difficult to establish,
>correlate, and investigate the events relating to an incident or identify
>those responsible for one.
>
>Audit records can be generated from various components within the
>information system (e.g., module or policy filter).</div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">audit augenrules</span>Â 
>        <span class="label label-default">oval:ssg-test_audit_rules_augenrules:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>Requires=augenrules.service</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules chfn</span>Â 
>        <span class="label label-default">oval:ssg-test_audit_rules_privileged_commands_chfn_augenrules:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/privileged.rules</td><td>-a always,exit -F path=/usr/bin/chfn -F perm=x -F auid&gt;=1000 -F auid!=unset -F key=privileged</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl</span>Â 
>        <span class="label label-default">oval:ssg-test_audit_rules_auditctl:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_audit_rules_auditctl:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>^ExecStartPost=\-\/sbin\/auditctl.*$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl chfn</span>Â 
>        <span class="label label-default">oval:ssg-test_audit_rules_privileged_commands_chfn_auditctl:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-a always,exit -F path=/usr/bin/chfn -F perm=x -F auid&gt;=1000 -F auid!=unset -F key=privileged</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_chsh" id="rule-detail-id34373"><div class="keywords sr-only">Ensure auditd Collects Information on the Use of Privileged Commands - chshxccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_chsh mediumCCE-85586-6 </div><div class="panel-heading"><h3 class="panel-title">Ensure auditd Collects Information on the Use of Privileged Commands - chsh</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_chsh</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-audit_rules_privileged_commands_chsh:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:07+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
>            <abbr title="https://ncp.nist.gov/cce: CCE-85586-6">CCE-85586-6</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
>            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000130</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000135</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000172</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002884</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-004-6 R2.2.2</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-004-6 R2.2.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R.1.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.1.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.1.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.2.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.2.3</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-2(4)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000037-GPOS-00015</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000042-GPOS-00020</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000062-GPOS-00031</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000392-GPOS-00172</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000462-GPOS-00206</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000471-GPOS-00215</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">SLES-15-030100</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-234909r622137_rule</a></p></td></tr><tr><td>Description</td><td><div class="description">At a minimum, the audit system should collect the execution of
>privileged commands for all users and root. If the <code>auditd</code> daemon is
>configured to use the <code>augenrules</code> program to read audit rules during
>daemon startup (the default), add a line of the following form to a file with
>suffix <code>.rules</code> in the directory <code>/etc/audit/rules.d</code>:
><pre>-a always,exit -F path=/usr/bin/chsh -F perm=x -F auid&gt;=1000 -F auid!=unset -F key=privileged</pre>
>If the <code>auditd</code> daemon is configured to use the <code>auditctl</code>
>utility to read audit rules during daemon startup, add a line of the following
>form to <code>/etc/audit/audit.rules</code>:
><pre>-a always,exit -F path=/usr/bin/chsh -F perm=x -F auid&gt;=1000 -F auid!=unset -F key=privileged</pre></div></td></tr><tr><td>Rationale</td><td><div class="rationale">Misuse of privileged functions, either intentionally or unintentionally by
>authorized users, or by unauthorized external entities that have compromised system accounts,
>is a serious and ongoing concern and can have significant adverse impacts on organizations.
>Auditing the use of privileged functions is one way to detect such misuse and identify
>the risk from insider and advanced persistent threats.
><br><br>
>Privileged programs are subject to escalation-of-privilege attacks,
>which attempt to subvert their normal role of providing some necessary but
>limited capability. As such, motivation exists to monitor these programs for
>unusual activity.</div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">audit augenrules</span>Â 
>        <span class="label label-default">oval:ssg-test_audit_rules_augenrules:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>Requires=augenrules.service</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules chsh</span>Â 
>        <span class="label label-default">oval:ssg-test_audit_rules_privileged_commands_chsh_augenrules:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/privileged.rules</td><td>-a always,exit -F path=/usr/bin/chsh -F perm=x -F auid&gt;=1000 -F auid!=unset -F key=privileged</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl</span>Â 
>        <span class="label label-default">oval:ssg-test_audit_rules_auditctl:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_audit_rules_auditctl:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>^ExecStartPost=\-\/sbin\/auditctl.*$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl chsh</span>Â 
>        <span class="label label-default">oval:ssg-test_audit_rules_privileged_commands_chsh_auditctl:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-a always,exit -F path=/usr/bin/chsh -F perm=x -F auid&gt;=1000 -F auid!=unset -F key=privileged</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_crontab" id="rule-detail-id34374"><div class="keywords sr-only">Ensure auditd Collects Information on the Use of Privileged Commands - crontabxccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_crontab mediumCCE-85588-2 </div><div class="panel-heading"><h3 class="panel-title">Ensure auditd Collects Information on the Use of Privileged Commands - crontab</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_crontab</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-audit_rules_privileged_commands_crontab:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:07+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
>            <abbr title="https://ncp.nist.gov/cce: CCE-85588-2">CCE-85588-2</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
>            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000130</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000135</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000172</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002884</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000037-GPOS-00015</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000042-GPOS-00020</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000062-GPOS-00031</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000392-GPOS-00172</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000462-GPOS-00206</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000471-GPOS-00215</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">SLES-15-030130</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-234912r622137_rule</a></p></td></tr><tr><td>Description</td><td><div class="description">At a minimum, the audit system should collect the execution of
>privileged commands for all users and root. If the <code>auditd</code> daemon is
>configured to use the <code>augenrules</code> program to read audit rules during
>daemon startup (the default), add a line of the following form to a file with
>suffix <code>.rules</code> in the directory <code>/etc/audit/rules.d</code>:
><pre>-a always,exit -F path=/usr/bin/crontab -F perm=x -F auid&gt;=1000 -F auid!=unset -F key=privileged</pre>
>If the <code>auditd</code> daemon is configured to use the <code>auditctl</code>
>utility to read audit rules during daemon startup, add a line of the following
>form to <code>/etc/audit/audit.rules</code>:
><pre>-a always,exit -F path=/usr/bin/crontab -F perm=x -F auid&gt;=1000 -F auid!=unset -F key=privileged</pre></div></td></tr><tr><td>Rationale</td><td><div class="rationale">Misuse of privileged functions, either intentionally or unintentionally by
>authorized users, or by unauthorized external entities that have compromised system accounts,
>is a serious and ongoing concern and can have significant adverse impacts on organizations.
>Auditing the use of privileged functions is one way to detect such misuse and identify
>the risk from insider and advanced persistent threats.
><br><br>
>Privileged programs are subject to escalation-of-privilege attacks,
>which attempt to subvert their normal role of providing some necessary but
>limited capability. As such, motivation exists to monitor these programs for
>unusual activity.</div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">audit augenrules</span>Â 
>        <span class="label label-default">oval:ssg-test_audit_rules_augenrules:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>Requires=augenrules.service</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules crontab</span>Â 
>        <span class="label label-default">oval:ssg-test_audit_rules_privileged_commands_crontab_augenrules:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/privileged.rules</td><td>-a always,exit -F path=/usr/bin/crontab -F perm=x -F auid&gt;=1000 -F auid!=unset -F key=privileged</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl</span>Â 
>        <span class="label label-default">oval:ssg-test_audit_rules_auditctl:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_audit_rules_auditctl:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>^ExecStartPost=\-\/sbin\/auditctl.*$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl crontab</span>Â 
>        <span class="label label-default">oval:ssg-test_audit_rules_privileged_commands_crontab_auditctl:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-a always,exit -F path=/usr/bin/crontab -F perm=x -F auid&gt;=1000 -F auid!=unset -F key=privileged</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_gpasswd" id="rule-detail-id34375"><div class="keywords sr-only">Ensure auditd Collects Information on the Use of Privileged Commands - gpasswdxccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_gpasswd mediumCCE-85584-1 </div><div class="panel-heading"><h3 class="panel-title">Ensure auditd Collects Information on the Use of Privileged Commands - gpasswd</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_gpasswd</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-audit_rules_privileged_commands_gpasswd:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:07+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
>            <abbr title="https://ncp.nist.gov/cce: CCE-85584-1">CCE-85584-1</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
>            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000130</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000135</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000172</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002884</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-004-6 R2.2.2</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-004-6 R2.2.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R.1.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.1.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.1.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.2.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.2.3</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-2(4)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000037-GPOS-00015</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000042-GPOS-00020</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000062-GPOS-00031</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000392-GPOS-00172</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000462-GPOS-00206</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000471-GPOS-00215</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=application-servers">SRG-APP-000029-CTR-000085</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">SLES-15-030080</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-234907r622137_rule</a></p></td></tr><tr><td>Description</td><td><div class="description">At a minimum, the audit system should collect the execution of
>privileged commands for all users and root. If the <code>auditd</code> daemon is
>configured to use the <code>augenrules</code> program to read audit rules during
>daemon startup (the default), add a line of the following form to a file with
>suffix <code>.rules</code> in the directory <code>/etc/audit/rules.d</code>:
><pre>-a always,exit -F path=/usr/bin/gpasswd -F perm=x -F auid&gt;=1000 -F auid!=unset -F key=privileged</pre>
>If the <code>auditd</code> daemon is configured to use the <code>auditctl</code>
>utility to read audit rules during daemon startup, add a line of the following
>form to <code>/etc/audit/audit.rules</code>:
><pre>-a always,exit -F path=/usr/bin/gpasswd -F perm=x -F auid&gt;=1000 -F auid!=unset -F key=privileged</pre></div></td></tr><tr><td>Rationale</td><td><div class="rationale">Misuse of privileged functions, either intentionally or unintentionally by
>authorized users, or by unauthorized external entities that have compromised system accounts,
>is a serious and ongoing concern and can have significant adverse impacts on organizations.
>Auditing the use of privileged functions is one way to detect such misuse and identify
>the risk from insider and advanced persistent threats.
><br><br>
>Privileged programs are subject to escalation-of-privilege attacks,
>which attempt to subvert their normal role of providing some necessary but
>limited capability. As such, motivation exists to monitor these programs for
>unusual activity.</div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">audit augenrules</span>Â 
>        <span class="label label-default">oval:ssg-test_audit_rules_augenrules:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>Requires=augenrules.service</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules gpasswd</span>Â 
>        <span class="label label-default">oval:ssg-test_audit_rules_privileged_commands_gpasswd_augenrules:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/privileged.rules</td><td>-a always,exit -F path=/usr/bin/gpasswd -F perm=x -F auid&gt;=1000 -F auid!=unset -F key=privileged</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl</span>Â 
>        <span class="label label-default">oval:ssg-test_audit_rules_auditctl:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_audit_rules_auditctl:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>^ExecStartPost=\-\/sbin\/auditctl.*$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl gpasswd</span>Â 
>        <span class="label label-default">oval:ssg-test_audit_rules_privileged_commands_gpasswd_auditctl:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-a always,exit -F path=/usr/bin/gpasswd -F perm=x -F auid&gt;=1000 -F auid!=unset -F key=privileged</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_insmod" id="rule-detail-id34376"><div class="keywords sr-only">Ensure auditd Collects Information on the Use of Privileged Commands - insmodxccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_insmod mediumCCE-85744-1 </div><div class="panel-heading"><h3 class="panel-title">Ensure auditd Collects Information on the Use of Privileged Commands - insmod</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_insmod</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-audit_rules_privileged_commands_insmod:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:07+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
>            <abbr title="https://ncp.nist.gov/cce: CCE-85744-1">CCE-85744-1</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
>            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R73)</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000130</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000172</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002884</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12.1(iv)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-3</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-3.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12.1(ii)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">MA-4(1)(a)</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000037-GPOS-00015</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000062-GPOS-00031</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000392-GPOS-00172</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000462-GPOS-00206</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000471-GPOS-00215</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">SLES-15-030380</a>, <a href="https://www.cisecurity.org/benchmark/suse_linux/">4.1.16</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-234937r622137_rule</a></p></td></tr><tr><td>Description</td><td><div class="description">At a minimum, the audit system should collect the execution of
>privileged commands for all users and root. If the <code>auditd</code> daemon is
>configured to use the <code>augenrules</code> program to read audit rules during
>daemon startup (the default), add a line of the following form to a file with
>suffix <code>.rules</code> in the directory <code>/etc/audit/rules.d</code>:
><pre>-w /sbin/insmod -p x -k modules</pre></div></td></tr><tr><td>Rationale</td><td><div class="rationale">Misuse of privileged functions, either intentionally or unintentionally by
>authorized users, or by unauthorized external entities that have compromised system accounts,
>is a serious and ongoing concern and can have significant adverse impacts on organizations.
>Auditing the use of privileged functions is one way to detect such misuse and identify
>the risk from insider and advanced persistent threats.
><br><br>
>Privileged programs are subject to escalation-of-privilege attacks,
>which attempt to subvert their normal role of providing some necessary but
>limited capability. As such, motivation exists to monitor these programs for
>unusual activity.</div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">audit augenrules</span>Â 
>        <span class="label label-default">oval:ssg-test_audit_rules_augenrules:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>Requires=augenrules.service</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules insmod</span>Â 
>        <span class="label label-default">oval:ssg-test_insmod_augenrules:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/modules.rules</td><td>-w /sbin/insmod -p x -k modules</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl</span>Â 
>        <span class="label label-default">oval:ssg-test_audit_rules_auditctl:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_audit_rules_auditctl:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>^ExecStartPost=\-\/sbin\/auditctl.*$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl insmod</span>Â 
>        <span class="label label-default">oval:ssg-test_insmod_auditctl:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-w /sbin/insmod -p x -k modules</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_kmod" id="rule-detail-id34377"><div class="keywords sr-only">Ensure auditd Collects Information on the Use of Privileged Commands - kmodxccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_kmod mediumCCE-85591-6 </div><div class="panel-heading"><h3 class="panel-title">Ensure auditd Collects Information on the Use of Privileged Commands - kmod</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_kmod</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-audit_rules_privileged_commands_kmod:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:07+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
>            <abbr title="https://ncp.nist.gov/cce: CCE-85591-6">CCE-85591-6</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
>            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R73)</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000130</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000135</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000172</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002884</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-3</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-3.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12.1(ii)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12.1(iv)AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">MA-4(1)(a)</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000037-GPOS-00015</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000042-GPOS-00020</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000062-GPOS-00031</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000392-GPOS-00172</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000462-GPOS-00206</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000471-GPOS-00215</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000471-GPOS-00216</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000477-GPOS-00222</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">SLES-15-030410</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-234940r622137_rule</a></p></td></tr><tr><td>Description</td><td><div class="description">At a minimum, the audit system should collect the execution of
>privileged commands for all users and root. If the <code>auditd</code> daemon is
>configured to use the <code>augenrules</code> program to read audit rules during
>daemon startup (the default), add a line of the following form to a file with
>suffix <code>.rules</code> in the directory <code>/etc/audit/rules.d</code>:
><pre>-w /usr/bin/kmod -p x -k modules</pre>
>If the <code>auditd</code> daemon is configured to use the <code>auditctl</code>
>utility to read audit rules during daemon startup, add a line of the following
>form to <code>/etc/audit/audit.rules</code>:
><pre>-w /usr/bin/kmod -p x -k modules</pre></div></td></tr><tr><td>Rationale</td><td><div class="rationale">Without generating audit records that are specific to the security and
>mission needs of the organization, it would be difficult to establish,
>correlate, and investigate the events relating to an incident or identify
>those responsible for one.
>
>Audit records can be generated from various components within the
>information system (e.g., module or policy filter).</div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">audit augenrules</span>Â 
>        <span class="label label-default">oval:ssg-test_audit_rules_augenrules:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>Requires=augenrules.service</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules kmod</span>Â 
>        <span class="label label-default">oval:ssg-test_kmod_augenrules:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/modules.rules</td><td>-w /usr/bin/kmod -p x -k modules</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl</span>Â 
>        <span class="label label-default">oval:ssg-test_audit_rules_auditctl:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_audit_rules_auditctl:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>^ExecStartPost=\-\/sbin\/auditctl.*$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl kmod</span>Â 
>        <span class="label label-default">oval:ssg-test_kmod_auditctl:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-w /usr/bin/kmod -p x -k modules</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_modprobe" id="rule-detail-id34378"><div class="keywords sr-only">Ensure auditd Collects Information on the Use of Privileged Commands - modprobexccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_modprobe mediumCCE-85731-8 </div><div class="panel-heading"><h3 class="panel-title">Ensure auditd Collects Information on the Use of Privileged Commands - modprobe</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_modprobe</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-audit_rules_privileged_commands_modprobe:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:07+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
>            <abbr title="https://ncp.nist.gov/cce: CCE-85731-8">CCE-85731-8</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
>            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R73)</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000130</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000172</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002884</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12.1(ii)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-3</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-3.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12.1(iv)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">MA-4(1)(a)</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000037-GPOS-00015</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000062-GPOS-00031</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000392-GPOS-00172</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000462-GPOS-00206</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000471-GPOS-00215</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">SLES-15-030400</a>, <a href="https://www.cisecurity.org/benchmark/suse_linux/">4.1.16</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-234939r622137_rule</a></p></td></tr><tr><td>Description</td><td><div class="description">At a minimum, the audit system should collect the execution of
>privileged commands for all users and root. If the <code>auditd</code> daemon is
>configured to use the <code>augenrules</code> program to read audit rules during
>daemon startup (the default), add a line of the following form to a file with
>suffix <code>.rules</code> in the directory <code>/etc/audit/rules.d</code>:
><pre>-w /sbin/modprobe -p x -k modules</pre>
>If the <code>auditd</code> daemon is configured to use the <code>auditctl</code>
>utility to read audit rules during daemon startup, add a line of the following
>form to <code>/etc/audit/audit.rules</code>:
><pre>-w /sbin/modprobe -p x -k modules</pre></div></td></tr><tr><td>Rationale</td><td><div class="rationale">Misuse of privileged functions, either intentionally or unintentionally by
>authorized users, or by unauthorized external entities that have compromised system accounts,
>is a serious and ongoing concern and can have significant adverse impacts on organizations.
>Auditing the use of privileged functions is one way to detect such misuse and identify
>the risk from insider and advanced persistent threats.
><br><br>
>Privileged programs are subject to escalation-of-privilege attacks,
>which attempt to subvert their normal role of providing some necessary but
>limited capability. As such, motivation exists to monitor these programs for
>unusual activity.</div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">audit augenrules</span>Â 
>        <span class="label label-default">oval:ssg-test_audit_rules_augenrules:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>Requires=augenrules.service</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules modprobe</span>Â 
>        <span class="label label-default">oval:ssg-test_modprobe_augenrules:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/modules.rules</td><td>-w /sbin/modprobe -p x -k modules</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl</span>Â 
>        <span class="label label-default">oval:ssg-test_audit_rules_auditctl:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_audit_rules_auditctl:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>^ExecStartPost=\-\/sbin\/auditctl.*$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl modprobe</span>Â 
>        <span class="label label-default">oval:ssg-test_modprobe_auditctl:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-w /sbin/modprobe -p x -k modules</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_newgrp" id="rule-detail-id34379"><div class="keywords sr-only">Ensure auditd Collects Information on the Use of Privileged Commands - newgrpxccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_newgrp mediumCCE-85585-8 </div><div class="panel-heading"><h3 class="panel-title">Ensure auditd Collects Information on the Use of Privileged Commands - newgrp</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_newgrp</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-audit_rules_privileged_commands_newgrp:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:07+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
>            <abbr title="https://ncp.nist.gov/cce: CCE-85585-8">CCE-85585-8</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
>            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000130</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000135</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000172</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002884</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-004-6 R2.2.2</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-004-6 R2.2.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R.1.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.1.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.1.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.2.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.2.3</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-2(4)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000037-GPOS-00015</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000042-GPOS-00020</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000062-GPOS-00031</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000392-GPOS-00172</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000462-GPOS-00206</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000471-GPOS-00215</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=application-servers">SRG-APP-000029-CTR-000085</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">SLES-15-030090</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-234908r622137_rule</a></p></td></tr><tr><td>Description</td><td><div class="description">At a minimum, the audit system should collect the execution of
>privileged commands for all users and root. If the <code>auditd</code> daemon is
>configured to use the <code>augenrules</code> program to read audit rules during
>daemon startup (the default), add a line of the following form to a file with
>suffix <code>.rules</code> in the directory <code>/etc/audit/rules.d</code>:
><pre>-a always,exit -F path=/usr/bin/newgrp -F perm=x -F auid&gt;=1000 -F auid!=unset -F key=privileged</pre>
>If the <code>auditd</code> daemon is configured to use the <code>auditctl</code>
>utility to read audit rules during daemon startup, add a line of the following
>form to <code>/etc/audit/audit.rules</code>:
><pre>-a always,exit -F path=/usr/bin/newgrp -F perm=x -F auid&gt;=1000 -F auid!=unset -F key=privileged</pre></div></td></tr><tr><td>Rationale</td><td><div class="rationale">Misuse of privileged functions, either intentionally or unintentionally by
>authorized users, or by unauthorized external entities that have compromised system accounts,
>is a serious and ongoing concern and can have significant adverse impacts on organizations.
>Auditing the use of privileged functions is one way to detect such misuse and identify
>the risk from insider and advanced persistent threats.
><br><br>
>Privileged programs are subject to escalation-of-privilege attacks,
>which attempt to subvert their normal role of providing some necessary but
>limited capability. As such, motivation exists to monitor these programs for
>unusual activity.</div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">audit augenrules</span>Â 
>        <span class="label label-default">oval:ssg-test_audit_rules_augenrules:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>Requires=augenrules.service</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules newgrp</span>Â 
>        <span class="label label-default">oval:ssg-test_audit_rules_privileged_commands_newgrp_augenrules:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/privileged.rules</td><td>-a always,exit -F path=/usr/bin/newgrp -F perm=x -F auid&gt;=1000 -F auid!=unset -F key=privileged</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl</span>Â 
>        <span class="label label-default">oval:ssg-test_audit_rules_auditctl:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_audit_rules_auditctl:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>^ExecStartPost=\-\/sbin\/auditctl.*$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl newgrp</span>Â 
>        <span class="label label-default">oval:ssg-test_audit_rules_privileged_commands_newgrp_auditctl:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-a always,exit -F path=/usr/bin/newgrp -F perm=x -F auid&gt;=1000 -F auid!=unset -F key=privileged</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_pam_timestamp_check" id="rule-detail-id34380"><div class="keywords sr-only">Ensure auditd Collects Information on the Use of Privileged Commands - pam_timestamp_checkxccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_pam_timestamp_check mediumCCE-85601-3 </div><div class="panel-heading"><h3 class="panel-title">Ensure auditd Collects Information on the Use of Privileged Commands - pam_timestamp_check</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_pam_timestamp_check</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-audit_rules_privileged_commands_pam_timestamp_check:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:07+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
>            <abbr title="https://ncp.nist.gov/cce: CCE-85601-3">CCE-85601-3</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
>            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000130</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000135</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000172</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002884</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000037-GPOS-00015</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000042-GPOS-00020</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000062-GPOS-00031</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000392-GPOS-00172</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000462-GPOS-00206</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000471-GPOS-00215</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=application-servers">SRG-APP-000029-CTR-000085</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">SLES-15-030510</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-234950r622137_rule</a></p></td></tr><tr><td>Description</td><td><div class="description">At a minimum, the audit system should collect the execution of
>privileged commands for all users and root. If the <code>auditd</code> daemon is
>configured to use the <code>augenrules</code> program to read audit rules during
>daemon startup (the default), add a line of the following form to a file with
>suffix <code>.rules</code> in the directory <code>/etc/audit/rules.d</code>:
><pre>-a always,exit -F path=/sbin/pam_timestamp_check
>-F perm=x -F auid&gt;=1000 -F auid!=unset -F key=privileged</pre>
>If the <code>auditd</code> daemon is configured to use the <code>auditctl</code>
>utility to read audit rules during daemon startup, add a line of the following
>form to <code>/etc/audit/audit.rules</code>:
><pre>-a always,exit -F path=/sbin/pam_timestamp_check
>-F perm=x -F auid&gt;=1000 -F auid!=unset -F key=privileged</pre></div></td></tr><tr><td>Rationale</td><td><div class="rationale">Misuse of privileged functions, either intentionally or unintentionally by
>authorized users, or by unauthorized external entities that have compromised system accounts,
>is a serious and ongoing concern and can have significant adverse impacts on organizations.
>Auditing the use of privileged functions is one way to detect such misuse and identify
>the risk from insider and advanced persistent threats.
><br><br>
>Privileged programs are subject to escalation-of-privilege attacks,
>which attempt to subvert their normal role of providing some necessary but
>limited capability. As such, motivation exists to monitor these programs for
>unusual activity.</div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">audit augenrules</span>Â 
>        <span class="label label-default">oval:ssg-test_audit_rules_augenrules:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>Requires=augenrules.service</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules pam_timestamp_check</span>Â 
>        <span class="label label-default">oval:ssg-test_audit_rules_privileged_commands_pam_timestamp_check_augenrules:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/privileged.rules</td><td>-a always,exit -F path=/sbin/pam_timestamp_check -F perm=x -F auid&gt;=1000 -F auid!=unset -F key=privileged</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl</span>Â 
>        <span class="label label-default">oval:ssg-test_audit_rules_auditctl:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_audit_rules_auditctl:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>^ExecStartPost=\-\/sbin\/auditctl.*$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl pam_timestamp_check</span>Â 
>        <span class="label label-default">oval:ssg-test_audit_rules_privileged_commands_pam_timestamp_check_auditctl:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-a always,exit -F path=/sbin/pam_timestamp_check -F perm=x -F auid&gt;=1000 -F auid!=unset -F key=privileged</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_passmass" id="rule-detail-id34381"><div class="keywords sr-only">Ensure auditd Collects Information on the Use of Privileged Commands - passmassxccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_passmass mediumCCE-85599-9 </div><div class="panel-heading"><h3 class="panel-title">Ensure auditd Collects Information on the Use of Privileged Commands - passmass</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_passmass</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-audit_rules_privileged_commands_passmass:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:07+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
>            <abbr title="https://ncp.nist.gov/cce: CCE-85599-9">CCE-85599-9</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
>            <a href="https://public.cyber.mil/stigs/cci/">CCI-000130</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000172</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002884</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000037-GPOS-00015</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">SLES-15-030490</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-234948r622137_rule</a></p></td></tr><tr><td>Description</td><td><div class="description">At a minimum, the audit system should collect the execution of
>privileged commands for all users and root. If the <code>auditd</code> daemon is
>configured to use the <code>augenrules</code> program to read audit rules during
>daemon startup (the default), add a line of the following form to a file with
>suffix <code>.rules</code> in the directory <code>/etc/audit/rules.d</code>:
><pre>-a always,exit -F path=/usr/bin/passmass -F perm=x -F auid&gt;=1000 -F auid!=unset -F key=privileged</pre>
>If the <code>auditd</code> daemon is configured to use the <code>auditctl</code>
>utility to read audit rules during daemon startup, add a line of the following
>form to <code>/etc/audit/audit.rules</code>:
><pre>-a always,exit -F path=/usr/bin/passmass -F perm=x -F auid&gt;=1000 -F auid!=unset -F key=privileged</pre></div></td></tr><tr><td>Rationale</td><td><div class="rationale">Misuse of privileged functions, either intentionally or unintentionally by
>authorized users, or by unauthorized external entities that have compromised system accounts,
>is a serious and ongoing concern and can have significant adverse impacts on organizations.
>Auditing the use of privileged functions is one way to detect such misuse and identify
>the risk from insider and advanced persistent threats.
><br><br>
>Privileged programs are subject to escalation-of-privilege attacks,
>which attempt to subvert their normal role of providing some necessary but
>limited capability. As such, motivation exists to monitor these programs for
>unusual activity.</div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">audit augenrules</span>Â 
>        <span class="label label-default">oval:ssg-test_audit_rules_augenrules:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>Requires=augenrules.service</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules passmass</span>Â 
>        <span class="label label-default">oval:ssg-test_audit_rules_privileged_commands_passmass_augenrules:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/privileged.rules</td><td>-a always,exit -F path=/usr/bin/passmass -F perm=x -F auid&gt;=1000 -F auid!=unset -F key=privileged</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl</span>Â 
>        <span class="label label-default">oval:ssg-test_audit_rules_auditctl:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_audit_rules_auditctl:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>^ExecStartPost=\-\/sbin\/auditctl.*$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl passmass</span>Â 
>        <span class="label label-default">oval:ssg-test_audit_rules_privileged_commands_passmass_auditctl:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-a always,exit -F path=/usr/bin/passmass -F perm=x -F auid&gt;=1000 -F auid!=unset -F key=privileged</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_passwd" id="rule-detail-id34382"><div class="keywords sr-only">Ensure auditd Collects Information on the Use of Privileged Commands - passwdxccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_passwd mediumCCE-85583-3 </div><div class="panel-heading"><h3 class="panel-title">Ensure auditd Collects Information on the Use of Privileged Commands - passwd</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_passwd</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-audit_rules_privileged_commands_passwd:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:07+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
>            <abbr title="https://ncp.nist.gov/cce: CCE-85583-3">CCE-85583-3</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
>            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000130</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000135</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000172</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002884</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-004-6 R2.2.2</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-004-6 R2.2.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R.1.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.1.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.1.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.2.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.2.3</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-2(4)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000037-GPOS-00015</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000042-GPOS-00020</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000062-GPOS-00031</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000392-GPOS-00172</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000462-GPOS-00206</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000471-GPOS-00215</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=application-servers">SRG-APP-000029-CTR-000085</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">SLES-15-030070</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-234906r622137_rule</a></p></td></tr><tr><td>Description</td><td><div class="description">At a minimum, the audit system should collect the execution of
>privileged commands for all users and root. If the <code>auditd</code> daemon is
>configured to use the <code>augenrules</code> program to read audit rules during
>daemon startup (the default), add a line of the following form to a file with
>suffix <code>.rules</code> in the directory <code>/etc/audit/rules.d</code>:
><pre>-a always,exit -F path=/usr/bin/passwd -F perm=x -F auid&gt;=1000 -F auid!=unset -F key=privileged</pre>
>If the <code>auditd</code> daemon is configured to use the <code>auditctl</code>
>utility to read audit rules during daemon startup, add a line of the following
>form to <code>/etc/audit/audit.rules</code>:
><pre>-a always,exit -F path=/usr/bin/passwd -F perm=x -F auid&gt;=1000 -F auid!=unset -F key=privileged</pre></div></td></tr><tr><td>Rationale</td><td><div class="rationale">Misuse of privileged functions, either intentionally or unintentionally by
>authorized users, or by unauthorized external entities that have compromised system accounts,
>is a serious and ongoing concern and can have significant adverse impacts on organizations.
>Auditing the use of privileged functions is one way to detect such misuse and identify
>the risk from insider and advanced persistent threats.
><br><br>
>Privileged programs are subject to escalation-of-privilege attacks,
>which attempt to subvert their normal role of providing some necessary but
>limited capability. As such, motivation exists to monitor these programs for
>unusual activity.</div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">audit augenrules</span>Â 
>        <span class="label label-default">oval:ssg-test_audit_rules_augenrules:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>Requires=augenrules.service</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules passwd</span>Â 
>        <span class="label label-default">oval:ssg-test_audit_rules_privileged_commands_passwd_augenrules:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/privileged.rules</td><td>-a always,exit -F path=/usr/bin/passwd -F perm=x -F auid&gt;=1000 -F auid!=unset -F key=privileged</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl</span>Â 
>        <span class="label label-default">oval:ssg-test_audit_rules_auditctl:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_audit_rules_auditctl:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>^ExecStartPost=\-\/sbin\/auditctl.*$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl passwd</span>Â 
>        <span class="label label-default">oval:ssg-test_audit_rules_privileged_commands_passwd_auditctl:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-a always,exit -F path=/usr/bin/passwd -F perm=x -F auid&gt;=1000 -F auid!=unset -F key=privileged</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_rmmod" id="rule-detail-id34383"><div class="keywords sr-only">Ensure auditd Collects Information on the Use of Privileged Commands - rmmodxccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_rmmod mediumCCE-85732-6 </div><div class="panel-heading"><h3 class="panel-title">Ensure auditd Collects Information on the Use of Privileged Commands - rmmod</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_rmmod</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-audit_rules_privileged_commands_rmmod:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:07+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
>            <abbr title="https://ncp.nist.gov/cce: CCE-85732-6">CCE-85732-6</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
>            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R73)</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000130</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000172</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002884</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12.1(iv)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-3</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-3.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12.1(ii)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">MA-4(1)(a)</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000037-GPOS-00015</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000062-GPOS-00031</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000392-GPOS-00172</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000462-GPOS-00206</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000471-GPOS-00215</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">SLES-15-030390</a>, <a href="https://www.cisecurity.org/benchmark/suse_linux/">4.1.16</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-234938r622137_rule</a></p></td></tr><tr><td>Description</td><td><div class="description">At a minimum, the audit system should collect the execution of
>privileged commands for all users and root. If the <code>auditd</code> daemon is
>configured to use the <code>augenrules</code> program to read audit rules during
>daemon startup (the default), add a line of the following form to a file with
>suffix <code>.rules</code> in the directory <code>/etc/audit/rules.d</code>:
><pre>-w /sbin/rmmod -p x -k modules</pre></div></td></tr><tr><td>Rationale</td><td><div class="rationale">Misuse of privileged functions, either intentionally or unintentionally by
>authorized users, or by unauthorized external entities that have compromised system accounts,
>is a serious and ongoing concern and can have significant adverse impacts on organizations.
>Auditing the use of privileged functions is one way to detect such misuse and identify
>the risk from insider and advanced persistent threats.
><br><br>
>Privileged programs are subject to escalation-of-privilege attacks,
>which attempt to subvert their normal role of providing some necessary but
>limited capability. As such, motivation exists to monitor these programs for
>unusual activity.</div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">audit augenrules</span>Â 
>        <span class="label label-default">oval:ssg-test_audit_rules_augenrules:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>Requires=augenrules.service</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules rmmod</span>Â 
>        <span class="label label-default">oval:ssg-test_rmmod_augenrules:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/modules.rules</td><td>-w /sbin/rmmod -p x -k modules</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl</span>Â 
>        <span class="label label-default">oval:ssg-test_audit_rules_auditctl:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_audit_rules_auditctl:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>^ExecStartPost=\-\/sbin\/auditctl.*$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl rmmod</span>Â 
>        <span class="label label-default">oval:ssg-test_rmmod_auditctl:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-w /sbin/rmmod -p x -k modules</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_ssh_agent" id="rule-detail-id34384"><div class="keywords sr-only">Record Any Attempts to Run ssh-agentxccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_ssh_agent mediumCCE-85590-8 </div><div class="panel-heading"><h3 class="panel-title">Record Any Attempts to Run ssh-agent</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_ssh_agent</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-audit_rules_privileged_commands_ssh_agent:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:07+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
>            <abbr title="https://ncp.nist.gov/cce: CCE-85590-8">CCE-85590-8</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
>            <a href="https://public.cyber.mil/stigs/cci/">CCI-000130</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000135</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000172</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002884</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000037-GPOS-00015</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000042-GPOS-00020</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000062-GPOS-00031</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000392-GPOS-00172</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000462-GPOS-00206</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000471-GPOS-00215</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">SLES-15-030370</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-234936r622137_rule</a></p></td></tr><tr><td>Description</td><td><div class="description">At a minimum, the audit system should collect any execution attempt
>of the <code>ssh-agent</code> command for all users and root. If the <code>auditd</code>
>daemon is configured to use the <code>augenrules</code> program to read audit rules
>during daemon startup (the default), add the following lines to a file with suffix
><code>.rules</code> in the directory <code>/etc/audit/rules.d</code>:
><pre>-a always,exit -F path=/usr/bin/ssh-agent -F perm=x -F auid&gt;=1000 -F auid!=unset -k privileged-ssh-agent</pre>
>If the <code>auditd</code> daemon is configured to use the <code>auditctl</code>
>utility to read audit rules during daemon startup, add the following lines to
><code>/etc/audit/audit.rules</code> file:
><pre>-a always,exit -F path=/usr/bin/ssh-agent -F perm=x -F auid&gt;=1000 -F auid!=unset -k privileged-ssh-agent</pre></div></td></tr><tr><td>Rationale</td><td><div class="rationale">Without generating audit records that are specific to the security and
>mission needs of the organization, it would be difficult to establish,
>correlate, and investigate the events relating to an incident or identify
>those responsible for one.
>
>Audit records can be generated from various components within the
>information system (e.g., module or policy filter).</div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">audit augenrules</span>Â 
>        <span class="label label-default">oval:ssg-test_audit_rules_augenrules:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>Requires=augenrules.service</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules ssh_agent</span>Â 
>        <span class="label label-default">oval:ssg-test_audit_rules_privileged_commands_ssh_agent_augenrules:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/privileged.rules</td><td>-a always,exit -F path=/usr/bin/ssh-agent -F perm=x -F auid&gt;=1000 -F auid!=unset -F key=privileged</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl</span>Â 
>        <span class="label label-default">oval:ssg-test_audit_rules_auditctl:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_audit_rules_auditctl:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>^ExecStartPost=\-\/sbin\/auditctl.*$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl ssh_agent</span>Â 
>        <span class="label label-default">oval:ssg-test_audit_rules_privileged_commands_ssh_agent_auditctl:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-a always,exit -F path=/usr/bin/ssh-agent -F perm=x -F auid&gt;=1000 -F auid!=unset -F key=privileged</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_ssh_keysign" id="rule-detail-id34385"><div class="keywords sr-only">Ensure auditd Collects Information on the Use of Privileged Commands - ssh-keysignxccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_ssh_keysign mediumCCE-85582-5 </div><div class="panel-heading"><h3 class="panel-title">Ensure auditd Collects Information on the Use of Privileged Commands - ssh-keysign</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_ssh_keysign</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-audit_rules_privileged_commands_ssh_keysign:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:07+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
>            <abbr title="https://ncp.nist.gov/cce: CCE-85582-5">CCE-85582-5</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
>            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000130</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000135</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000172</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002884</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000037-GPOS-00015</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000042-GPOS-00020</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000062-GPOS-00031</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000392-GPOS-00172</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000462-GPOS-00206</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000471-GPOS-00215</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=application-servers">SRG-APP-000029-CTR-000085</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">SLES-15-030060</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-234905r622137_rule</a></p></td></tr><tr><td>Description</td><td><div class="description">At a minimum, the audit system should collect the execution of
>privileged commands for all users and root. If the <code>auditd</code> daemon is
>configured to use the <code>augenrules</code> program to read audit rules during
>daemon startup (the default), add a line of the following form to a file with
>suffix <code>.rules</code> in the directory <code>/etc/audit/rules.d</code>:
><pre>-a always,exit -F path=/usr/lib/ssh/ssh-keysign -F perm=x -F auid&gt;=1000 -F auid!=unset -F key=privileged</pre>
>If the <code>auditd</code> daemon is configured to use the <code>auditctl</code>
>utility to read audit rules during daemon startup, add a line of the following
>form to <code>/etc/audit/audit.rules</code>:
><pre>-a always,exit -F path=/usr/lib/ssh/ssh-keysign -F perm=x -F auid&gt;=1000 -F auid!=unset -F key=privileged</pre></div></td></tr><tr><td>Rationale</td><td><div class="rationale">Misuse of privileged functions, either intentionally or unintentionally by
>authorized users, or by unauthorized external entities that have compromised system accounts,
>is a serious and ongoing concern and can have significant adverse impacts on organizations.
>Auditing the use of privileged functions is one way to detect such misuse and identify
>the risk from insider and advanced persistent threats.
><br><br>
>Privileged programs are subject to escalation-of-privilege attacks,
>which attempt to subvert their normal role of providing some necessary but
>limited capability. As such, motivation exists to monitor these programs for
>unusual activity.</div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">audit augenrules</span>Â 
>        <span class="label label-default">oval:ssg-test_audit_rules_augenrules:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>Requires=augenrules.service</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules ssh_keysign</span>Â 
>        <span class="label label-default">oval:ssg-test_audit_rules_privileged_commands_ssh_keysign_augenrules:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/privileged.rules</td><td>-a always,exit -F path=/usr/lib/ssh/ssh-keysign -F perm=x -F auid&gt;=1000 -F auid!=unset -F key=privileged</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl</span>Â 
>        <span class="label label-default">oval:ssg-test_audit_rules_auditctl:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_audit_rules_auditctl:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>^ExecStartPost=\-\/sbin\/auditctl.*$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl ssh_keysign</span>Â 
>        <span class="label label-default">oval:ssg-test_audit_rules_privileged_commands_ssh_keysign_auditctl:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-a always,exit -F path=/usr/lib/ssh/ssh-keysign -F perm=x -F auid&gt;=1000 -F auid!=unset -F key=privileged</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_su" id="rule-detail-id34386"><div class="keywords sr-only">Ensure auditd Collects Information on the Use of Privileged Commands - suxccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_su mediumCCE-85602-1 </div><div class="panel-heading"><h3 class="panel-title">Ensure auditd Collects Information on the Use of Privileged Commands - su</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_su</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-audit_rules_privileged_commands_su:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:07+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
>            <abbr title="https://ncp.nist.gov/cce: CCE-85602-1">CCE-85602-1</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
>            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000130</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000135</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000172</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002884</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000037-GPOS-00015</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000042-GPOS-00020</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000062-GPOS-00031</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000064-GPOS-0003</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000392-GPOS-00172</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000462-GPOS-00206</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000471-GPOS-00215</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000466-GPOS-00210</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=application-servers">SRG-APP-000029-CTR-000085</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">SLES-15-030550</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-234954r622137_rule</a></p></td></tr><tr><td>Description</td><td><div class="description">At a minimum, the audit system should collect the execution of
>privileged commands for all users and root. If the <code>auditd</code> daemon is
>configured to use the <code>augenrules</code> program to read audit rules during
>daemon startup (the default), add a line of the following form to a file with
>suffix <code>.rules</code> in the directory <code>/etc/audit/rules.d</code>:
><pre>-a always,exit -F path=/usr/bin/su -F perm=x -F auid&gt;=1000 -F auid!=unset -F key=privileged</pre>
>If the <code>auditd</code> daemon is configured to use the <code>auditctl</code>
>utility to read audit rules during daemon startup, add a line of the following
>form to <code>/etc/audit/audit.rules</code>:
><pre>-a always,exit -F path=/usr/bin/su -F perm=x -F auid&gt;=1000 -F auid!=unset -F key=privileged</pre></div></td></tr><tr><td>Rationale</td><td><div class="rationale">Misuse of privileged functions, either intentionally or unintentionally by
>authorized users, or by unauthorized external entities that have compromised system accounts,
>is a serious and ongoing concern and can have significant adverse impacts on organizations.
>Auditing the use of privileged functions is one way to detect such misuse and identify
>the risk from insider and advanced persistent threats.
><br><br>
>Privileged programs are subject to escalation-of-privilege attacks,
>which attempt to subvert their normal role of providing some necessary but
>limited capability. As such, motivation exists to monitor these programs for
>unusual activity.</div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">audit augenrules</span>Â 
>        <span class="label label-default">oval:ssg-test_audit_rules_augenrules:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>Requires=augenrules.service</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules su</span>Â 
>        <span class="label label-default">oval:ssg-test_audit_rules_privileged_commands_su_augenrules:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/privileged.rules</td><td>-a always,exit -F path=/usr/bin/su -F perm=x -F auid&gt;=1000 -F auid!=unset -F key=privileged</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl</span>Â 
>        <span class="label label-default">oval:ssg-test_audit_rules_auditctl:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_audit_rules_auditctl:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>^ExecStartPost=\-\/sbin\/auditctl.*$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl su</span>Â 
>        <span class="label label-default">oval:ssg-test_audit_rules_privileged_commands_su_auditctl:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-a always,exit -F path=/usr/bin/su -F perm=x -F auid&gt;=1000 -F auid!=unset -F key=privileged</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_sudo" id="rule-detail-id34387"><div class="keywords sr-only">Ensure auditd Collects Information on the Use of Privileged Commands - sudoxccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_sudo mediumCCE-85603-9 </div><div class="panel-heading"><h3 class="panel-title">Ensure auditd Collects Information on the Use of Privileged Commands - sudo</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_sudo</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-audit_rules_privileged_commands_sudo:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:07+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
>            <abbr title="https://ncp.nist.gov/cce: CCE-85603-9">CCE-85603-9</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
>            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R19)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000130</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000135</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000172</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002884</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000037-GPOS-00015</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000042-GPOS-00020</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000062-GPOS-00031</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000392-GPOS-00172</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000462-GPOS-00206</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000471-GPOS-00215</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000466-GPOS-00210</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=application-servers">SRG-APP-000029-CTR-000085</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">SLES-15-030560</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-234955r622137_rule</a></p></td></tr><tr><td>Description</td><td><div class="description">At a minimum, the audit system should collect the execution of
>privileged commands for all users and root. If the <code>auditd</code> daemon is
>configured to use the <code>augenrules</code> program to read audit rules during
>daemon startup (the default), add a line of the following form to a file with
>suffix <code>.rules</code> in the directory <code>/etc/audit/rules.d</code>:
><pre>-a always,exit -F path=/usr/bin/sudo -F perm=x -F auid&gt;=1000 -F auid!=unset -F key=privileged</pre>
>If the <code>auditd</code> daemon is configured to use the <code>auditctl</code>
>utility to read audit rules during daemon startup, add a line of the following
>form to <code>/etc/audit/audit.rules</code>:
><pre>-a always,exit -F path=/usr/bin/sudo -F perm=x -F auid&gt;=1000 -F auid!=unset -F key=privileged</pre></div></td></tr><tr><td>Rationale</td><td><div class="rationale">Misuse of privileged functions, either intentionally or unintentionally by
>authorized users, or by unauthorized external entities that have compromised system accounts,
>is a serious and ongoing concern and can have significant adverse impacts on organizations.
>Auditing the use of privileged functions is one way to detect such misuse and identify
>the risk from insider and advanced persistent threats.
><br><br>
>Privileged programs are subject to escalation-of-privilege attacks,
>which attempt to subvert their normal role of providing some necessary but
>limited capability. As such, motivation exists to monitor these programs for
>unusual activity.</div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">audit augenrules</span>Â 
>        <span class="label label-default">oval:ssg-test_audit_rules_augenrules:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>Requires=augenrules.service</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules sudo</span>Â 
>        <span class="label label-default">oval:ssg-test_audit_rules_privileged_commands_sudo_augenrules:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/privileged.rules</td><td>-a always,exit -F path=/usr/bin/sudo -F perm=x -F auid&gt;=1000 -F auid!=unset -F key=privileged</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl</span>Â 
>        <span class="label label-default">oval:ssg-test_audit_rules_auditctl:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_audit_rules_auditctl:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>^ExecStartPost=\-\/sbin\/auditctl.*$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl sudo</span>Â 
>        <span class="label label-default">oval:ssg-test_audit_rules_privileged_commands_sudo_auditctl:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-a always,exit -F path=/usr/bin/sudo -F perm=x -F auid&gt;=1000 -F auid!=unset -F key=privileged</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_sudoedit" id="rule-detail-id34388"><div class="keywords sr-only">Ensure auditd Collects Information on the Use of Privileged Commands - sudoeditxccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_sudoedit mediumCCE-85717-7 </div><div class="panel-heading"><h3 class="panel-title">Ensure auditd Collects Information on the Use of Privileged Commands - sudoedit</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_sudoedit</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-audit_rules_privileged_commands_sudoedit:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:07+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
>            <abbr title="https://ncp.nist.gov/cce: CCE-85717-7">CCE-85717-7</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
>            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000130</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000135</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000172</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002884</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-3</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-3.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12.1(ii)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12.1(iv)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000037-GPOS-00015</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000042-GPOS-00020</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000062-GPOS-00031</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000392-GPOS-00172</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000462-GPOS-00206</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000471-GPOS-00215</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">SLES-15-030330</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-234932r622137_rule</a></p></td></tr><tr><td>Description</td><td><div class="description">At a minimum, the audit system should collect the execution of
>privileged commands for all users and root. If the <code>auditd</code> daemon is
>configured to use the <code>augenrules</code> program to read audit rules during
>daemon startup (the default), add a line of the following form to a file with
>suffix <code>.rules</code> in the directory <code>/etc/audit/rules.d</code>:
><pre>-a always,exit -F path=/usr/bin/sudoedit -F perm=x -F auid&gt;=1000 -F auid!=unset -F key=privileged</pre>
>If the <code>auditd</code> daemon is configured to use the <code>auditctl</code>
>utility to read audit rules during daemon startup, add a line of the following
>form to <code>/etc/audit/audit.rules</code>:
><pre>-a always,exit -F path=/usr/bin/sudoedit -F perm=x -F auid&gt;=1000 -F auid!=unset -F key=privileged</pre></div></td></tr><tr><td>Rationale</td><td><div class="rationale">Misuse of privileged functions, either intentionally or unintentionally by
>authorized users, or by unauthorized external entities that have compromised system accounts,
>is a serious and ongoing concern and can have significant adverse impacts on organizations.
>Auditing the use of privileged functions is one way to detect such misuse and identify
>the risk from insider and advanced persistent threats.
><br><br>
>Privileged programs are subject to escalation-of-privilege attacks,
>which attempt to subvert their normal role of providing some necessary but
>limited capability. As such, motivation exists to monitor these programs for
>unusual activity.</div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">audit augenrules</span>Â 
>        <span class="label label-default">oval:ssg-test_audit_rules_augenrules:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>Requires=augenrules.service</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules sudoedit</span>Â 
>        <span class="label label-default">oval:ssg-test_audit_rules_privileged_commands_sudoedit_augenrules:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/privileged.rules</td><td>-a always,exit -F path=/usr/bin/sudoedit -F perm=x -F auid&gt;=1000 -F auid!=unset -F key=privileged</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl</span>Â 
>        <span class="label label-default">oval:ssg-test_audit_rules_auditctl:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_audit_rules_auditctl:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>^ExecStartPost=\-\/sbin\/auditctl.*$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl sudoedit</span>Â 
>        <span class="label label-default">oval:ssg-test_audit_rules_privileged_commands_sudoedit_auditctl:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-a always,exit -F path=/usr/bin/sudoedit -F perm=x -F auid&gt;=1000 -F auid!=unset -F key=privileged</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_unix2_chkpwd" id="rule-detail-id34389"><div class="keywords sr-only">Ensure auditd Collects Information on the Use of Privileged Commands - unix2_chkpwdxccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_unix2_chkpwd mediumCCE-85762-3 </div><div class="panel-heading"><h3 class="panel-title">Ensure auditd Collects Information on the Use of Privileged Commands - unix2_chkpwd</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_unix2_chkpwd</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-audit_rules_privileged_commands_unix2_chkpwd:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:07+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
>            <abbr title="https://ncp.nist.gov/cce: CCE-85762-3">CCE-85762-3</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
>            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000130</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000135</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000172</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002884</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-2(4)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-3</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-3.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12.1(ii)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12.1(iv)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">MA-4(1)(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000042-GPOS-00020</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000392-GPOS-00172</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000471-GPOS-00215</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000037-GPOS-00015</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">SLES-15-030110</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-234910r622137_rule</a></p></td></tr><tr><td>Description</td><td><div class="description">At a minimum, the audit system should collect the execution of
>privileged commands for all users and root. If the <code>auditd</code> daemon is
>configured to use the <code>augenrules</code> program to read audit rules during
>daemon startup (the default), add a line of the following form to a file with
>suffix <code>.rules</code> in the directory <code>/etc/audit/rules.d</code>:
><pre>-a always,exit -F path=/sbin/unix2_chkpwd -F perm=x -F auid&gt;=1000 -F auid!=unset -F key=privileged</pre>
>If the <code>auditd</code> daemon is configured to use the <code>auditctl</code>
>utility to read audit rules during daemon startup, add a line of the following
>form to <code>/etc/audit/audit.rules</code>:
><pre>-a always,exit -F path=/sbin/unix2_chkpwd -F perm=x -F auid&gt;=1000 -F auid!=unset -F key=privileged</pre></div></td></tr><tr><td>Rationale</td><td><div class="rationale">Misuse of privileged functions, either intentionally or unintentionally by
>authorized users, or by unauthorized external entities that have compromised system accounts,
>is a serious and ongoing concern and can have significant adverse impacts on organizations.
>Auditing the use of privileged functions is one way to detect such misuse and identify
>the risk from insider and advanced persistent threats.
><br><br>
>Privileged programs are subject to escalation-of-privilege attacks,
>which attempt to subvert their normal role of providing some necessary but
>limited capability. As such, motivation exists to monitor these programs for
>unusual activity.</div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">audit augenrules</span>Â 
>        <span class="label label-default">oval:ssg-test_audit_rules_augenrules:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>Requires=augenrules.service</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules unix2_chkpwd</span>Â 
>        <span class="label label-default">oval:ssg-test_audit_rules_privileged_commands_unix2_chkpwd_augenrules:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/privileged.rules</td><td>-a always,exit -F path=/sbin/unix2_chkpwd -F perm=x -F auid&gt;=1000 -F auid!=unset -F key=privileged</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl</span>Â 
>        <span class="label label-default">oval:ssg-test_audit_rules_auditctl:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_audit_rules_auditctl:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>^ExecStartPost=\-\/sbin\/auditctl.*$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl unix2_chkpwd</span>Â 
>        <span class="label label-default">oval:ssg-test_audit_rules_privileged_commands_unix2_chkpwd_auditctl:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-a always,exit -F path=/sbin/unix2_chkpwd -F perm=x -F auid&gt;=1000 -F auid!=unset -F key=privileged</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_unix_chkpwd" id="rule-detail-id34390"><div class="keywords sr-only">Ensure auditd Collects Information on the Use of Privileged Commands - unix_chkpwdxccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_unix_chkpwd mediumCCE-85727-6 </div><div class="panel-heading"><h3 class="panel-title">Ensure auditd Collects Information on the Use of Privileged Commands - unix_chkpwd</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_unix_chkpwd</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-audit_rules_privileged_commands_unix_chkpwd:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:07+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
>            <abbr title="https://ncp.nist.gov/cce: CCE-85727-6">CCE-85727-6</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
>            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000130</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000135</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000172</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002884</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-004-6 R2.2.2</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-004-6 R2.2.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R.1.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.1.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.1.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.2.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.2.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R6.5</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-2(4)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-3</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-3.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12.1(ii)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12.1(iv)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">MA-4(1)(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000037-GPOS-00015</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000042-GPOS-00020</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000062-GPOS-00031</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000392-GPOS-00172</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000462-GPOS-00206</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000471-GPOS-00215</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=application-servers">SRG-APP-000029-CTR-000085</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">SLES-15-030110</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-234910r622137_rule</a></p></td></tr><tr><td>Description</td><td><div class="description">At a minimum, the audit system should collect the execution of
>privileged commands for all users and root. If the <code>auditd</code> daemon is
>configured to use the <code>augenrules</code> program to read audit rules during
>daemon startup (the default), add a line of the following form to a file with
>suffix <code>.rules</code> in the directory <code>/etc/audit/rules.d</code>:
><pre>-a always,exit -F path=/usr/sbin/unix_chkpwd -F perm=x -F auid&gt;=1000 -F auid!=unset -F key=privileged</pre>
>If the <code>auditd</code> daemon is configured to use the <code>auditctl</code>
>utility to read audit rules during daemon startup, add a line of the following
>form to <code>/etc/audit/audit.rules</code>:
><pre>-a always,exit -F path=/usr/sbin/unix_chkpwd -F perm=x -F auid&gt;=1000 -F auid!=unset -F key=privileged</pre></div></td></tr><tr><td>Rationale</td><td><div class="rationale">Misuse of privileged functions, either intentionally or unintentionally by
>authorized users, or by unauthorized external entities that have compromised system accounts,
>is a serious and ongoing concern and can have significant adverse impacts on organizations.
>Auditing the use of privileged functions is one way to detect such misuse and identify
>the risk from insider and advanced persistent threats.
><br><br>
>Privileged programs are subject to escalation-of-privilege attacks,
>which attempt to subvert their normal role of providing some necessary but
>limited capability. As such, motivation exists to monitor these programs for
>unusual activity.</div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">audit augenrules</span>Â 
>        <span class="label label-default">oval:ssg-test_audit_rules_augenrules:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>Requires=augenrules.service</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules unix_chkpwd</span>Â 
>        <span class="label label-default">oval:ssg-test_audit_rules_privileged_commands_unix_chkpwd_augenrules:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/privileged.rules</td><td>-a always,exit -F path=/sbin/unix_chkpwd -F perm=x -F auid&gt;=1000 -F auid!=unset -F key=privileged</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl</span>Â 
>        <span class="label label-default">oval:ssg-test_audit_rules_auditctl:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_audit_rules_auditctl:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>^ExecStartPost=\-\/sbin\/auditctl.*$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl unix_chkpwd</span>Â 
>        <span class="label label-default">oval:ssg-test_audit_rules_privileged_commands_unix_chkpwd_auditctl:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-a always,exit -F path=/sbin/unix_chkpwd -F perm=x -F auid&gt;=1000 -F auid!=unset -F key=privileged</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_usermod" id="rule-detail-id34391"><div class="keywords sr-only">Ensure auditd Collects Information on the Use of Privileged Commands - usermodxccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_usermod mediumCCE-85600-5 </div><div class="panel-heading"><h3 class="panel-title">Ensure auditd Collects Information on the Use of Privileged Commands - usermod</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_usermod</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-audit_rules_privileged_commands_usermod:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:07+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
>            <abbr title="https://ncp.nist.gov/cce: CCE-85600-5">CCE-85600-5</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
>            <a href="https://public.cyber.mil/stigs/cci/">CCI-000130</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000135</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000172</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002884</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000037-GPOS-00015</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000042-GPOS-00020</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000062-GPOS-00031</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000392-GPOS-00172</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000462-GPOS-00206</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000471-GPOS-00215</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000466-GPOS-00210</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">SLES-15-030500</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-234949r622137_rule</a></p></td></tr><tr><td>Description</td><td><div class="description">At a minimum, the audit system should collect the execution of
>privileged commands for all users and root. If the <code>auditd</code> daemon is
>configured to use the <code>augenrules</code> program to read audit rules during
>daemon startup (the default), add a line of the following form to a file with
>suffix <code>.rules</code> in the directory <code>/etc/audit/rules.d</code>:
><pre>-a always,exit -F path=/usr/sbin/usermod -F perm=x -F auid&gt;=1000 -F auid!=unset -F key=privileged</pre>
>If the <code>auditd</code> daemon is configured to use the <code>auditctl</code>
>utility to read audit rules during daemon startup, add a line of the following
>form to <code>/etc/audit/audit.rules</code>:
><pre>-a always,exit -F path=/usr/sbin/usermod -F perm=x -F auid&gt;=1000 -F auid!=unset -F key=privileged</pre></div></td></tr><tr><td>Rationale</td><td><div class="rationale">Misuse of privileged functions, either intentionally or unintentionally by
>authorized users, or by unauthorized external entities that have compromised system accounts,
>is a serious and ongoing concern and can have significant adverse impacts on organizations.
>Auditing the use of privileged functions is one way to detect such misuse and identify
>the risk from insider and advanced persistent threats.
><br><br>
>Privileged programs are subject to escalation-of-privilege attacks,
>which attempt to subvert their normal role of providing some necessary but
>limited capability. As such, motivation exists to monitor these programs for
>unusual activity.</div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">audit augenrules</span>Â 
>        <span class="label label-default">oval:ssg-test_audit_rules_augenrules:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>Requires=augenrules.service</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules usermod</span>Â 
>        <span class="label label-default">oval:ssg-test_audit_rules_privileged_commands_usermod_augenrules:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/privileged.rules</td><td>-a always,exit -F path=/usr/sbin/usermod -F perm=x -F auid&gt;=1000 -F auid!=unset -F key=privileged
></td></tr></tbody></table><h4><span class="label label-primary">audit auditctl</span>Â 
>        <span class="label label-default">oval:ssg-test_audit_rules_auditctl:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_audit_rules_auditctl:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>^ExecStartPost=\-\/sbin\/auditctl.*$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl usermod</span>Â 
>        <span class="label label-default">oval:ssg-test_audit_rules_privileged_commands_usermod_auditctl:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-a always,exit -F path=/usr/sbin/usermod -F perm=x -F auid&gt;=1000 -F auid!=unset -F key=privileged</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_time_adjtimex" id="rule-detail-id34392"><div class="keywords sr-only">Record attempts to alter time through adjtimexxccdf_org.ssgproject.content_rule_audit_rules_time_adjtimex mediumCCE-85814-2 </div><div class="panel-heading"><h3 class="panel-title">Record attempts to alter time through adjtimex</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_time_adjtimex</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-audit_rules_time_adjtimex:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:07+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
>            <abbr title="https://ncp.nist.gov/cce: CCE-85814-2">CCE-85814-2</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
>            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R73)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001487</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.4.2.b</a>, <a href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">10.6.3</a>, <a href="https://www.cisecurity.org/benchmark/suse_linux/">4.1.3</a></p></td></tr><tr><td>Description</td><td><div class="description">If the <code>auditd</code> daemon is configured to use the
><code>augenrules</code> program to read audit rules during daemon startup (the
>default), add the following line to a file with suffix <code>.rules</code> in the
>directory <code>/etc/audit/rules.d</code>:
><pre>-a always,exit -F arch=b32 -S adjtimex -F key=audit_time_rules</pre>
>If the system is 64 bit then also add the following line:
><pre>-a always,exit -F arch=b64 -S adjtimex -F key=audit_time_rules</pre>
>If the <code>auditd</code> daemon is configured to use the <code>auditctl</code>
>utility to read audit rules during daemon startup, add the following line to
><code>/etc/audit/audit.rules</code> file:
><pre>-a always,exit -F arch=b32 -S adjtimex -F key=audit_time_rules</pre>
>If the system is 64 bit then also add the following line:
><pre>-a always,exit -F arch=b64 -S adjtimex -F key=audit_time_rules</pre>
>The -k option allows for the specification of a key in string form that can be
>used for better reporting capability through ausearch and aureport. Multiple
>system calls can be defined on the same line to save space if desired, but is
>not required. See an example of multiple combined syscalls:
><pre>-a always,exit -F arch=b64 -S adjtimex,settimeofday -F key=audit_time_rules</pre></div></td></tr><tr><td>Rationale</td><td><div class="rationale">Arbitrary changes to the system time can be used to obfuscate
>nefarious activities in log files, as well as to confuse network services that
>are highly dependent upon an accurate system time (such as sshd). All changes
>to the system time should be audited.</div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">audit augenrules</span>Â 
>        <span class="label label-default">oval:ssg-test_audit_rules_augenrules:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>Requires=augenrules.service</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules 32-bit adjtimex</span>Â 
>        <span class="label label-default">oval:ssg-test_32bit_art_adjtimex_augenrules:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/audit_time_rules.rules</td><td>-a always,exit -F arch=b32 -S adjtimex -S settimeofday -S stime -F key=audit_time_rules</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_x86_64:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_ppc_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="64 bit architecture">oval:ssg-object_system_info_architecture_ppcle_64:obj:1</abbr></strong> of type
>                <strong>uname_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_aarch_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_s390_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules 64-bit adjtimex</span>Â 
>        <span class="label label-default">oval:ssg-test_64bit_art_adjtimex_augenrules:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/audit_time_rules.rules</td><td>-a always,exit -F arch=b64 -S adjtimex -S settimeofday -F key=audit_time_rules</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl</span>Â 
>        <span class="label label-default">oval:ssg-test_audit_rules_auditctl:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_audit_rules_auditctl:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>^ExecStartPost=\-\/sbin\/auditctl.*$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl 32-bit adjtimex</span>Â 
>        <span class="label label-default">oval:ssg-test_32bit_art_adjtimex_auditctl:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-a always,exit -F arch=b32 -S adjtimex -S settimeofday -S stime -F key=audit_time_rules</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_x86_64:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_ppc_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="64 bit architecture">oval:ssg-object_system_info_architecture_ppcle_64:obj:1</abbr></strong> of type
>                <strong>uname_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_aarch_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_s390_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl 64-bit adjtimex</span>Â 
>        <span class="label label-default">oval:ssg-test_64bit_art_adjtimex_auditctl:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-a always,exit -F arch=b64 -S adjtimex -S settimeofday -F key=audit_time_rules</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_time_clock_settime" id="rule-detail-id34393"><div class="keywords sr-only">Record Attempts to Alter Time Through clock_settimexccdf_org.ssgproject.content_rule_audit_rules_time_clock_settime mediumCCE-85816-7 </div><div class="panel-heading"><h3 class="panel-title">Record Attempts to Alter Time Through clock_settime</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_time_clock_settime</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-audit_rules_time_clock_settime:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:07+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
>            <abbr title="https://ncp.nist.gov/cce: CCE-85816-7">CCE-85816-7</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
>            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R73)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001487</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.4.2.b</a>, <a href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">10.6.3</a></p></td></tr><tr><td>Description</td><td><div class="description">If the <code>auditd</code> daemon is configured to use the
><code>augenrules</code> program to read audit rules during daemon startup (the
>default), add the following line to a file with suffix <code>.rules</code> in the
>directory <code>/etc/audit/rules.d</code>:
><pre>-a always,exit -F arch=b32 -S clock_settime -F a0=0x0 -F key=time-change</pre>
>If the system is 64 bit then also add the following line:
><pre>-a always,exit -F arch=b64 -S clock_settime -F a0=0x0 -F key=time-change</pre>
>If the <code>auditd</code> daemon is configured to use the <code>auditctl</code>
>utility to read audit rules during daemon startup, add the following line to
><code>/etc/audit/audit.rules</code> file:
><pre>-a always,exit -F arch=b32 -S clock_settime -F a0=0x0 -F key=time-change</pre>
>If the system is 64 bit then also add the following line:
><pre>-a always,exit -F arch=b64 -S clock_settime -F a0=0x0 -F key=time-change</pre>
>The -k option allows for the specification of a key in string form that can
>be used for better reporting capability through ausearch and aureport.
>Multiple system calls can be defined on the same line to save space if
>desired, but is not required. See an example of multiple combined syscalls:
><pre>-a always,exit -F arch=b64 -S adjtimex,settimeofday -F key=audit_time_rules</pre></div></td></tr><tr><td>Rationale</td><td><div class="rationale">Arbitrary changes to the system time can be used to obfuscate
>nefarious activities in log files, as well as to confuse network services that
>are highly dependent upon an accurate system time (such as sshd). All changes
>to the system time should be audited.</div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">audit augenrules</span>Â 
>        <span class="label label-default">oval:ssg-test_audit_rules_augenrules:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>Requires=augenrules.service</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules 32-bit clock_settime</span>Â 
>        <span class="label label-default">oval:ssg-test_32bit_art_clock_settime_augenrules:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/time-change.rules</td><td>-a always,exit -F arch=b32 -S clock_settime -F a0=0x0 -F key=time-change</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_x86_64:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_ppc_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="64 bit architecture">oval:ssg-object_system_info_architecture_ppcle_64:obj:1</abbr></strong> of type
>                <strong>uname_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_aarch_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_s390_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules 64-bit clock_settime</span>Â 
>        <span class="label label-default">oval:ssg-test_64bit_art_clock_settime_augenrules:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/time-change.rules</td><td>-a always,exit -F arch=b64 -S clock_settime -F a0=0x0 -F key=time-change
></td></tr></tbody></table><h4><span class="label label-primary">audit auditctl</span>Â 
>        <span class="label label-default">oval:ssg-test_audit_rules_auditctl:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_audit_rules_auditctl:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>^ExecStartPost=\-\/sbin\/auditctl.*$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl 32-bit clock_settime</span>Â 
>        <span class="label label-default">oval:ssg-test_32bit_art_clock_settime_auditctl:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-a always,exit -F arch=b32 -S clock_settime -F a0=0x0 -F key=time-change</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_x86_64:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_ppc_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="64 bit architecture">oval:ssg-object_system_info_architecture_ppcle_64:obj:1</abbr></strong> of type
>                <strong>uname_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_aarch_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_s390_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl 64-bit clock_settime</span>Â 
>        <span class="label label-default">oval:ssg-test_64bit_art_clock_settime_auditctl:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-a always,exit -F arch=b64 -S clock_settime -F a0=0x0 -F key=time-change</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_time_settimeofday" id="rule-detail-id34394"><div class="keywords sr-only">Record attempts to alter time through settimeofdayxccdf_org.ssgproject.content_rule_audit_rules_time_settimeofday mediumCCE-85813-4 </div><div class="panel-heading"><h3 class="panel-title">Record attempts to alter time through settimeofday</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_time_settimeofday</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-audit_rules_time_settimeofday:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:07+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
>            <abbr title="https://ncp.nist.gov/cce: CCE-85813-4">CCE-85813-4</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
>            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001487</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.4.2.b</a>, <a href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">10.6.3</a>, <a href="https://www.cisecurity.org/benchmark/suse_linux/">4.1.3</a></p></td></tr><tr><td>Description</td><td><div class="description">If the <code>auditd</code> daemon is configured to use the
><code>augenrules</code> program to read audit rules during daemon startup (the
>default), add the following line to a file with suffix <code>.rules</code> in the
>directory <code>/etc/audit/rules.d</code>:
><pre>-a always,exit -F arch=b32 -S settimeofday -F key=audit_time_rules</pre>
>If the system is 64 bit then also add the following line:
><pre>-a always,exit -F arch=b64 -S settimeofday -F key=audit_time_rules</pre>
>If the <code>auditd</code> daemon is configured to use the <code>auditctl</code>
>utility to read audit rules during daemon startup, add the following line to
><code>/etc/audit/audit.rules</code> file:
><pre>-a always,exit -F arch=b32 -S settimeofday -F key=audit_time_rules</pre>
>If the system is 64 bit then also add the following line:
><pre>-a always,exit -F arch=b64 -S settimeofday -F key=audit_time_rules</pre>
>The -k option allows for the specification of a key in string form that can be
>used for better reporting capability through ausearch and aureport. Multiple
>system calls can be defined on the same line to save space if desired, but is
>not required. See an example of multiple combined syscalls:
><pre>-a always,exit -F arch=b64 -S adjtimex,settimeofday -F key=audit_time_rules</pre></div></td></tr><tr><td>Rationale</td><td><div class="rationale">Arbitrary changes to the system time can be used to obfuscate
>nefarious activities in log files, as well as to confuse network services that
>are highly dependent upon an accurate system time (such as sshd). All changes
>to the system time should be audited.</div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">audit augenrules</span>Â 
>        <span class="label label-default">oval:ssg-test_audit_rules_augenrules:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>Requires=augenrules.service</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules 32-bit settimeofday</span>Â 
>        <span class="label label-default">oval:ssg-test_32bit_art_settimeofday_augenrules:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/audit_time_rules.rules</td><td>-a always,exit -F arch=b32 -S adjtimex -S settimeofday -S stime -F key=audit_time_rules</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_x86_64:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_ppc_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="64 bit architecture">oval:ssg-object_system_info_architecture_ppcle_64:obj:1</abbr></strong> of type
>                <strong>uname_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_aarch_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_s390_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules 64-bit settimeofday</span>Â 
>        <span class="label label-default">oval:ssg-test_64bit_art_settimeofday_augenrules:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/audit_time_rules.rules</td><td>-a always,exit -F arch=b64 -S adjtimex -S settimeofday -F key=audit_time_rules</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl</span>Â 
>        <span class="label label-default">oval:ssg-test_audit_rules_auditctl:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_audit_rules_auditctl:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>^ExecStartPost=\-\/sbin\/auditctl.*$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl 32-bit settimeofday</span>Â 
>        <span class="label label-default">oval:ssg-test_32bit_art_settimeofday_auditctl:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-a always,exit -F arch=b32 -S adjtimex -S settimeofday -S stime -F key=audit_time_rules</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_x86_64:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_ppc_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="64 bit architecture">oval:ssg-object_system_info_architecture_ppcle_64:obj:1</abbr></strong> of type
>                <strong>uname_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_aarch_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_s390_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl 64-bit settimeofday</span>Â 
>        <span class="label label-default">oval:ssg-test_64bit_art_settimeofday_auditctl:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-a always,exit -F arch=b64 -S adjtimex -S settimeofday -F key=audit_time_rules</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_time_stime" id="rule-detail-id34395"><div class="keywords sr-only">Record Attempts to Alter Time Through stimexccdf_org.ssgproject.content_rule_audit_rules_time_stime mediumCCE-85815-9 </div><div class="panel-heading"><h3 class="panel-title">Record Attempts to Alter Time Through stime</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_time_stime</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-audit_rules_time_stime:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:07+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
>            <abbr title="https://ncp.nist.gov/cce: CCE-85815-9">CCE-85815-9</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
>            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R73)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001487</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.4.2.b</a>, <a href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">10.6.3</a>, <a href="https://www.cisecurity.org/benchmark/suse_linux/">4.1.3</a></p></td></tr><tr><td>Description</td><td><div class="description">If the <code>auditd</code> daemon is configured to use the
><code>augenrules</code> program to read audit rules during daemon startup (the
>default), add the following line to a file with suffix <code>.rules</code> in the
>directory <code>/etc/audit/rules.d</code> for both 32 bit and 64 bit systems:
><pre>-a always,exit -F arch=b32 -S stime -F key=audit_time_rules</pre>
>Since the 64 bit version of the "stime" system call is not defined in the audit
>lookup table, the corresponding "-F arch=b64" form of this rule is not expected
>to be defined on 64 bit systems (the aforementioned "-F arch=b32" stime rule
>form itself is sufficient for both 32 bit and 64 bit systems). If the
><code>auditd</code> daemon is configured to use the <code>auditctl</code> utility to
>read audit rules during daemon startup, add the following line to
><code>/etc/audit/audit.rules</code> file for both 32 bit and 64 bit systems:
><pre>-a always,exit -F arch=b32 -S stime -F key=audit_time_rules</pre>
>Since the 64 bit version of the "stime" system call is not defined in the audit
>lookup table, the corresponding "-F arch=b64" form of this rule is not expected
>to be defined on 64 bit systems (the aforementioned "-F arch=b32" stime rule
>form itself is sufficient for both 32 bit and 64 bit systems). The -k option
>allows for the specification of a key in string form that can be used for
>better reporting capability through ausearch and aureport. Multiple system
>calls can be defined on the same line to save space if desired, but is not
>required. See an example of multiple combined system calls:
><pre>-a always,exit -F arch=b64 -S adjtimex,settimeofday -F key=audit_time_rules</pre></div></td></tr><tr><td>Rationale</td><td><div class="rationale">Arbitrary changes to the system time can be used to obfuscate
>nefarious activities in log files, as well as to confuse network services that
>are highly dependent upon an accurate system time (such as sshd). All changes
>to the system time should be audited.</div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">32 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_x86:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_x86_64:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_ppc_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="64 bit architecture">oval:ssg-object_system_info_architecture_ppcle_64:obj:1</abbr></strong> of type
>                <strong>uname_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_aarch_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_s390_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules</span>Â 
>        <span class="label label-default">oval:ssg-test_audit_rules_augenrules:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>Requires=augenrules.service</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules 32-bit stime</span>Â 
>        <span class="label label-default">oval:ssg-test_32bit_art_stime_augenrules:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/audit_time_rules.rules</td><td>-a always,exit -F arch=b32 -S adjtimex -S settimeofday -S stime -F key=audit_time_rules</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl</span>Â 
>        <span class="label label-default">oval:ssg-test_audit_rules_auditctl:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_audit_rules_auditctl:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>^ExecStartPost=\-\/sbin\/auditctl.*$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl 32-bit stime</span>Â 
>        <span class="label label-default">oval:ssg-test_32bit_art_stime_auditctl:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-a always,exit -F arch=b32 -S adjtimex -S settimeofday -S stime -F key=audit_time_rules</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_time_watch_localtime" id="rule-detail-id34396"><div class="keywords sr-only">Record Attempts to Alter the localtime Filexccdf_org.ssgproject.content_rule_audit_rules_time_watch_localtime mediumCCE-85812-6 </div><div class="panel-heading"><h3 class="panel-title">Record Attempts to Alter the localtime File</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_time_watch_localtime</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-audit_rules_time_watch_localtime:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:07+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
>            <abbr title="https://ncp.nist.gov/cce: CCE-85812-6">CCE-85812-6</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
>            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R73)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001487</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.4.2.b</a>, <a href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">10.6.3</a>, <a href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">10.6.3</a>, <a href="https://www.cisecurity.org/benchmark/suse_linux/">4.1.3</a></p></td></tr><tr><td>Description</td><td><div class="description">If the <code>auditd</code> daemon is configured to use the
><code>augenrules</code> program to read audit rules during daemon startup (the default),
>add the following line to a file with suffix <code>.rules</code> in the directory
><code>/etc/audit/rules.d</code>:
><pre>-w /etc/localtime -p wa -k audit_time_rules</pre>
>If the <code>auditd</code> daemon is configured to use the <code>auditctl</code>
>utility to read audit rules during daemon startup, add the following line to
><code>/etc/audit/audit.rules</code> file:
><pre>-w /etc/localtime -p wa -k audit_time_rules</pre>
>The -k option allows for the specification of a key in string form that can
>be used for better reporting capability through ausearch and aureport and
>should always be used.</div></td></tr><tr><td>Rationale</td><td><div class="rationale">Arbitrary changes to the system time can be used to obfuscate
>nefarious activities in log files, as well as to confuse network services that
>are highly dependent upon an accurate system time (such as sshd). All changes
>to the system time should be audited.</div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">audit augenrules</span>Â 
>        <span class="label label-default">oval:ssg-test_audit_rules_augenrules:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>Requires=augenrules.service</td></tr></tbody></table><h4><span class="label label-primary">audit /etc/localtime watch augenrules</span>Â 
>        <span class="label label-default">oval:ssg-test_artw_etc_localtime_augenrules:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/audit_time_rules.rules</td><td>-w /etc/localtime -p wa -k audit_time_rules</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl</span>Â 
>        <span class="label label-default">oval:ssg-test_audit_rules_auditctl:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_audit_rules_auditctl:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>^ExecStartPost=\-\/sbin\/auditctl.*$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">audit /etc/localtime watch auditctl</span>Â 
>        <span class="label label-default">oval:ssg-test_artw_etc_localtime_auditctl:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-w /etc/localtime -p wa -k audit_time_rules</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_enable_syscall_auditing" id="rule-detail-id34397"><div class="keywords sr-only">Remove Default Configuration to Disable Syscall Auditingxccdf_org.ssgproject.content_rule_audit_rules_enable_syscall_auditing mediumCCE-85706-0 </div><div class="panel-heading"><h3 class="panel-title">Remove Default Configuration to Disable Syscall Auditing</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_enable_syscall_auditing</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-audit_rules_enable_syscall_auditing:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:06+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
>            <abbr title="https://ncp.nist.gov/cce: CCE-85706-0">CCE-85706-0</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
>            <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(b)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6.1(iv)</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">SLES-15-030820</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-234981r622137_rule</a></p></td></tr><tr><td>Description</td><td><div class="description">By default, SUSE Linux Enterprise 15 ships an audit rule to disable syscall
>auditing for performance reasons.
>
>To make sure that syscall auditing works, this line must be removed from
><code>/etc/audit/rules.d/audit.rules</code> and <code>/etc/audit/audit.rules</code>:
>
><pre>-a task,never</pre></div></td></tr><tr><td>Rationale</td><td><div class="rationale">Audit rules for syscalls do not take effect unless this line is removed.</div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">audit augenrules</span>Â 
>        <span class="label label-default">oval:ssg-test_audit_rules_augenrules:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>Requires=augenrules.service</td></tr></tbody></table><h4><span class="label label-primary">check that no audit rule exists in /etc/audit/rules.d/*.rules that disables all syscall auditing</span>Â 
>        <span class="label label-default">oval:ssg-test_enable_syscall_audit_augenrules:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_enable_syscall_audit_augenrules:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>^/etc/audit/rules\.d/.*\.rules$</td><td>^[\s]*-a[\s]+task,never[\s]*$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl</span>Â 
>        <span class="label label-default">oval:ssg-test_audit_rules_auditctl:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_audit_rules_auditctl:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>^ExecStartPost=\-\/sbin\/auditctl.*$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">check that no audit rule exists in /etc/audit/audit.rules that disables all syscall auditing</span>Â 
>        <span class="label label-default">oval:ssg-test_enable_syscall_audit_auditctl:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_enable_syscall_audit_auditctl:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>^[\s]*-a[\s]+task,never[\s]*$</td><td>1</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_immutable" id="rule-detail-id34398"><div class="keywords sr-only">Make the auditd Configuration Immutablexccdf_org.ssgproject.content_rule_audit_rules_immutable mediumCCE-85831-6 </div><div class="panel-heading"><h3 class="panel-title">Make the auditd Configuration Immutable</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_immutable</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-audit_rules_immutable:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:06+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
>            <abbr title="https://ncp.nist.gov/cce: CCE-85831-6">CCE-85831-6</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
>            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R73)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">18</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="https://www.isaca.org/resources/cobit">APO01.06</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.3.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.4.3</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000162</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000163</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000164</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iv)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.iso.org/standard/54534.html">A.10.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.5</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.DS-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.5.2</a>, <a href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">10.3.2</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000057-GPOS-00027</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000058-GPOS-00028</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000059-GPOS-00029</a>, <a href="https://www.cisecurity.org/benchmark/suse_linux/">4.1.17</a></p></td></tr><tr><td>Description</td><td><div class="description">If the <code>auditd</code> daemon is configured to use the
><code>augenrules</code> program to read audit rules during daemon startup (the
>default), add the following line to a file with suffix <code>.rules</code> in the
>directory <code>/etc/audit/rules.d</code> in order to make the auditd configuration
>immutable:
><pre>-e 2</pre>
>If the <code>auditd</code> daemon is configured to use the <code>auditctl</code>
>utility to read audit rules during daemon startup, add the following line to
><code>/etc/audit/audit.rules</code> file in order to make the auditd configuration
>immutable:
><pre>-e 2</pre>
>With this setting, a reboot will be required to change any audit rules.</div></td></tr><tr><td>Rationale</td><td><div class="rationale">Making the audit configuration immutable prevents accidental as
>well as malicious modification of the audit rules, although it may be
>problematic if legitimate changes are needed during system
>operation.</div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">audit augenrules</span>Â 
>        <span class="label label-default">oval:ssg-test_audit_rules_augenrules:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>Requires=augenrules.service</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules configuration locked</span>Â 
>        <span class="label label-default">oval:ssg-test_ari_locked_augenrules:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/immutable.rules</td><td>-e 2
></td></tr></tbody></table><h4><span class="label label-primary">audit auditctl</span>Â 
>        <span class="label label-default">oval:ssg-test_audit_rules_auditctl:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_audit_rules_auditctl:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>^ExecStartPost=\-\/sbin\/auditctl.*$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl configuration locked</span>Â 
>        <span class="label label-default">oval:ssg-test_ari_locked_auditctl:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-e 2
></td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_mac_modification" id="rule-detail-id34399"><div class="keywords sr-only">Record Events that Modify the System's Mandatory Access Controlsxccdf_org.ssgproject.content_rule_audit_rules_mac_modification mediumCCE-85830-8 </div><div class="panel-heading"><h3 class="panel-title">Record Events that Modify the System's Mandatory Access Controls</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_mac_modification</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-audit_rules_mac_modification:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:06+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
>            <abbr title="https://ncp.nist.gov/cce: CCE-85830-8">CCE-85830-8</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
>            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R73)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.8</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.5.5</a>, <a href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">10.3.4</a>, <a href="https://www.cisecurity.org/benchmark/suse_linux/">4.1.6</a></p></td></tr><tr><td>Description</td><td><div class="description">If the <code>auditd</code> daemon is configured to use the
><code>augenrules</code> program to read audit rules during daemon startup (the
>default), add the following line to a file with suffix <code>.rules</code> in the
>directory <code>/etc/audit/rules.d</code>:
><pre>-w /etc/selinux/ -p wa -k MAC-policy</pre>
>If the <code>auditd</code> daemon is configured to use the <code>auditctl</code>
>utility to read audit rules during daemon startup, add the following line to
><code>/etc/audit/audit.rules</code> file:
><pre>-w /etc/selinux/ -p wa -k MAC-policy</pre></div></td></tr><tr><td>Rationale</td><td><div class="rationale">The system's mandatory access policy (SELinux) should not be
>arbitrarily changed by anything other than administrator action. All changes to
>MAC policy should be audited.</div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">audit augenrules</span>Â 
>        <span class="label label-default">oval:ssg-test_audit_rules_augenrules:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>Requires=augenrules.service</td></tr></tbody></table><h4><span class="label label-primary">audit selinux changes augenrules</span>Â 
>        <span class="label label-default">oval:ssg-test_armm_selinux_watch_augenrules:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/MAC-policy.rules</td><td>-w /etc/selinux/ -p wa -k MAC-policy</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl</span>Â 
>        <span class="label label-default">oval:ssg-test_audit_rules_auditctl:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_audit_rules_auditctl:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>^ExecStartPost=\-\/sbin\/auditctl.*$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">audit selinux changes auditctl</span>Â 
>        <span class="label label-default">oval:ssg-test_armm_selinux_watch_auditctl:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-w /etc/selinux/ -p wa -k MAC-policy</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_media_export" id="rule-detail-id34400"><div class="keywords sr-only">Ensure auditd Collects Information on Exporting to Media (successful)xccdf_org.ssgproject.content_rule_audit_rules_media_export mediumCCE-85718-5 </div><div class="panel-heading"><h3 class="panel-title">Ensure auditd Collects Information on Exporting to Media (successful)</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_media_export</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-audit_rules_media_export:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:06+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
>            <abbr title="https://ncp.nist.gov/cce: CCE-85718-5">CCE-85718-5</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
>            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R73)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000130</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000135</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000172</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002884</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.2.7</a>, <a href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">10.2.1.7</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000037-GPOS-00015</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000042-GPOS-00020</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000062-GPOS-00031</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000392-GPOS-00172</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000462-GPOS-00206</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000471-GPOS-00215</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">SLES-15-030350</a>, <a href="https://www.cisecurity.org/benchmark/suse_linux/">4.1.12</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-234934r622137_rule</a></p></td></tr><tr><td>Description</td><td><div class="description">At a minimum, the audit system should collect media exportation
>events for all users and root. If the <code>auditd</code> daemon is configured to
>use the <code>augenrules</code> program to read audit rules during daemon startup
>(the default), add the following line to a file with suffix <code>.rules</code> in
>the directory <code>/etc/audit/rules.d</code>, setting ARCH to either b32 or b64 as
>appropriate for your system:
><pre>-a always,exit -F arch=ARCH -S mount -F auid&gt;=1000 -F auid!=unset -F key=export</pre>
>If the <code>auditd</code> daemon is configured to use the <code>auditctl</code>
>utility to read audit rules during daemon startup, add the following line to
><code>/etc/audit/audit.rules</code> file, setting ARCH to either b32 or b64 as
>appropriate for your system:
><pre>-a always,exit -F arch=ARCH -S mount -F auid&gt;=1000 -F auid!=unset -F key=export</pre></div></td></tr><tr><td>Rationale</td><td><div class="rationale">The unauthorized exportation of data to external media could result in an information leak
>where classified information, Privacy Act information, and intellectual property could be lost. An audit
>trail should be created each time a filesystem is mounted to help identify and guard against information
>loss.</div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">audit augenrules</span>Â 
>        <span class="label label-default">oval:ssg-test_audit_rules_augenrules:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>Requires=augenrules.service</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules 32-bit mount</span>Â 
>        <span class="label label-default">oval:ssg-test_32bit_ardm_mount_augenrules:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/perm_mod.rules</td><td>-a always,exit -F arch=b32 -S mount -F auid&gt;=1000 -F auid!=unset -F key=perm_mod</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_x86_64:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_ppc_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="64 bit architecture">oval:ssg-object_system_info_architecture_ppcle_64:obj:1</abbr></strong> of type
>                <strong>uname_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_aarch_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_s390_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules 64-bit mount</span>Â 
>        <span class="label label-default">oval:ssg-test_64bit_ardm_mount_augenrules:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/perm_mod.rules</td><td>-a always,exit -F arch=b64 -S mount -F auid&gt;=1000 -F auid!=unset -F key=perm_mod</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl</span>Â 
>        <span class="label label-default">oval:ssg-test_audit_rules_auditctl:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_audit_rules_auditctl:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>^ExecStartPost=\-\/sbin\/auditctl.*$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl 32-bit mount</span>Â 
>        <span class="label label-default">oval:ssg-test_32bit_ardm_mount_auditctl:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-a always,exit -F arch=b32 -S mount -F auid&gt;=1000 -F auid!=unset -F key=perm_mod</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_x86_64:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_ppc_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="64 bit architecture">oval:ssg-object_system_info_architecture_ppcle_64:obj:1</abbr></strong> of type
>                <strong>uname_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_aarch_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_s390_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl 64-bit mount</span>Â 
>        <span class="label label-default">oval:ssg-test_64bit_ardm_mount_auditctl:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-a always,exit -F arch=b64 -S mount -F auid&gt;=1000 -F auid!=unset -F key=perm_mod</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_networkconfig_modification" id="rule-detail-id34401"><div class="keywords sr-only">Record Events that Modify the System's Network Environmentxccdf_org.ssgproject.content_rule_audit_rules_networkconfig_modification mediumCCE-85828-2 </div><div class="panel-heading"><h3 class="panel-title">Record Events that Modify the System's Network Environment</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_networkconfig_modification</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-audit_rules_networkconfig_modification:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:06+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
>            <abbr title="https://ncp.nist.gov/cce: CCE-85828-2">CCE-85828-2</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
>            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R73)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.5.5</a>, <a href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">10.3.4</a>, <a href="https://www.cisecurity.org/benchmark/suse_linux/">4.1.5</a></p></td></tr><tr><td>Description</td><td><div class="description">If the <code>auditd</code> daemon is configured to use the
><code>augenrules</code> program to read audit rules during daemon startup (the
>default), add the following lines to a file with suffix <code>.rules</code> in the
>directory <code>/etc/audit/rules.d</code>, setting ARCH to either b32 or b64 as
>appropriate for your system:
><pre>-a always,exit -F arch=ARCH -S sethostname,setdomainname -F key=audit_rules_networkconfig_modification
>-w /etc/issue -p wa -k audit_rules_networkconfig_modification
>-w /etc/issue.net -p wa -k audit_rules_networkconfig_modification
>-w /etc/hosts -p wa -k audit_rules_networkconfig_modification
>-w /etc/sysconfig/network -p wa -k audit_rules_networkconfig_modification</pre>
>If the <code>auditd</code> daemon is configured to use the <code>auditctl</code>
>utility to read audit rules during daemon startup, add the following lines to
><code>/etc/audit/audit.rules</code> file, setting ARCH to either b32 or b64 as
>appropriate for your system:
><pre>-a always,exit -F arch=ARCH -S sethostname,setdomainname -F key=audit_rules_networkconfig_modification
>-w /etc/issue -p wa -k audit_rules_networkconfig_modification
>-w /etc/issue.net -p wa -k audit_rules_networkconfig_modification
>-w /etc/hosts -p wa -k audit_rules_networkconfig_modification
>-w /etc/sysconfig/network -p wa -k audit_rules_networkconfig_modification</pre></div></td></tr><tr><td>Rationale</td><td><div class="rationale">The network environment should not be modified by anything other
>than administrator action. Any change to network parameters should be
>audited.</div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">audit augenrules</span>Â 
>        <span class="label label-default">oval:ssg-test_audit_rules_augenrules:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>Requires=augenrules.service</td></tr></tbody></table><h4><span class="label label-primary">audit /etc/issue augenrules</span>Â 
>        <span class="label label-default">oval:ssg-test_arnm_etc_issue_augenrules:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/audit_rules_networkconfig_modification.rules</td><td>-w /etc/issue -p wa -k audit_rules_networkconfig_modification</td></tr></tbody></table><h4><span class="label label-primary">audit /etc/issue.net augenrules</span>Â 
>        <span class="label label-default">oval:ssg-test_arnm_etc_issue_net_augenrules:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/audit_rules_networkconfig_modification.rules</td><td>-w /etc/issue.net -p wa -k audit_rules_networkconfig_modification</td></tr></tbody></table><h4><span class="label label-primary">audit /etc/hosts augenrules</span>Â 
>        <span class="label label-default">oval:ssg-test_arnm_etc_hosts_augenrules:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/audit_rules_networkconfig_modification.rules</td><td>-w /etc/hosts -p wa -k audit_rules_networkconfig_modification</td></tr></tbody></table><h4><span class="label label-primary">audit /etc/sysconfig/network augenrules</span>Â 
>        <span class="label label-default">oval:ssg-test_arnm_etc_sysconfig_network_augenrules:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/audit_rules_networkconfig_modification.rules</td><td>-w /etc/sysconfig/network -p wa -k audit_rules_networkconfig_modification</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules</span>Â 
>        <span class="label label-default">oval:ssg-test_audit_rules_augenrules:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>Requires=augenrules.service</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules 32-bit sethostname</span>Â 
>        <span class="label label-default">oval:ssg-test_32bit_ardm_sethostname_augenrules:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/audit_rules_networkconfig_modification.rules</td><td>-a always,exit -F arch=b32 -S sethostname -S setdomainname -F key=audit_rules_networkconfig_modification</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_x86_64:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_ppc_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="64 bit architecture">oval:ssg-object_system_info_architecture_ppcle_64:obj:1</abbr></strong> of type
>                <strong>uname_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_aarch_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_s390_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules 64-bit sethostname</span>Â 
>        <span class="label label-default">oval:ssg-test_64bit_ardm_sethostname_augenrules:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/audit_rules_networkconfig_modification.rules</td><td>-a always,exit -F arch=b64 -S sethostname -S setdomainname -F key=audit_rules_networkconfig_modification</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl</span>Â 
>        <span class="label label-default">oval:ssg-test_audit_rules_auditctl:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_audit_rules_auditctl:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>^ExecStartPost=\-\/sbin\/auditctl.*$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl 32-bit sethostname</span>Â 
>        <span class="label label-default">oval:ssg-test_32bit_ardm_sethostname_auditctl:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-a always,exit -F arch=b32 -S sethostname -S setdomainname -F key=audit_rules_networkconfig_modification</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_x86_64:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_ppc_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="64 bit architecture">oval:ssg-object_system_info_architecture_ppcle_64:obj:1</abbr></strong> of type
>                <strong>uname_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_aarch_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_s390_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl 64-bit sethostname</span>Â 
>        <span class="label label-default">oval:ssg-test_64bit_ardm_sethostname_auditctl:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-a always,exit -F arch=b64 -S sethostname -S setdomainname -F key=audit_rules_networkconfig_modification</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules</span>Â 
>        <span class="label label-default">oval:ssg-test_audit_rules_augenrules:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>Requires=augenrules.service</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules 32-bit setdomainname</span>Â 
>        <span class="label label-default">oval:ssg-test_32bit_ardm_setdomainname_augenrules:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/audit_rules_networkconfig_modification.rules</td><td>-a always,exit -F arch=b32 -S sethostname -S setdomainname -F key=audit_rules_networkconfig_modification</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_x86_64:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_ppc_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="64 bit architecture">oval:ssg-object_system_info_architecture_ppcle_64:obj:1</abbr></strong> of type
>                <strong>uname_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_aarch_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_s390_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules 64-bit setdomainname</span>Â 
>        <span class="label label-default">oval:ssg-test_64bit_ardm_setdomainname_augenrules:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/audit_rules_networkconfig_modification.rules</td><td>-a always,exit -F arch=b64 -S sethostname -S setdomainname -F key=audit_rules_networkconfig_modification</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl</span>Â 
>        <span class="label label-default">oval:ssg-test_audit_rules_auditctl:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_audit_rules_auditctl:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>^ExecStartPost=\-\/sbin\/auditctl.*$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl 32-bit setdomainname</span>Â 
>        <span class="label label-default">oval:ssg-test_32bit_ardm_setdomainname_auditctl:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-a always,exit -F arch=b32 -S sethostname -S setdomainname -F key=audit_rules_networkconfig_modification</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_x86_64:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_ppc_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="64 bit architecture">oval:ssg-object_system_info_architecture_ppcle_64:obj:1</abbr></strong> of type
>                <strong>uname_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_aarch_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_s390_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl 64-bit setdomainname</span>Â 
>        <span class="label label-default">oval:ssg-test_64bit_ardm_setdomainname_auditctl:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-a always,exit -F arch=b64 -S sethostname -S setdomainname -F key=audit_rules_networkconfig_modification</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl</span>Â 
>        <span class="label label-default">oval:ssg-test_audit_rules_auditctl:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_audit_rules_auditctl:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>^ExecStartPost=\-\/sbin\/auditctl.*$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">audit /etc/issue auditctl</span>Â 
>        <span class="label label-default">oval:ssg-test_arnm_etc_issue_auditctl:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-w /etc/issue -p wa -k audit_rules_networkconfig_modification</td></tr></tbody></table><h4><span class="label label-primary">audit /etc/issue.net auditctl</span>Â 
>        <span class="label label-default">oval:ssg-test_arnm_etc_issue_net_auditctl:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-w /etc/issue.net -p wa -k audit_rules_networkconfig_modification</td></tr></tbody></table><h4><span class="label label-primary">audit /etc/hosts auditctl</span>Â 
>        <span class="label label-default">oval:ssg-test_arnm_etc_hosts_auditctl:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-w /etc/hosts -p wa -k audit_rules_networkconfig_modification</td></tr></tbody></table><h4><span class="label label-primary">audit /etc/sysconfig/network auditctl</span>Â 
>        <span class="label label-default">oval:ssg-test_arnm_etc_sysconfig_network_auditctl:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-w /etc/sysconfig/network -p wa -k audit_rules_networkconfig_modification</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules</span>Â 
>        <span class="label label-default">oval:ssg-test_audit_rules_augenrules:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>Requires=augenrules.service</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules 32-bit sethostname</span>Â 
>        <span class="label label-default">oval:ssg-test_32bit_ardm_sethostname_augenrules:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/audit_rules_networkconfig_modification.rules</td><td>-a always,exit -F arch=b32 -S sethostname -S setdomainname -F key=audit_rules_networkconfig_modification</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_x86_64:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_ppc_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="64 bit architecture">oval:ssg-object_system_info_architecture_ppcle_64:obj:1</abbr></strong> of type
>                <strong>uname_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_aarch_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_s390_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules 64-bit sethostname</span>Â 
>        <span class="label label-default">oval:ssg-test_64bit_ardm_sethostname_augenrules:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/audit_rules_networkconfig_modification.rules</td><td>-a always,exit -F arch=b64 -S sethostname -S setdomainname -F key=audit_rules_networkconfig_modification</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl</span>Â 
>        <span class="label label-default">oval:ssg-test_audit_rules_auditctl:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_audit_rules_auditctl:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>^ExecStartPost=\-\/sbin\/auditctl.*$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl 32-bit sethostname</span>Â 
>        <span class="label label-default">oval:ssg-test_32bit_ardm_sethostname_auditctl:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-a always,exit -F arch=b32 -S sethostname -S setdomainname -F key=audit_rules_networkconfig_modification</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_x86_64:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_ppc_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="64 bit architecture">oval:ssg-object_system_info_architecture_ppcle_64:obj:1</abbr></strong> of type
>                <strong>uname_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_aarch_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_s390_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl 64-bit sethostname</span>Â 
>        <span class="label label-default">oval:ssg-test_64bit_ardm_sethostname_auditctl:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-a always,exit -F arch=b64 -S sethostname -S setdomainname -F key=audit_rules_networkconfig_modification</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules</span>Â 
>        <span class="label label-default">oval:ssg-test_audit_rules_augenrules:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>Requires=augenrules.service</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules 32-bit setdomainname</span>Â 
>        <span class="label label-default">oval:ssg-test_32bit_ardm_setdomainname_augenrules:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/audit_rules_networkconfig_modification.rules</td><td>-a always,exit -F arch=b32 -S sethostname -S setdomainname -F key=audit_rules_networkconfig_modification</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_x86_64:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_ppc_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="64 bit architecture">oval:ssg-object_system_info_architecture_ppcle_64:obj:1</abbr></strong> of type
>                <strong>uname_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_aarch_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_s390_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules 64-bit setdomainname</span>Â 
>        <span class="label label-default">oval:ssg-test_64bit_ardm_setdomainname_augenrules:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/audit_rules_networkconfig_modification.rules</td><td>-a always,exit -F arch=b64 -S sethostname -S setdomainname -F key=audit_rules_networkconfig_modification</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl</span>Â 
>        <span class="label label-default">oval:ssg-test_audit_rules_auditctl:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_audit_rules_auditctl:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>^ExecStartPost=\-\/sbin\/auditctl.*$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl 32-bit setdomainname</span>Â 
>        <span class="label label-default">oval:ssg-test_32bit_ardm_setdomainname_auditctl:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-a always,exit -F arch=b32 -S sethostname -S setdomainname -F key=audit_rules_networkconfig_modification</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_x86_64:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_ppc_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="64 bit architecture">oval:ssg-object_system_info_architecture_ppcle_64:obj:1</abbr></strong> of type
>                <strong>uname_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_aarch_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
>        <span class="label label-default">oval:ssg-test_system_info_architecture_s390_64:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl 64-bit setdomainname</span>Â 
>        <span class="label label-default">oval:ssg-test_64bit_ardm_setdomainname_auditctl:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-a always,exit -F arch=b64 -S sethostname -S setdomainname -F key=audit_rules_networkconfig_modification</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_session_events" id="rule-detail-id34402"><div class="keywords sr-only">Record Attempts to Alter Process and Session Initiation Informationxccdf_org.ssgproject.content_rule_audit_rules_session_events mediumCCE-85829-0 </div><div class="panel-heading"><h3 class="panel-title">Record Attempts to Alter Process and Session Initiation Information</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_session_events</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-audit_rules_session_events:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:06+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
>            <abbr title="https://ncp.nist.gov/cce: CCE-85829-0">CCE-85829-0</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
>            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R73)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.cyber.gov.au/acsc/view-all-content/ism">0582</a>, <a href="https://www.cyber.gov.au/acsc/view-all-content/ism">0584</a>, <a href="https://www.cyber.gov.au/acsc/view-all-content/ism">05885</a>, <a href="https://www.cyber.gov.au/acsc/view-all-content/ism">0586</a>, <a href="https://www.cyber.gov.au/acsc/view-all-content/ism">0846</a>, <a href="https://www.cyber.gov.au/acsc/view-all-content/ism">0957</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.2.3</a>, <a href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">10.2.1.3</a>, <a href="https://www.cisecurity.org/benchmark/suse_linux/">4.1.8</a></p></td></tr><tr><td>Description</td><td><div class="description">The audit system already collects process information for all
>users and root. If the <code>auditd</code> daemon is configured to use the
><code>augenrules</code> program to read audit rules during daemon startup (the
>default), add the following lines to a file with suffix <code>.rules</code> in the
>directory <code>/etc/audit/rules.d</code> in order to watch for attempted manual
>edits of files involved in storing such process information:
><pre>-w /var/run/utmp -p wa -k session
>-w /var/log/btmp -p wa -k session
>-w /var/log/wtmp -p wa -k session</pre>
>If the <code>auditd</code> daemon is configured to use the <code>auditctl</code>
>utility to read audit rules during daemon startup, add the following lines to
><code>/etc/audit/audit.rules</code> file in order to watch for attempted manual
>edits of files involved in storing such process information:
><pre>-w /var/run/utmp -p wa -k session
>-w /var/log/btmp -p wa -k session
>-w /var/log/wtmp -p wa -k session</pre></div></td></tr><tr><td>Rationale</td><td><div class="rationale">Manual editing of these files may indicate nefarious activity, such
>as an attacker attempting to remove evidence of an intrusion.</div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">audit augenrules</span>Â 
>        <span class="label label-default">oval:ssg-test_audit_rules_augenrules:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>Requires=augenrules.service</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules utmp</span>Â 
>        <span class="label label-default">oval:ssg-test_arse_utmp_augenrules:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/session.rules</td><td>-w /var/run/utmp -p wa -k session</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules btmp</span>Â 
>        <span class="label label-default">oval:ssg-test_arse_btmp_augenrules:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/session.rules</td><td>-w /var/log/btmp -p wa -k session</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules wtmp</span>Â 
>        <span class="label label-default">oval:ssg-test_arse_wtmp_augenrules:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/session.rules</td><td>-w /var/log/wtmp -p wa -k session</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl</span>Â 
>        <span class="label label-default">oval:ssg-test_audit_rules_auditctl:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_audit_rules_auditctl:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>^ExecStartPost=\-\/sbin\/auditctl.*$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl utmp</span>Â 
>        <span class="label label-default">oval:ssg-test_arse_utmp_auditctl:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-w /var/run/utmp -p wa -k session</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl btmp</span>Â 
>        <span class="label label-default">oval:ssg-test_arse_btmp_auditctl:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-w /var/log/btmp -p wa -k session</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl wtmp</span>Â 
>        <span class="label label-default">oval:ssg-test_arse_wtmp_auditctl:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-w /var/log/wtmp -p wa -k session</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_session_events_btmp" id="rule-detail-id34403"><div class="keywords sr-only">Record Attempts to Alter Process and Session Initiation Information btmpxccdf_org.ssgproject.content_rule_audit_rules_session_events_btmp mediumCCE-85758-1 </div><div class="panel-heading"><h3 class="panel-title">Record Attempts to Alter Process and Session Initiation Information btmp</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_session_events_btmp</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-audit_rules_session_events_btmp:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:06+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
>            <abbr title="https://ncp.nist.gov/cce: CCE-85758-1">CCE-85758-1</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
>            <a href="https://public.cyber.mil/stigs/cci/">CCI-000172</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12.1(iv)</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000472-GPOS-00217</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">SLES-15-030780</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-234977r622137_rule</a></p></td></tr><tr><td>Description</td><td><div class="description">The audit system already collects process information for all
>users and root. If the <code>auditd</code> daemon is configured to use the
><code>augenrules</code> program to read audit rules during daemon startup (the
>default), add the following lines to a file with suffix <code>.rules</code> in the
>directory <code>/etc/audit/rules.d</code> in order to watch for attempted manual
>edits of files involved in storing such process information:
><pre>-w /var/log/btmp -p wa -k session</pre>
>If the <code>auditd</code> daemon is configured to use the <code>auditctl</code>
>utility to read audit rules during daemon startup, add the following lines to
><code>/etc/audit/audit.rules</code> file in order to watch for attempted manual
>edits of files involved in storing such process information:
><pre>-w /var/log/btmp -p wa -k session</pre></div></td></tr><tr><td>Rationale</td><td><div class="rationale">Manual editing of these files may indicate nefarious activity, such
>as an attacker attempting to remove evidence of an intrusion.</div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">audit augenrules</span>Â 
>        <span class="label label-default">oval:ssg-test_audit_rules_augenrules:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>Requires=augenrules.service</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules btmp</span>Â 
>        <span class="label label-default">oval:ssg-test_arle_btmp_augenrules:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/session.rules</td><td>-w /var/log/btmp -p wa -k session</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl</span>Â 
>        <span class="label label-default">oval:ssg-test_audit_rules_auditctl:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_audit_rules_auditctl:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>^ExecStartPost=\-\/sbin\/auditctl.*$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl btmp</span>Â 
>        <span class="label label-default">oval:ssg-test_arle_btmp_auditctl:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-w /var/log/btmp -p wa -k session</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_session_events_utmp" id="rule-detail-id34404"><div class="keywords sr-only">Record Attempts to Alter Process and Session Initiation Information utmpxccdf_org.ssgproject.content_rule_audit_rules_session_events_utmp mediumCCE-85714-4 </div><div class="panel-heading"><h3 class="panel-title">Record Attempts to Alter Process and Session Initiation Information utmp</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_session_events_utmp</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-audit_rules_session_events_utmp:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:06+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
>            <abbr title="https://ncp.nist.gov/cce: CCE-85714-4">CCE-85714-4</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
>            <a href="https://public.cyber.mil/stigs/cci/">CCI-000172</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12.1(iv)</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000472-GPOS-00217</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">SLES-15-030760</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-234975r622137_rule</a></p></td></tr><tr><td>Description</td><td><div class="description">The audit system already collects process information for all
>users and root. If the <code>auditd</code> daemon is configured to use the
><code>augenrules</code> program to read audit rules during daemon startup (the
>default), add the following lines to a file with suffix <code>.rules</code> in the
>directory <code>/etc/audit/rules.d</code> in order to watch for attempted manual
>edits of files involved in storing such process information:
><pre>-w /run/utmp -p wa -k session</pre>
>If the <code>auditd</code> daemon is configured to use the <code>auditctl</code>
>utility to read audit rules during daemon startup, add the following lines to
><code>/etc/audit/audit.rules</code> file in order to watch for attempted manual
>edits of files involved in storing such process information:
><pre>-w /run/utmp -p wa -k session</pre></div></td></tr><tr><td>Rationale</td><td><div class="rationale">Manual editing of these files may indicate nefarious activity, such
>as an attacker attempting to remove evidence of an intrusion.</div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">audit augenrules</span>Â 
>        <span class="label label-default">oval:ssg-test_audit_rules_augenrules:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>Requires=augenrules.service</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules utmp</span>Â 
>        <span class="label label-default">oval:ssg-test_arle_utmp_augenrules:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/session.rules</td><td>-w /run/utmp -p wa -k session</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl</span>Â 
>        <span class="label label-default">oval:ssg-test_audit_rules_auditctl:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_audit_rules_auditctl:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>^ExecStartPost=\-\/sbin\/auditctl.*$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl utmp</span>Â 
>        <span class="label label-default">oval:ssg-test_arle_utmp_auditctl:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-w /run/utmp -p wa -k session</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_session_events_wtmp" id="rule-detail-id34405"><div class="keywords sr-only">Record Attempts to Alter Process and Session Initiation Information wtmpxccdf_org.ssgproject.content_rule_audit_rules_session_events_wtmp mediumCCE-85757-3 </div><div class="panel-heading"><h3 class="panel-title">Record Attempts to Alter Process and Session Initiation Information wtmp</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_session_events_wtmp</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-audit_rules_session_events_wtmp:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:06+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
>            <abbr title="https://ncp.nist.gov/cce: CCE-85757-3">CCE-85757-3</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
>            <a href="https://public.cyber.mil/stigs/cci/">CCI-000172</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12.1(iv)</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000472-GPOS-00217</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">SLES-15-030770</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-234976r622137_rule</a></p></td></tr><tr><td>Description</td><td><div class="description">The audit system already collects process information for all
>users and root. If the <code>auditd</code> daemon is configured to use the
><code>augenrules</code> program to read audit rules during daemon startup (the
>default), add the following lines to a file with suffix <code>.rules</code> in the
>directory <code>/etc/audit/rules.d</code> in order to watch for attempted manual
>edits of files involved in storing such process information:
><pre> -w /var/log/wtmp -p wa -k session</pre>
>If the <code>auditd</code> daemon is configured to use the <code>auditctl</code>
>utility to read audit rules during daemon startup, add the following lines to
><code>/etc/audit/audit.rules</code> file in order to watch for attempted manual
>edits of files involved in storing such process information:
><pre> -w /var/log/wtmp -p wa -k session</pre></div></td></tr><tr><td>Rationale</td><td><div class="rationale">Manual editing of these files may indicate nefarious activity, such
>as an attacker attempting to remove evidence of an intrusion.</div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">audit augenrules</span>Â 
>        <span class="label label-default">oval:ssg-test_audit_rules_augenrules:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>Requires=augenrules.service</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules wtmp</span>Â 
>        <span class="label label-default">oval:ssg-test_arle_wtmp_augenrules:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/session.rules</td><td>-w /var/log/wtmp -p wa -k session</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl</span>Â 
>        <span class="label label-default">oval:ssg-test_audit_rules_auditctl:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_audit_rules_auditctl:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>^ExecStartPost=\-\/sbin\/auditctl.*$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl wtmp</span>Â 
>        <span class="label label-default">oval:ssg-test_arle_wtmp_auditctl:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-w /var/log/wtmp -p wa -k session</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_suid_privilege_function" id="rule-detail-id34406"><div class="keywords sr-only">Record Events When Privileged Executables Are Runxccdf_org.ssgproject.content_rule_audit_rules_suid_privilege_function mediumCCE-85611-2 </div><div class="panel-heading"><h3 class="panel-title">Record Events When Privileged Executables Are Run</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_suid_privilege_function</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-audit_rules_suid_privilege_function:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:06+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
>            <abbr title="https://ncp.nist.gov/cce: CCE-85611-2">CCE-85611-2</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
>            <a href="https://public.cyber.mil/stigs/cci/">CCI-001814</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001882</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001889</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001880</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001881</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001878</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001879</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001875</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001877</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001914</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002233</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002234</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-5(1)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-7(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-7(b)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-8(b)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(3)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000326-GPOS-00126</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000327-GPOS-00127</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=application-servers">SRG-APP-000343-CTR-000780</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=application-servers">SRG-APP-000381-CTR-000905</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">SLES-15-030640</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-234963r622137_rule</a></p></td></tr><tr><td>Description</td><td><div class="description">Verify the system generates an audit record when privileged functions are executed.
>
>If audit is using the "auditctl" tool to load the rules, run the following command:
>
><pre>$ sudo grep execve /etc/audit/audit.rules</pre>
>
>If audit is using the "augenrules" tool to load the rules, run the following command:
>
><pre>$ sudo grep -r execve /etc/audit/rules.d</pre>
>
>
><pre>-a always,exit -F arch=b32 -S execve -C uid!=euid -F euid=0 -k setuid</pre>
><pre>-a always,exit -F arch=b64 -S execve -C uid!=euid -F euid=0 -k setuid</pre>
><pre>-a always,exit -F arch=b32 -S execve -C gid!=egid -F egid=0 -k setgid</pre>
><pre>-a always,exit -F arch=b64 -S execve -C gid!=egid -F egid=0 -k setgid</pre>
>
>
>If both the "b32" and "b64" audit rules for "SUID" files are not defined, this is a finding.
>If both the "b32" and "b64" audit rules for "SGID" files are not defined, this is a finding.</div></td></tr><tr><td>Rationale</td><td><div class="rationale">Misuse of privileged functions, either intentionally or unintentionally by
>authorized users, or by unauthorized external entities that have
>compromised information system accounts, is a serious and ongoing concern
>and can have significant adverse impacts on organizations. Auditing the use
>of privileged functions is one way to detect such misuse and identify the
>risk from insider threats and the advanced persistent threat.</div></td></tr><tr><td>Warnings</td><td><div class="panel panel-warning"><div class="panel-heading"><span class="label label-warning">warning</span>Â 
>                                Note that these rules can be configured in a
>number of ways while still achieving the desired effect.</div></div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">audit augenrules</span>Â 
>        <span class="label label-default">oval:ssg-test_audit_rules_augenrules:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>Requires=augenrules.service</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules 32-bit uid privileged function</span>Â 
>        <span class="label label-default">oval:ssg-test_32bit_uid_privileged_function_augenrules:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/setuid.rules</td><td>-a always,exit -F arch=b32 -S execve -C uid!=euid -F euid=0 -F key=setuid</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules 64-bit uid privileged function</span>Â 
>        <span class="label label-default">oval:ssg-test_64bit_uid_privileged_function_augenrules:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/setuid.rules</td><td>-a always,exit -F arch=b64 -S execve -C uid!=euid -F euid=0 -F key=setuid
></td></tr></tbody></table><h4><span class="label label-primary">audit augenrules 32-bit gid privileged function</span>Â 
>        <span class="label label-default">oval:ssg-test_32bit_gid_privileged_function_augenrules:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/setgid.rules</td><td>-a always,exit -F arch=b32 -S execve -C gid!=egid -F egid=0 -F key=setgid</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules 64-bit gid privileged function</span>Â 
>        <span class="label label-default">oval:ssg-test_64bit_gid_privileged_function_augenrules:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/setgid.rules</td><td>-a always,exit -F arch=b64 -S execve -C gid!=egid -F egid=0 -F key=setgid
></td></tr></tbody></table><h4><span class="label label-primary">audit auditctl</span>Â 
>        <span class="label label-default">oval:ssg-test_audit_rules_auditctl:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_audit_rules_auditctl:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>^ExecStartPost=\-\/sbin\/auditctl.*$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl 32-bit uid privileged function</span>Â 
>        <span class="label label-default">oval:ssg-test_32bit_uid_privileged_function_auditctl:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-a always,exit -F arch=b32 -S execve -C uid!=euid -F euid=0 -F key=setuid</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl 64-bit uid privileged_function</span>Â 
>        <span class="label label-default">oval:ssg-test_64bit_uid_privileged_function_auditctl:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-a always,exit -F arch=b64 -S execve -C uid!=euid -F euid=0 -F key=setuid</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl 32-bit gid privileged function</span>Â 
>        <span class="label label-default">oval:ssg-test_32bit_gid_privileged_function_auditctl:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-a always,exit -F arch=b32 -S execve -C gid!=egid -F egid=0 -F key=setgid</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl 64-bit gid privileged_function</span>Â 
>        <span class="label label-default">oval:ssg-test_64bit_gid_privileged_function_auditctl:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-a always,exit -F arch=b64 -S execve -C gid!=egid -F egid=0 -F key=setgid</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_sysadmin_actions" id="rule-detail-id34407"><div class="keywords sr-only">Ensure auditd Collects System Administrator Actionsxccdf_org.ssgproject.content_rule_audit_rules_sysadmin_actions mediumCCE-85679-9 </div><div class="panel-heading"><h3 class="panel-title">Ensure auditd Collects System Administrator Actions</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_sysadmin_actions</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-audit_rules_sysadmin_actions:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:06+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
>            <abbr title="https://ncp.nist.gov/cce: CCE-85679-9">CCE-85679-9</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
>            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R73)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">18</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000126</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000130</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000135</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000172</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002884</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.9.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.5</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-3</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-3.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12.1(ii)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12.1(iv)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">MA-4(1)(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-6</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.2.2</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.2.5.b</a>, <a href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">10.2.1.5</a>, <a href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">10.2.2</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000004-GPOS-00004</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000037-GPOS-00015</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000042-GPOS-00020</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000062-GPOS-00031</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000304-GPOS-00121</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000392-GPOS-00172</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000462-GPOS-00206</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000470-GPOS-00214</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000471-GPOS-00215</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000239-GPOS-00089</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000240-GPOS-00090</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000241-GPOS-00091</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000303-GPOS-00120</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000304-GPOS-00121</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000466-GPOS-00210</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000476-GPOS-00221</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=application-servers">SRG-APP-000026-CTR-000070</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=application-servers">SRG-APP-000027-CTR-000075</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=application-servers">SRG-APP-000028-CTR-000080</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=application-servers">SRG-APP-000291-CTR-000675</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=application-servers">SRG-APP-000292-CTR-000680</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=application-servers">SRG-APP-000293-CTR-000685</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=application-servers">SRG-APP-000294-CTR-000690</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=application-servers">SRG-APP-000319-CTR-000745</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=application-servers">SRG-APP-000320-CTR-000750</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=application-servers">SRG-APP-000509-CTR-001305</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">SLES-15-030140</a>, <a href="https://www.cisecurity.org/benchmark/suse_linux/">4.1.14</a>, <a href="https://www.cisecurity.org/benchmark/suse_linux/">4.1.15</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-234913r622137_rule</a></p></td></tr><tr><td>Description</td><td><div class="description">At a minimum, the audit system should collect administrator actions
>for all users and root. If the <code>auditd</code> daemon is configured to use the
><code>augenrules</code> program to read audit rules during daemon startup (the default),
>add the following line to a file with suffix <code>.rules</code> in the directory
><code>/etc/audit/rules.d</code>:
><pre>-w /etc/sudoers -p wa -k actions
>-w /etc/sudoers.d/ -p wa -k actions</pre>
>If the <code>auditd</code> daemon is configured to use the <code>auditctl</code>
>utility to read audit rules during daemon startup, add the following line to
><code>/etc/audit/audit.rules</code> file:
><pre>-w /etc/sudoers -p wa -k actions
>-w /etc/sudoers.d/ -p wa -k actions</pre></div></td></tr><tr><td>Rationale</td><td><div class="rationale">The actions taken by system administrators should be audited to keep a record
>of what was executed on the system, as well as, for accountability purposes.</div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">audit augenrules</span>Â 
>        <span class="label label-default">oval:ssg-test_audit_rules_augenrules:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>Requires=augenrules.service</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules sudoers</span>Â 
>        <span class="label label-default">oval:ssg-test_audit_rules_sysadmin_actions_sudoers_augenrules:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/actions.rules</td><td>-w /etc/sudoers -p wa -k actions</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules sudoers</span>Â 
>        <span class="label label-default">oval:ssg-test_audit_rules_sysadmin_actions_sudoers_d_augenrules:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/actions.rules</td><td>-w /etc/sudoers.d/ -p wa -k actions</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl</span>Â 
>        <span class="label label-default">oval:ssg-test_audit_rules_auditctl:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_audit_rules_auditctl:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>^ExecStartPost=\-\/sbin\/auditctl.*$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl sudoers</span>Â 
>        <span class="label label-default">oval:ssg-test_audit_rules_sysadmin_actions_sudoers_auditctl:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-w /etc/sudoers -p wa -k actions</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl sudoers</span>Â 
>        <span class="label label-default">oval:ssg-test_audit_rules_sysadmin_actions_sudoers_d_auditctl:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-w /etc/sudoers.d/ -p wa -k actions</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_usergroup_modification_group" id="rule-detail-id34408"><div class="keywords sr-only">Record Events that Modify User/Group Information - /etc/groupxccdf_org.ssgproject.content_rule_audit_rules_usergroup_modification_group mediumCCE-85578-3 </div><div class="panel-heading"><h3 class="panel-title">Record Events that Modify User/Group Information - /etc/group</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_usergroup_modification_group</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-audit_rules_usergroup_modification_group:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:06+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
>            <abbr title="https://ncp.nist.gov/cce: CCE-85578-3">CCE-85578-3</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
>            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R73)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">18</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000018</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000130</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000135</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000172</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001403</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001404</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001405</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001683</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001684</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001685</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001686</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002130</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002132</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002884</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.9.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.5</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-004-6 R2.2.2</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-004-6 R2.2.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R.1.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.1.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.1.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.2.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.2.3</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-2(4)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-6</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.2.5</a>, <a href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">10.2.1.5</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000004-GPOS-00004</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000037-GPOS-00015</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000042-GPOS-00020</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000062-GPOS-00031</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000304-GPOS-00121</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000392-GPOS-00172</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000462-GPOS-00206</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000470-GPOS-00214</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000471-GPOS-00215</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000239-GPOS-00089</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000240-GPOS-00090</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000241-GPOS-00091</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000303-GPOS-00120</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000466-GPOS-00210</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000476-GPOS-00221</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">SLES-15-030010</a>, <a href="https://www.cisecurity.org/benchmark/suse_linux/">4.1.4</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-234900r622137_rule</a></p></td></tr><tr><td>Description</td><td><div class="description">If the <code>auditd</code> daemon is configured to use the
><code>augenrules</code> program to read audit rules during daemon startup (the
>default), add the following lines to a file with suffix <code>.rules</code> in the
>directory <code>/etc/audit/rules.d</code>, in order to capture events that modify
>account changes:
><br><br>
><pre>-w /etc/group -p wa -k audit_rules_usergroup_modification</pre>
><br><br>
>If the <code>auditd</code> daemon is configured to use the <code>auditctl</code>
>utility to read audit rules during daemon startup, add the following lines to
><code>/etc/audit/audit.rules</code> file, in order to capture events that modify
>account changes:
><br><br>
><pre>-w /etc/group -p wa -k audit_rules_usergroup_modification</pre></div></td></tr><tr><td>Rationale</td><td><div class="rationale">In addition to auditing new user and group accounts, these watches
>will alert the system administrator(s) to any modifications. Any unexpected
>users, groups, or modifications should be investigated for legitimacy.</div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">audit augenrules</span>Â 
>        <span class="label label-default">oval:ssg-test_audit_rules_augenrules:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>Requires=augenrules.service</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules group</span>Â 
>        <span class="label label-default">oval:ssg-test_audit_rules_usergroup_modification_group_augen:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/audit_rules_usergroup_modification.rules</td><td>-w /etc/group -p wa -k audit_rules_usergroup_modification</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl</span>Â 
>        <span class="label label-default">oval:ssg-test_audit_rules_auditctl:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_audit_rules_auditctl:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>^ExecStartPost=\-\/sbin\/auditctl.*$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">audit group</span>Â 
>        <span class="label label-default">oval:ssg-test_audit_rules_usergroup_modification_group_auditctl:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-w /etc/group -p wa -k audit_rules_usergroup_modification</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_usergroup_modification_gshadow" id="rule-detail-id34409"><div class="keywords sr-only">Record Events that Modify User/Group Information - /etc/gshadowxccdf_org.ssgproject.content_rule_audit_rules_usergroup_modification_gshadow mediumCCE-85580-9 </div><div class="panel-heading"><h3 class="panel-title">Record Events that Modify User/Group Information - /etc/gshadow</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_usergroup_modification_gshadow</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-audit_rules_usergroup_modification_gshadow:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:06+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
>            <abbr title="https://ncp.nist.gov/cce: CCE-85580-9">CCE-85580-9</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
>            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R73)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">18</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000018</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000130</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000135</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000172</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001403</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001404</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001405</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001683</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001684</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001685</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001686</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002130</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002132</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002884</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.9.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.5</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-004-6 R2.2.2</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-004-6 R2.2.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R.1.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.1.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.1.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.2.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.2.3</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-2(4)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-6</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.2.5</a>, <a href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">10.2.1.5</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000004-GPOS-00004</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000037-GPOS-00015</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000042-GPOS-00020</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000062-GPOS-00031</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000304-GPOS-00121</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000392-GPOS-00172</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000462-GPOS-00206</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000470-GPOS-00214</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000471-GPOS-00215</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000239-GPOS-00089</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000240-GPOS-00090</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000241-GPOS-00091</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000303-GPOS-00120</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000466-GPOS-00210</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000476-GPOS-00221</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">SLES-15-030040</a>, <a href="https://www.cisecurity.org/benchmark/suse_linux/">4.1.4</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-234903r622137_rule</a></p></td></tr><tr><td>Description</td><td><div class="description">If the <code>auditd</code> daemon is configured to use the
><code>augenrules</code> program to read audit rules during daemon startup (the
>default), add the following lines to a file with suffix <code>.rules</code> in the
>directory <code>/etc/audit/rules.d</code>, in order to capture events that modify
>account changes:
><br><br>
><pre>-w /etc/gshadow -p wa -k audit_rules_usergroup_modification</pre>
><br><br>
>If the <code>auditd</code> daemon is configured to use the <code>auditctl</code>
>utility to read audit rules during daemon startup, add the following lines to
><code>/etc/audit/audit.rules</code> file, in order to capture events that modify
>account changes:
><br><br>
><pre>-w /etc/gshadow -p wa -k audit_rules_usergroup_modification</pre></div></td></tr><tr><td>Rationale</td><td><div class="rationale">In addition to auditing new user and group accounts, these watches
>will alert the system administrator(s) to any modifications. Any unexpected
>users, groups, or modifications should be investigated for legitimacy.</div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">audit augenrules</span>Â 
>        <span class="label label-default">oval:ssg-test_audit_rules_augenrules:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>Requires=augenrules.service</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules gshadow</span>Â 
>        <span class="label label-default">oval:ssg-test_audit_rules_usergroup_modification_gshadow_augen:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/audit_rules_usergroup_modification.rules</td><td>-w /etc/gshadow -p wa -k audit_rules_usergroup_modification</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl</span>Â 
>        <span class="label label-default">oval:ssg-test_audit_rules_auditctl:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_audit_rules_auditctl:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>^ExecStartPost=\-\/sbin\/auditctl.*$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">audit gshadow</span>Â 
>        <span class="label label-default">oval:ssg-test_audit_rules_usergroup_modification_gshadow_auditctl:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-w /etc/gshadow -p wa -k audit_rules_usergroup_modification</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_usergroup_modification_opasswd" id="rule-detail-id34410"><div class="keywords sr-only">Record Events that Modify User/Group Information - /etc/security/opasswdxccdf_org.ssgproject.content_rule_audit_rules_usergroup_modification_opasswd mediumCCE-85728-4 </div><div class="panel-heading"><h3 class="panel-title">Record Events that Modify User/Group Information - /etc/security/opasswd</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_usergroup_modification_opasswd</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-audit_rules_usergroup_modification_opasswd:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:06+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
>            <abbr title="https://ncp.nist.gov/cce: CCE-85728-4">CCE-85728-4</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
>            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R73)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">18</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000018</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000130</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000135</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000172</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001403</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001404</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001405</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001683</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001684</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001685</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001686</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002130</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002132</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002884</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.9.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.5</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-004-6 R2.2.2</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-004-6 R2.2.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R.1.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.1.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.1.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.2.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.2.3</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-2(4).1(i&amp;ii)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12.1(iv)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-6</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.2.5</a>, <a href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">10.2.1.5</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000004-GPOS-00004</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000037-GPOS-00015</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000042-GPOS-00020</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000062-GPOS-00031</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000304-GPOS-00121</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000392-GPOS-00172</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000462-GPOS-00206</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000470-GPOS-00214</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000471-GPOS-00215</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000239-GPOS-00089</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000240-GPOS-00090</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000241-GPOS-00091</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000303-GPOS-00120</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000466-GPOS-00210</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000476-GPOS-00221</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">SLES-15-030030</a>, <a href="https://www.cisecurity.org/benchmark/suse_linux/">4.1.4</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-234902r622137_rule</a></p></td></tr><tr><td>Description</td><td><div class="description">If the <code>auditd</code> daemon is configured to use the
><code>augenrules</code> program to read audit rules during daemon startup (the
>default), add the following lines to a file with suffix <code>.rules</code> in the
>directory <code>/etc/audit/rules.d</code>, in order to capture events that modify
>account changes:
><br><br>
><pre>-w /etc/security/opasswd -p wa -k audit_rules_usergroup_modification</pre>
><br><br>
>If the <code>auditd</code> daemon is configured to use the <code>auditctl</code>
>utility to read audit rules during daemon startup, add the following lines to
><code>/etc/audit/audit.rules</code> file, in order to capture events that modify
>account changes:
><br><br>
><pre>-w /etc/security/opasswd -p wa -k audit_rules_usergroup_modification</pre></div></td></tr><tr><td>Rationale</td><td><div class="rationale">In addition to auditing new user and group accounts, these watches
>will alert the system administrator(s) to any modifications. Any unexpected
>users, groups, or modifications should be investigated for legitimacy.</div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">audit augenrules</span>Â 
>        <span class="label label-default">oval:ssg-test_audit_rules_augenrules:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>Requires=augenrules.service</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules opasswd</span>Â 
>        <span class="label label-default">oval:ssg-test_audit_rules_usergroup_modification_opasswd_augen:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/audit_rules_usergroup_modification.rules</td><td>-w /etc/security/opasswd -p wa -k audit_rules_usergroup_modification</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl</span>Â 
>        <span class="label label-default">oval:ssg-test_audit_rules_auditctl:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_audit_rules_auditctl:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>^ExecStartPost=\-\/sbin\/auditctl.*$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">audit opasswd</span>Â 
>        <span class="label label-default">oval:ssg-test_audit_rules_usergroup_modification_opasswd_auditctl:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-w /etc/security/opasswd -p wa -k audit_rules_usergroup_modification</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_usergroup_modification_passwd" id="rule-detail-id34411"><div class="keywords sr-only">Record Events that Modify User/Group Information - /etc/passwdxccdf_org.ssgproject.content_rule_audit_rules_usergroup_modification_passwd mediumCCE-85577-5 </div><div class="panel-heading"><h3 class="panel-title">Record Events that Modify User/Group Information - /etc/passwd</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_usergroup_modification_passwd</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-audit_rules_usergroup_modification_passwd:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:06+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
>            <abbr title="https://ncp.nist.gov/cce: CCE-85577-5">CCE-85577-5</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
>            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R73)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">18</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000018</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000130</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000135</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000172</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001403</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001404</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001405</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001683</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001684</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001685</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001686</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002130</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002132</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002884</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.9.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.5</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-004-6 R2.2.2</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-004-6 R2.2.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R.1.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.1.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.1.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.2.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.2.3</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-2(4)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-6</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.2.5</a>, <a href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">10.2.1.5</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000004-GPOS-00004</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000037-GPOS-00015</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000042-GPOS-00020</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000062-GPOS-00031</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000304-GPOS-00121</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000392-GPOS-00172</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000462-GPOS-00206</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000470-GPOS-00214</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000471-GPOS-00215</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000239-GPOS-00089</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000240-GPOS-00090</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000241-GPOS-00091</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000303-GPOS-00120</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000304-GPOS-00121</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000466-GPOS-00210</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000476-GPOS-00221</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000274-GPOS-00104</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000275-GPOS-00105</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000276-GPOS-00106</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000277-GPOS-00107</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">SLES-15-030000</a>, <a href="https://www.cisecurity.org/benchmark/suse_linux/">4.1.4</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-234899r622137_rule</a></p></td></tr><tr><td>Description</td><td><div class="description">If the <code>auditd</code> daemon is configured to use the
><code>augenrules</code> program to read audit rules during daemon startup (the
>default), add the following lines to a file with suffix <code>.rules</code> in the
>directory <code>/etc/audit/rules.d</code>, in order to capture events that modify
>account changes:
><br><br>
><pre>-w /etc/passwd -p wa -k audit_rules_usergroup_modification</pre>
><br><br>
>If the <code>auditd</code> daemon is configured to use the <code>auditctl</code>
>utility to read audit rules during daemon startup, add the following lines to
><code>/etc/audit/audit.rules</code> file, in order to capture events that modify
>account changes:
><br><br>
><pre>-w /etc/passwd -p wa -k audit_rules_usergroup_modification</pre></div></td></tr><tr><td>Rationale</td><td><div class="rationale">In addition to auditing new user and group accounts, these watches
>will alert the system administrator(s) to any modifications. Any unexpected
>users, groups, or modifications should be investigated for legitimacy.</div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">audit augenrules</span>Â 
>        <span class="label label-default">oval:ssg-test_audit_rules_augenrules:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>Requires=augenrules.service</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules passwd</span>Â 
>        <span class="label label-default">oval:ssg-test_audit_rules_usergroup_modification_passwd_augen:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/audit_rules_usergroup_modification.rules</td><td>-w /etc/passwd -p wa -k audit_rules_usergroup_modification</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl</span>Â 
>        <span class="label label-default">oval:ssg-test_audit_rules_auditctl:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_audit_rules_auditctl:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>^ExecStartPost=\-\/sbin\/auditctl.*$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">audit passwd</span>Â 
>        <span class="label label-default">oval:ssg-test_audit_rules_usergroup_modification_passwd_auditctl:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-w /etc/passwd -p wa -k audit_rules_usergroup_modification</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_usergroup_modification_shadow" id="rule-detail-id34412"><div class="keywords sr-only">Record Events that Modify User/Group Information - /etc/shadowxccdf_org.ssgproject.content_rule_audit_rules_usergroup_modification_shadow mediumCCE-85579-1 </div><div class="panel-heading"><h3 class="panel-title">Record Events that Modify User/Group Information - /etc/shadow</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_usergroup_modification_shadow</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-audit_rules_usergroup_modification_shadow:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:07+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
>            <abbr title="https://ncp.nist.gov/cce: CCE-85579-1">CCE-85579-1</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
>            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R73)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">18</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000018</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000130</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000135</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000172</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001403</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001404</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001405</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001683</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001684</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001685</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001686</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002130</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002132</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002884</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.9.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.5</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-004-6 R2.2.2</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-004-6 R2.2.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R.1.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.1.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.1.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.2.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.2.3</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-2(4)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-6</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.2.5</a>, <a href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">10.2.1.5</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000004-GPOS-00004</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000037-GPOS-00015</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000042-GPOS-00020</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000062-GPOS-00031</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000304-GPOS-00121</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000392-GPOS-00172</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000462-GPOS-00206</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000470-GPOS-00214</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000471-GPOS-00215</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000239-GPOS-00089</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000240-GPOS-00090</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000241-GPOS-00091</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000303-GPOS-00120</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000466-GPOS-00210</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000476-GPOS-00221</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">SLES-15-030020</a>, <a href="https://www.cisecurity.org/benchmark/suse_linux/">4.1.4</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-234901r622137_rule</a></p></td></tr><tr><td>Description</td><td><div class="description">If the <code>auditd</code> daemon is configured to use the
><code>augenrules</code> program to read audit rules during daemon startup (the
>default), add the following lines to a file with suffix <code>.rules</code> in the
>directory <code>/etc/audit/rules.d</code>, in order to capture events that modify
>account changes:
><br><br>
><pre>-w /etc/shadow -p wa -k audit_rules_usergroup_modification</pre>
><br><br>
>If the <code>auditd</code> daemon is configured to use the <code>auditctl</code>
>utility to read audit rules during daemon startup, add the following lines to
><code>/etc/audit/audit.rules</code> file, in order to capture events that modify
>account changes:
><br><br>
><pre>-w /etc/shadow -p wa -k audit_rules_usergroup_modification</pre></div></td></tr><tr><td>Rationale</td><td><div class="rationale">In addition to auditing new user and group accounts, these watches
>will alert the system administrator(s) to any modifications. Any unexpected
>users, groups, or modifications should be investigated for legitimacy.</div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">audit augenrules</span>Â 
>        <span class="label label-default">oval:ssg-test_audit_rules_augenrules:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>Requires=augenrules.service</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules shadow</span>Â 
>        <span class="label label-default">oval:ssg-test_audit_rules_usergroup_modification_shadow_augen:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/audit_rules_usergroup_modification.rules</td><td>-w /etc/shadow -p wa -k audit_rules_usergroup_modification</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl</span>Â 
>        <span class="label label-default">oval:ssg-test_audit_rules_auditctl:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_audit_rules_auditctl:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>^ExecStartPost=\-\/sbin\/auditctl.*$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">audit shadow</span>Â 
>        <span class="label label-default">oval:ssg-test_audit_rules_usergroup_modification_shadow_auditctl:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-w /etc/shadow -p wa -k audit_rules_usergroup_modification</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_auditd_audispd_encrypt_sent_records" id="rule-detail-id34413"><div class="keywords sr-only">Encrypt Audit Records Sent With audispd Pluginxccdf_org.ssgproject.content_rule_auditd_audispd_encrypt_sent_records mediumCCE-85614-6 </div><div class="panel-heading"><h3 class="panel-title">Encrypt Audit Records Sent With audispd Plugin</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_auditd_audispd_encrypt_sent_records</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-auditd_audispd_encrypt_sent_records:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:07+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
>            <abbr title="https://ncp.nist.gov/cce: CCE-85614-6">CCE-85614-6</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
>            <a href="https://public.cyber.mil/stigs/cci/">CCI-001851</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-9(3)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000342-GPOS-00133</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000479-GPOS-00224</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">SLES-15-030680</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-234967r622137_rule</a></p></td></tr><tr><td>Description</td><td><div class="description">Configure the operating system to encrypt the transfer of off-loaded audit
>records onto a different system or media from the system being audited.
>
>Uncomment the <code>enable_krb5</code> option in <pre>/etc/audit/audisp-remote.conf</pre>,
>and set it with the following line:
><pre>enable_krb5 = yes</pre></div></td></tr><tr><td>Rationale</td><td><div class="rationale">Information stored in one location is vulnerable to accidental or incidental deletion
>or alteration. Off-loading is a common process in information systems with limited
>audit storage capacity.</div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">setting in audisp-remote.conf</span>Â 
>        <span class="label label-default">oval:ssg-test_auditd_audispd_encrypt_sent_records:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audisp-remote.conf</td><td>enable_krb5 = yes</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_auditd_data_disk_full_action" id="rule-detail-id34414"><div class="keywords sr-only">Configure auditd Disk Full Action when Disk Space Is Fullxccdf_org.ssgproject.content_rule_auditd_data_disk_full_action mediumCCE-85606-2 </div><div class="panel-heading"><h3 class="panel-title">Configure auditd Disk Full Action when Disk Space Is Full</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_auditd_data_disk_full_action</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-auditd_data_disk_full_action:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:07+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
>            <abbr title="https://ncp.nist.gov/cce: CCE-85606-2">CCE-85606-2</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
>            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI04.04</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000140</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.17.2.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-5(b)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-5(2)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-5(1)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-5(4)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.DS-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000047-GPOS-00023</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">SLES-15-030590</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-234958r622137_rule</a></p></td></tr><tr><td>Description</td><td><div class="description">The <code>auditd</code> service can be configured to take an action
>when disk space is running low but prior to running out of space completely.
>Edit the file <code>/etc/audit/auditd.conf</code>. Add or modify the following line,
>substituting <i>ACTION</i> appropriately:
><pre>disk_full_action = <i>ACTION</i></pre>
>Set this value to <code>single</code> to cause the system to switch to single-user
>mode for corrective action. Acceptable values also include <code>syslog</code>,
>
><code>single</code>, and <code>halt</code>. For certain systems, the need for availability
>outweighs the need to log all actions, and a different setting should be
>determined. Details regarding all possible values for <i>ACTION</i> are described in the
><code>auditd.conf</code> man page.</div></td></tr><tr><td>Rationale</td><td><div class="rationale">Taking appropriate action in case of a filled audit storage volume will minimize
>the possibility of losing audit records.</div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">disk error action</span>Â 
>        <span class="label label-default">oval:ssg-test_auditd_data_disk_full_action:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/auditd.conf</td><td>disk_full_action = syslog</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_auditd_data_retention_admin_space_left_action" id="rule-detail-id34415"><div class="keywords sr-only">Configure auditd admin_space_left Action on Low Disk Spacexccdf_org.ssgproject.content_rule_auditd_data_retention_admin_space_left_action mediumCCE-85824-1 </div><div class="panel-heading"><h3 class="panel-title">Configure auditd admin_space_left Action on Low Disk Space</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_auditd_data_retention_admin_space_left_action</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-auditd_data_retention_admin_space_left_action:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:07+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
>            <abbr title="https://ncp.nist.gov/cce: CCE-85824-1">CCE-85824-1</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
>            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI04.04</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.3.1</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000140</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001343</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001855</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(ii)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.17.2.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-5(b)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-5(2)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-5(1)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-5(4)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.DS-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.7</a>, <a href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">10.5.1</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000343-GPOS-00134</a>, <a href="https://www.cisecurity.org/benchmark/suse_linux/">4.1.2.3</a></p></td></tr><tr><td>Description</td><td><div class="description">The <code>auditd</code> service can be configured to take an action
>when disk space is running low but prior to running out of space completely.
>Edit the file <code>/etc/audit/auditd.conf</code>. Add or modify the following line,
>substituting <i>ACTION</i> appropriately:
><pre>admin_space_left_action = <i>ACTION</i></pre>
>Set this value to <code>single</code> to cause the system to switch to single user
>mode for corrective action. Acceptable values also include <code>suspend</code> and
><code>halt</code>. For certain systems, the need for availability
>outweighs the need to log all actions, and a different setting should be
>determined. Details regarding all possible values for <i>ACTION</i> are described in the
><code>auditd.conf</code> man page.</div></td></tr><tr><td>Rationale</td><td><div class="rationale">Administrators should be made aware of an inability to record
>audit records. If a separate partition or logical volume of adequate size
>is used, running low on space for audit records should never occur.</div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">space left action</span>Â 
>        <span class="label label-default">oval:ssg-test_auditd_data_retention_admin_space_left_action:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/auditd.conf</td><td>admin_space_left_action = halt</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_auditd_data_retention_max_log_file_action" id="rule-detail-id34416"><div class="keywords sr-only">Configure auditd max_log_file_action Upon Reaching Maximum Log Sizexccdf_org.ssgproject.content_rule_auditd_data_retention_max_log_file_action mediumCCE-85778-9 </div><div class="panel-heading"><h3 class="panel-title">Configure auditd max_log_file_action Upon Reaching Maximum Log Size</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_auditd_data_retention_max_log_file_action</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-auditd_data_retention_max_log_file_action:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:07+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
>            <abbr title="https://ncp.nist.gov/cce: CCE-85778-9">CCE-85778-9</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
>            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI04.04</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000140</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(ii)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.17.2.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-5(b)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-5(2)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-5(1)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-5(4)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.DS-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.7</a>, <a href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">10.5.1</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000047-GPOS-00023</a>, <a href="https://www.cisecurity.org/benchmark/suse_linux/">4.1.2.2</a></p></td></tr><tr><td>Description</td><td><div class="description">The default action to take when the logs reach their maximum size
>is to rotate the log files, discarding the oldest one. To configure the action taken
>by <code>auditd</code>, add or correct the line in <code>/etc/audit/auditd.conf</code>:
><pre>max_log_file_action = <i>ACTION</i></pre>
>Possible values for <i>ACTION</i> are described in the <code>auditd.conf</code> man
>page. These include:
><ul><li><code>ignore</code></li><li><code>syslog</code></li><li><code>suspend</code></li><li><code>rotate</code></li><li><code>keep_logs</code></li></ul>
>Set the <code><i>ACTION</i></code> to <code>rotate</code> to ensure log rotation
>occurs. This is the default. The setting is case-insensitive.</div></td></tr><tr><td>Rationale</td><td><div class="rationale">Automatically rotating logs (by setting this to <code>rotate</code>)
>minimizes the chances of the system unexpectedly running out of disk space by
>being overwhelmed with log data. However, for systems that must never discard
>log data, or which use external processes to transfer it and reclaim space,
><code>keep_logs</code> can be employed.</div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">admin space left action </span>Â 
>        <span class="label label-default">oval:ssg-test_auditd_data_retention_max_log_file_action:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/auditd.conf</td><td>max_log_file_action = keep_logs</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_auditd_data_retention_space_left" id="rule-detail-id34417"><div class="keywords sr-only">Configure auditd space_left on Low Disk Spacexccdf_org.ssgproject.content_rule_auditd_data_retention_space_left mediumCCE-85616-1 </div><div class="panel-heading"><h3 class="panel-title">Configure auditd space_left on Low Disk Space</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_auditd_data_retention_space_left</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-auditd_data_retention_space_left:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:07+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
>            <abbr title="https://ncp.nist.gov/cce: CCE-85616-1">CCE-85616-1</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
>            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI04.04</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001855</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.17.2.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-5(b)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-5(2)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-5(1)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-5(4)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.DS-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.7</a>, <a href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">10.5.1</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000343-GPOS-00134</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">SLES-15-030700</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-234969r622137_rule</a></p></td></tr><tr><td>Description</td><td><div class="description">The <code>auditd</code> service can be configured to take an action
>when disk space is running low but prior to running out of space completely.
>Edit the file <code>/etc/audit/auditd.conf</code>. Add or modify the following line,
>substituting <i>SIZE_in_MB</i> appropriately:
><pre>space_left = <i>SIZE_in_MB</i></pre>
>Set this value to the appropriate size in Megabytes cause the system to
>notify the user of an issue.</div></td></tr><tr><td>Rationale</td><td><div class="rationale">Notifying administrators of an impending disk space problem may allow them to
>take corrective action prior to any disruption.</div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">admin space left action </span>Â 
>        <span class="label label-default">oval:ssg-test_auditd_data_retention_space_left:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/auditd.conf</td><td>space_left = 100</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_auditd_data_retention_space_left_action" id="rule-detail-id34418"><div class="keywords sr-only">Configure auditd space_left Action on Low Disk Spacexccdf_org.ssgproject.content_rule_auditd_data_retention_space_left_action mediumCCE-85823-3 </div><div class="panel-heading"><h3 class="panel-title">Configure auditd space_left Action on Low Disk Space</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_auditd_data_retention_space_left_action</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-auditd_data_retention_space_left_action:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:07+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
>            <abbr title="https://ncp.nist.gov/cce: CCE-85823-3">CCE-85823-3</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
>            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI04.04</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.3.1</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001855</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(ii)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.17.2.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-5(b)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-5(2)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-5(1)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-5(4)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.DS-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.7</a>, <a href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">10.5.1</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000343-GPOS-00134</a>, <a href="https://www.cisecurity.org/benchmark/suse_linux/">4.1.2.3</a></p></td></tr><tr><td>Description</td><td><div class="description">The <code>auditd</code> service can be configured to take an action
>when disk space <i>starts</i> to run low.
>Edit the file <code>/etc/audit/auditd.conf</code>. Modify the following line,
>substituting <i>ACTION</i> appropriately:
><pre>space_left_action = <i>ACTION</i></pre>
>Possible values for <i>ACTION</i> are described in the <code>auditd.conf</code> man page.
>These include:
><ul><li><code>syslog</code></li><li><code>email</code></li><li><code>exec</code></li><li><code>suspend</code></li><li><code>single</code></li><li><code>halt</code></li></ul>
>Set this to <code>email</code> (instead of the default,
>which is <code>suspend</code>) as it is more likely to get prompt attention. Acceptable values
>also include <code>suspend</code>, <code>single</code>, and <code>halt</code>.</div></td></tr><tr><td>Rationale</td><td><div class="rationale">Notifying administrators of an impending disk space problem may
>allow them to take corrective action prior to any disruption.</div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">space left action</span>Â 
>        <span class="label label-default">oval:ssg-test_auditd_data_retention_space_left_action:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/auditd.conf</td><td>space_left_action = email</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_journald_compress" id="rule-detail-id34419"><div class="keywords sr-only">Ensure journald is configured to compress large log filesxccdf_org.ssgproject.content_rule_journald_compress mediumCCE-91377-2 </div><div class="panel-heading"><h3 class="panel-title">Ensure journald is configured to compress large log files</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_journald_compress</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-journald_compress:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:07+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
>            <abbr title="https://ncp.nist.gov/cce: CCE-91377-2">CCE-91377-2</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
>            <a href="https://www.cisecurity.org/benchmark/suse_linux/">4.2.2.2</a></p></td></tr><tr><td>Description</td><td><div class="description">The journald system can compress large log files to avoid fill the system disk.</div></td></tr><tr><td>Rationale</td><td><div class="rationale">Log files that are not properly compressed run the risk of growing so large that they fill up the log partition. Valuable logging information could be lost if the log partition becomes full.</div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">tests the value of Compress setting in the /etc/systemd/journald.conf file</span>Â 
>        <span class="label label-default">oval:ssg-test_journald_compress:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/systemd/journald.conf</td><td>Compress=yes</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_journald_storage" id="rule-detail-id34420"><div class="keywords sr-only">Ensure journald is configured to write log files to persistent diskxccdf_org.ssgproject.content_rule_journald_storage mediumCCE-91378-0 </div><div class="panel-heading"><h3 class="panel-title">Ensure journald is configured to write log files to persistent disk</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_journald_storage</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-journald_storage:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:07+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
>            <abbr title="https://ncp.nist.gov/cce: CCE-91378-0">CCE-91378-0</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
>            <a href="https://www.cisecurity.org/benchmark/suse_linux/">4.2.2.3</a></p></td></tr><tr><td>Description</td><td><div class="description">The journald system may store log files in volatile memory or locally on disk.
>If the logs are only stored in volatile memory they will we lost upon reboot.</div></td></tr><tr><td>Rationale</td><td><div class="rationale">Log files contain valuable data and need to be persistent to aid in possible investigations.</div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">tests the value of Storage setting in the /etc/systemd/journald.conf file</span>Â 
>        <span class="label label-default">oval:ssg-test_journald_storage:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/systemd/journald.conf</td><td>Storage=persistent</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_kernel_module_dccp_disabled" id="rule-detail-id34421"><div class="keywords sr-only">Disable DCCP Supportxccdf_org.ssgproject.content_rule_kernel_module_dccp_disabled mediumCCE-91241-0 </div><div class="panel-heading"><h3 class="panel-title">Disable DCCP Support</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_kernel_module_dccp_disabled</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-kernel_module_dccp_disabled:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:07+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
>            <abbr title="https://ncp.nist.gov/cce: CCE-91241-0">CCE-91241-0</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
>            <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.10.1</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.02</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.03</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.06</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.4.6</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001958</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.3.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.3.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.5.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.6.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-7(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-7(b)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.IP-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-3</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-1.4.2</a>, <a href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">1.4.2</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000096-GPOS-00050</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000378-GPOS-00163</a>, <a href="https://www.cisecurity.org/benchmark/suse_linux/">3.4.1</a></p></td></tr><tr><td>Description</td><td><div class="description">The Datagram Congestion Control Protocol (DCCP) is a
>relatively new transport layer protocol, designed to support
>streaming media and telephony.
>
>To configure the system to prevent the <code>dccp</code>
>kernel module from being loaded, add the following line to the file <code>/etc/modprobe.d/dccp.conf</code>:
><pre>install dccp /bin/true</pre></div></td></tr><tr><td>Rationale</td><td><div class="rationale">Disabling DCCP protects
>the system against exploitation of any flaws in its implementation.</div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">kernel module dccp blacklisted</span>Â 
>        <span class="label label-default">oval:ssg-test_kernmod_dccp_blacklisted:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/modprobe.d/dccp.conf</td><td>blacklist dccp</td></tr></tbody></table><h4><span class="label label-primary">kernel module dccp disabled</span>Â 
>        <span class="label label-default">oval:ssg-test_kernmod_dccp_disabled:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/modprobe.d/dccp.conf</td><td>install dccp /bin/true</td></tr></tbody></table><h4><span class="label label-primary">kernel module dccp disabled in /etc/modprobe.conf</span>Â 
>        <span class="label label-default">oval:ssg-test_kernmod_dccp_modprobeconf:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check deprecated /etc/modprobe.conf for disablement of dccp">oval:ssg-obj_kernmod_dccp_modprobeconf:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/modprobe.conf</td><td>^\s*install\s+dccp\s+(/bin/false|/bin/true)$</td><td>1</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_kernel_module_sctp_disabled" id="rule-detail-id34422"><div class="keywords sr-only">Disable SCTP Supportxccdf_org.ssgproject.content_rule_kernel_module_sctp_disabled mediumCCE-91242-8 </div><div class="panel-heading"><h3 class="panel-title">Disable SCTP Support</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_kernel_module_sctp_disabled</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-kernel_module_sctp_disabled:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:07+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
>            <abbr title="https://ncp.nist.gov/cce: CCE-91242-8">CCE-91242-8</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
>            <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.10.1</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.02</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.03</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.06</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.4.6</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000381</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.3.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.3.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.5.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.6.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-7(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-7(b)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.IP-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-3</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-1.4.2</a>, <a href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">1.4.2</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000095-GPOS-00049</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a>, <a href="https://www.cisecurity.org/benchmark/suse_linux/">3.4.2</a></p></td></tr><tr><td>Description</td><td><div class="description">The Stream Control Transmission Protocol (SCTP) is a
>transport layer protocol, designed to support the idea of
>message-oriented communication, with several streams of messages
>within one connection.
>
>To configure the system to prevent the <code>sctp</code>
>kernel module from being loaded, add the following line to the file <code>/etc/modprobe.d/sctp.conf</code>:
><pre>install sctp /bin/true</pre></div></td></tr><tr><td>Rationale</td><td><div class="rationale">Disabling SCTP protects
>the system against exploitation of any flaws in its implementation.</div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">kernel module sctp blacklisted</span>Â 
>        <span class="label label-default">oval:ssg-test_kernmod_sctp_blacklisted:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/modprobe.d/sctp.conf</td><td>blacklist sctp</td></tr></tbody></table><h4><span class="label label-primary">kernel module sctp disabled</span>Â 
>        <span class="label label-default">oval:ssg-test_kernmod_sctp_disabled:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/modprobe.d/sctp.conf</td><td>install sctp /bin/true</td></tr></tbody></table><h4><span class="label label-primary">kernel module sctp disabled in /etc/modprobe.conf</span>Â 
>        <span class="label label-default">oval:ssg-test_kernmod_sctp_modprobeconf:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check deprecated /etc/modprobe.conf for disablement of sctp">oval:ssg-obj_kernmod_sctp_modprobeconf:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/modprobe.conf</td><td>^\s*install\s+sctp\s+(/bin/false|/bin/true)$</td><td>1</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_file_etc_security_opasswd" id="rule-detail-id34423"><div class="keywords sr-only">Verify Permissions and Ownership of Old Passwords Filexccdf_org.ssgproject.content_rule_file_etc_security_opasswd mediumCCE-85572-6 </div><div class="panel-heading"><h3 class="panel-title">Verify Permissions and Ownership of Old Passwords File</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_file_etc_security_opasswd</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-file_etc_security_opasswd:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:07+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
>            <abbr title="https://ncp.nist.gov/cce: CCE-85572-6">CCE-85572-6</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
>            <a href="https://public.cyber.mil/stigs/cci/">CCI-000200</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000077-GPOS-00045</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">SLES-15-020240</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-234893r622137_rule</a></p></td></tr><tr><td>Description</td><td><div class="description"> To properly set the owner of <code>/etc/security/opasswd</code>, run the command: <pre>$ sudo chown root /etc/security/opasswd </pre>
>To properly set the group owner of <code>/etc/security/opasswd</code>, run the command: <pre>$ sudo chgrp root /etc/security/opasswd</pre>
>To properly set the permissions of <code>/etc/security/opasswd</code>, run the command: <pre>$ sudo chmod 0600 /etc/security/opasswd</pre></div></td></tr><tr><td>Rationale</td><td><div class="rationale">The <code>/etc/security/opasswd</code> file stores old passwords to prevent
>password reuse. Protection of this file is critical for system security.</div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">/etc/security/opasswd is owned by root:root / 0600</span>Â 
>        <span class="label label-default">oval:ssg-test_file_etc_security_opasswd:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Type</th><th>UID</th><th>GID</th><th>Size (B)</th><th>Permissions</th></tr></thead><tbody><tr><td>/etc/security/opasswd</td><td>regular</td><td>0</td><td>0</td><td>239</td><td><code>rw-------Â </code></td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_file_permissions_etc_shadow" id="rule-detail-id34424"><div class="keywords sr-only">Verify Permissions on shadow Filexccdf_org.ssgproject.content_rule_file_permissions_etc_shadow mediumCCE-85804-3 </div><div class="panel-heading"><h3 class="panel-title">Verify Permissions on shadow File</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_file_permissions_etc_shadow</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-file_permissions_etc_shadow:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:07+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
>            <abbr title="https://ncp.nist.gov/cce: CCE-85804-3">CCE-85804-3</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
>            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R36)</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">18</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.5.2.2</a>, <a href="https://www.isaca.org/resources/cobit">APO01.06</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.02</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002223</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.iso.org/standard/54534.html">A.10.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.6.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.5</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-003-8 R5.1.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-003-8 R5.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-004-6 R2.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R2.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R2.2</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R2.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.1.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.1.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(1)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.DS-5</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-8.7.c</a>, <a href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">7.2.6</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a>, <a href="https://www.cisecurity.org/benchmark/suse_linux/">6.1.3</a></p></td></tr><tr><td>Description</td><td><div class="description">
>To properly set the permissions of <code>/etc/shadow</code>, run the command:
><pre>$ sudo chmod 0640 /etc/shadow</pre></div></td></tr><tr><td>Rationale</td><td><div class="rationale">The <code>/etc/shadow</code> file contains the list of local
>system accounts and stores password hashes. Protection of this file is
>critical for system security. Failure to give ownership of this file
>to root provides the designated owner with access to sensitive information
>which could weaken the system security posture.</div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">Testing mode of /etc/shadow</span>Â 
>        <span class="label label-default">oval:ssg-test_file_permissions_etc_shadow_0:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="/etc/shadow">oval:ssg-object_file_permissions_etc_shadow_0:obj:1</abbr></strong> of type
>                <strong>file_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Filter</th><th>Filter</th></tr></thead><tbody><tr><td>/etc/shadow</td><td>oval:ssg-exclude_symlinks__etc_shadow:ste:1</td><td>oval:ssg-state_file_permissions_etc_shadow_0_mode_0640or_stricter_:ste:1</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_file_groupownership_system_commands_dirs" id="rule-detail-id34425"><div class="keywords sr-only">Verify that system commands files are group owned by root or a system accountxccdf_org.ssgproject.content_rule_file_groupownership_system_commands_dirs mediumCCE-85742-5 </div><div class="panel-heading"><h3 class="panel-title">Verify that system commands files are group owned by root or a system account</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_file_groupownership_system_commands_dirs</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-file_groupownership_system_commands_dirs:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:07+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
>            <abbr title="https://ncp.nist.gov/cce: CCE-85742-5">CCE-85742-5</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
>            <a href="https://public.cyber.mil/stigs/cci/">CCI-001499</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-5(6)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-5(6).1</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000259-GPOS-00100</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">SLES-15-010361</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-234844r622137_rule</a></p></td></tr><tr><td>Description</td><td><div class="description">System commands files are stored in the following directories by default:
><pre>/bin
>/sbin
>/usr/bin
>/usr/sbin
>/usr/local/bin
>/usr/local/sbin
></pre>
>All files in these directories should be owned by the <code>root</code> group,
>or a system account.
>If the directory, or any file in these directories, is found to be owned
>by a group other than root or a a system account correct its ownership
>with the following command:
><pre>$ sudo chgrp root <i>FILE</i></pre></div></td></tr><tr><td>Rationale</td><td><div class="rationale">If the operating system allows any user to make changes to software
>libraries, then those changes might be implemented without undergoing the
>appropriate testing and approvals that are part of a robust change management
>process.
>This requirement applies to operating systems with software libraries
>that are accessible and configurable, as in the case of interpreted languages.
>Software libraries also include privileged programs which execute with
>escalated privileges. Only qualified and authorized individuals must be
>allowed to obtain access to information system components for purposes
>of initiating changes, including upgrades and modifications.</div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">system commands are owned by root or a system account</span>Â 
>        <span class="label label-default">oval:ssg-test_groupownership_system_commands_dirs:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="system commands files">oval:ssg-object_groupownership_system_commands_dirs:obj:1</abbr></strong> of type
>                <strong>file_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Filename</th><th>Filter</th></tr></thead><tbody><tr><td>^\/s?bin|^\/usr\/s?bin|^\/usr\/local\/s?bin</td><td>^.*$</td><td>oval:ssg-state_groupowner_system_commands_dirs_not_root_or_system_account:ste:1</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_kernel_module_squashfs_disabled" id="rule-detail-id34426"><div class="keywords sr-only">Disable Mounting of squashfsxccdf_org.ssgproject.content_rule_kernel_module_squashfs_disabled lowCCE-92452-2 </div><div class="panel-heading"><h3 class="panel-title">Disable Mounting of squashfs</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_kernel_module_squashfs_disabled</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-kernel_module_squashfs_disabled:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:07+00:00</td></tr><tr><td>Severity</td><td>low</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
>            <abbr title="https://ncp.nist.gov/cce: CCE-92452-2">CCE-92452-2</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
>            <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.02</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.03</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.06</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.4.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.3.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.3.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.5.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.6.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-7(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-7(b)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.IP-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-3</a>, <a href="https://www.cisecurity.org/benchmark/suse_linux/">1.1.1.1</a></p></td></tr><tr><td>Description</td><td><div class="description">
>To configure the system to prevent the <code>squashfs</code>
>kernel module from being loaded, add the following line to the file <code>/etc/modprobe.d/squashfs.conf</code>:
><pre>install squashfs /bin/true</pre>
>
>This effectively prevents usage of this uncommon filesystem.
>
>The <code>squashfs</code> filesystem type is a compressed read-only Linux
>filesystem embedded in small footprint systems (similar to
><code>cramfs</code>). A <code>squashfs</code> image can be used without having
>to first decompress the image.</div></td></tr><tr><td>Rationale</td><td><div class="rationale">Removing support for unneeded filesystem types reduces the local attack
>surface of the system.</div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">kernel module squashfs blacklisted</span>Â 
>        <span class="label label-default">oval:ssg-test_kernmod_squashfs_blacklisted:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/modprobe.d/squashfs.conf</td><td>blacklist squashfs</td></tr></tbody></table><h4><span class="label label-primary">kernel module squashfs disabled</span>Â 
>        <span class="label label-default">oval:ssg-test_kernmod_squashfs_disabled:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/modprobe.d/squashfs.conf</td><td>install squashfs /bin/true</td></tr></tbody></table><h4><span class="label label-primary">kernel module squashfs disabled in /etc/modprobe.conf</span>Â 
>        <span class="label label-default">oval:ssg-test_kernmod_squashfs_modprobeconf:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check deprecated /etc/modprobe.conf for disablement of squashfs">oval:ssg-obj_kernmod_squashfs_modprobeconf:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/modprobe.conf</td><td>^\s*install\s+squashfs\s+(/bin/false|/bin/true)$</td><td>1</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_kernel_module_udf_disabled" id="rule-detail-id34427"><div class="keywords sr-only">Disable Mounting of udfxccdf_org.ssgproject.content_rule_kernel_module_udf_disabled lowCCE-92453-0 </div><div class="panel-heading"><h3 class="panel-title">Disable Mounting of udf</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_kernel_module_udf_disabled</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-kernel_module_udf_disabled:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:07+00:00</td></tr><tr><td>Severity</td><td>low</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
>            <abbr title="https://ncp.nist.gov/cce: CCE-92453-0">CCE-92453-0</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
>            <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.02</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.03</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.06</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.4.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.3.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.3.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.5.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.6.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-7(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-7(b)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.IP-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-3</a>, <a href="https://www.cisecurity.org/benchmark/suse_linux/">1.1.1.2</a></p></td></tr><tr><td>Description</td><td><div class="description">
>To configure the system to prevent the <code>udf</code>
>kernel module from being loaded, add the following line to the file <code>/etc/modprobe.d/udf.conf</code>:
><pre>install udf /bin/true</pre>
>
>This effectively prevents usage of this uncommon filesystem.
>
>The <code>udf</code> filesystem type is the universal disk format
>used to implement the ISO/IEC 13346 and ECMA-167 specifications.
>This is an open vendor filesystem type for data storage on a broad
>range of media. This filesystem type is neccessary to support
>writing DVDs and newer optical disc formats.</div></td></tr><tr><td>Rationale</td><td><div class="rationale">Removing support for unneeded filesystem types reduces the local
>attack surface of the system.</div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">kernel module udf blacklisted</span>Â 
>        <span class="label label-default">oval:ssg-test_kernmod_udf_blacklisted:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/modprobe.d/udf.conf</td><td>blacklist udf</td></tr></tbody></table><h4><span class="label label-primary">kernel module udf disabled</span>Â 
>        <span class="label label-default">oval:ssg-test_kernmod_udf_disabled:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/modprobe.d/udf.conf</td><td>install udf /bin/true</td></tr></tbody></table><h4><span class="label label-primary">kernel module udf disabled in /etc/modprobe.conf</span>Â 
>        <span class="label label-default">oval:ssg-test_kernmod_udf_modprobeconf:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check deprecated /etc/modprobe.conf for disablement of udf">oval:ssg-obj_kernmod_udf_modprobeconf:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/modprobe.conf</td><td>^\s*install\s+udf\s+(/bin/false|/bin/true)$</td><td>1</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_kernel_module_usb-storage_disabled" id="rule-detail-id34428"><div class="keywords sr-only">Disable Modprobe Loading of USB Storage Driverxccdf_org.ssgproject.content_rule_kernel_module_usb-storage_disabled mediumCCE-83294-9 </div><div class="panel-heading"><h3 class="panel-title">Disable Modprobe Loading of USB Storage Driver</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_kernel_module_usb-storage_disabled</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-kernel_module_usb-storage_disabled:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:07+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
>            <abbr title="https://ncp.nist.gov/cce: CCE-83294-9">CCE-83294-9</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
>            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.10</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.10</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.21</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000778</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001958</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(iv)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.18.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.9.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.3</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-7(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-7(b)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">MP-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-6</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-7</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000114-GPOS-00059</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000378-GPOS-00163</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">SLES-15-010480</a>, <a href="https://www.cisecurity.org/benchmark/suse_linux/">1.1.23</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-234856r622137_rule</a></p></td></tr><tr><td>Description</td><td><div class="description">To prevent USB storage devices from being used, configure the kernel module loading system
>to prevent automatic loading of the USB storage driver.
>
>To configure the system to prevent the <code>usb-storage</code>
>kernel module from being loaded, add the following line to the file <code>/etc/modprobe.d/usb-storage.conf</code>:
><pre>install usb-storage /bin/true</pre>
>
>This will prevent the <code>modprobe</code> program from loading the <code>usb-storage</code>
>module, but will not prevent an administrator (or another program) from using the
><code>insmod</code> program to load the module manually.</div></td></tr><tr><td>Rationale</td><td><div class="rationale">USB storage devices such as thumb drives can be used to introduce
>malicious software.</div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">kernel module usb-storage blacklisted</span>Â 
>        <span class="label label-default">oval:ssg-test_kernmod_usb-storage_blacklisted:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/modprobe.d/usb-storage.conf</td><td>blacklist usb-storage</td></tr></tbody></table><h4><span class="label label-primary">kernel module usb-storage disabled</span>Â 
>        <span class="label label-default">oval:ssg-test_kernmod_usb-storage_disabled:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/modprobe.d/usb-storage.conf</td><td>install usb-storage /bin/true</td></tr></tbody></table><h4><span class="label label-primary">kernel module usb-storage disabled in /etc/modprobe.conf</span>Â 
>        <span class="label label-default">oval:ssg-test_kernmod_usb-storage_modprobeconf:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check deprecated /etc/modprobe.conf for disablement of usb-storage">oval:ssg-obj_kernmod_usb-storage_modprobeconf:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/modprobe.conf</td><td>^\s*install\s+usb-storage\s+(/bin/false|/bin/true)$</td><td>1</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_disable_users_coredumps" id="rule-detail-id34429"><div class="keywords sr-only">Disable Core Dumps for All Usersxccdf_org.ssgproject.content_rule_disable_users_coredumps mediumCCE-85740-9 </div><div class="panel-heading"><h3 class="panel-title">Disable Core Dumps for All Users</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_disable_users_coredumps</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-disable_users_coredumps:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:07+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
>            <abbr title="https://ncp.nist.gov/cce: CCE-85740-9">CCE-85740-9</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
>            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI04.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.17.2.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">SC-7(10)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.DS-4</a>, <a href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">3.3.1.1</a>, <a href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">3.3.1.2</a>, <a href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">3.3.1.3</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a>, <a href="https://www.cisecurity.org/benchmark/suse_linux/">1.6.1</a></p></td></tr><tr><td>Description</td><td><div class="description">To disable core dumps for all users, add the following line to
><code>/etc/security/limits.conf</code>, or to a file within the
><code>/etc/security/limits.d/</code> directory:
><pre>*     hard   core    0</pre></div></td></tr><tr><td>Rationale</td><td><div class="rationale">A core dump includes a memory image taken at the time the operating system
>terminates an application. The memory image could contain sensitive data and is generally useful
>only for developers trying to debug problems.</div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">Tests the value of the ^[\s]*\*[\s]+(hard|-)[\s]+core[\s]+([\d]+) setting in the /etc/security/limits.d directory</span>Â 
>        <span class="label label-default">oval:ssg-test_core_dumps_limits_d:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_core_dumps_limits_d:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Filename</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/security/limits.d</td><td>^.*\.conf$</td><td>^[\s]*\*[\s]+(?:hard|-)[\s]+core[\s]+([\d]+)</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Tests for existance of the ^[\s]*\*[\s]+(hard|-)[\s]+core setting in the /etc/security/limits.d directory</span>Â 
>        <span class="label label-default">oval:ssg-test_core_dumps_limits_d_exists:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_core_dumps_limits_d_exists:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Filename</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/security/limits.d</td><td>^.*\.conf$</td><td>^[\s]*\*[\s]+(?:hard|-)[\s]+core</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Tests the value of the ^[\s]*\*[\s]+(hard|-)[\s]+core[\s]+([\d]+) setting in the /etc/security/limits.conf file</span>Â 
>        <span class="label label-default">oval:ssg-test_core_dumps_limitsconf:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/security/limits.conf</td><td>*     hard   core    0</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_file_permissions_cron_d" id="rule-detail-id34430"><div class="keywords sr-only">Verify Permissions on cron.dxccdf_org.ssgproject.content_rule_file_permissions_cron_d mediumCCE-91304-6 </div><div class="panel-heading"><h3 class="panel-title">Verify Permissions on cron.d</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_file_permissions_cron_d</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-file_permissions_cron_d:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:07+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
>            <abbr title="https://ncp.nist.gov/cce: CCE-91304-6">CCE-91304-6</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
>            <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">18</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.isaca.org/resources/cobit">APO01.06</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.02</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.iso.org/standard/54534.html">A.10.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.6.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.5</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(1)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.DS-5</a>, <a href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">2.2.6</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a>, <a href="https://www.cisecurity.org/benchmark/suse_linux/">5.1.7</a></p></td></tr><tr><td>Description</td><td><div class="description">
>To properly set the permissions of <code>/etc/cron.d</code>, run the command:
><pre>$ sudo chmod 0700 /etc/cron.d</pre></div></td></tr><tr><td>Rationale</td><td><div class="rationale">Service configuration files enable or disable features of their respective services that if configured incorrectly
>can lead to insecure and vulnerable configurations. Therefore, service configuration files should have the
>correct access rights to prevent unauthorized changes.</div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">Testing mode of /etc/cron.d/</span>Â 
>        <span class="label label-default">oval:ssg-test_file_permissions_cron_d_0:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="/etc/cron.d/">oval:ssg-object_file_permissions_cron_d_0:obj:1</abbr></strong> of type
>                <strong>file_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Filename</th><th>Filter</th><th>Filter</th></tr></thead><tbody><tr><td>/etc/cron.d</td><td>no value</td><td>oval:ssg-exclude_symlinks__cron_d:ste:1</td><td>oval:ssg-state_file_permissions_cron_d_0_mode_0700or_stricter_:ste:1</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_file_permissions_cron_daily" id="rule-detail-id34431"><div class="keywords sr-only">Verify Permissions on cron.dailyxccdf_org.ssgproject.content_rule_file_permissions_cron_daily mediumCCE-91301-2 </div><div class="panel-heading"><h3 class="panel-title">Verify Permissions on cron.daily</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_file_permissions_cron_daily</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-file_permissions_cron_daily:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:07+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
>            <abbr title="https://ncp.nist.gov/cce: CCE-91301-2">CCE-91301-2</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
>            <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">18</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.isaca.org/resources/cobit">APO01.06</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.02</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.iso.org/standard/54534.html">A.10.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.6.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.5</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(1)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.DS-5</a>, <a href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">2.2.6</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a>, <a href="https://www.cisecurity.org/benchmark/suse_linux/">5.1.4</a></p></td></tr><tr><td>Description</td><td><div class="description">
>To properly set the permissions of <code>/etc/cron.daily</code>, run the command:
><pre>$ sudo chmod 0700 /etc/cron.daily</pre></div></td></tr><tr><td>Rationale</td><td><div class="rationale">Service configuration files enable or disable features of their respective services that if configured incorrectly
>can lead to insecure and vulnerable configurations. Therefore, service configuration files should have the
>correct access rights to prevent unauthorized changes.</div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">Testing mode of /etc/cron.daily/</span>Â 
>        <span class="label label-default">oval:ssg-test_file_permissions_cron_daily_0:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="/etc/cron.daily/">oval:ssg-object_file_permissions_cron_daily_0:obj:1</abbr></strong> of type
>                <strong>file_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Filename</th><th>Filter</th><th>Filter</th></tr></thead><tbody><tr><td>/etc/cron.daily</td><td>no value</td><td>oval:ssg-exclude_symlinks__cron_daily:ste:1</td><td>oval:ssg-state_file_permissions_cron_daily_0_mode_0700or_stricter_:ste:1</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_file_permissions_cron_hourly" id="rule-detail-id34432"><div class="keywords sr-only">Verify Permissions on cron.hourlyxccdf_org.ssgproject.content_rule_file_permissions_cron_hourly mediumCCE-91300-4 </div><div class="panel-heading"><h3 class="panel-title">Verify Permissions on cron.hourly</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_file_permissions_cron_hourly</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-file_permissions_cron_hourly:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:07+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
>            <abbr title="https://ncp.nist.gov/cce: CCE-91300-4">CCE-91300-4</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
>            <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">18</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.isaca.org/resources/cobit">APO01.06</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.02</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.iso.org/standard/54534.html">A.10.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.6.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.5</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(1)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.DS-5</a>, <a href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">2.2.6</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a>, <a href="https://www.cisecurity.org/benchmark/suse_linux/">5.1.3</a></p></td></tr><tr><td>Description</td><td><div class="description">
>To properly set the permissions of <code>/etc/cron.hourly</code>, run the command:
><pre>$ sudo chmod 0700 /etc/cron.hourly</pre></div></td></tr><tr><td>Rationale</td><td><div class="rationale">Service configuration files enable or disable features of their respective services that if configured incorrectly
>can lead to insecure and vulnerable configurations. Therefore, service configuration files should have the
>correct access rights to prevent unauthorized changes.</div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">Testing mode of /etc/cron.hourly/</span>Â 
>        <span class="label label-default">oval:ssg-test_file_permissions_cron_hourly_0:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="/etc/cron.hourly/">oval:ssg-object_file_permissions_cron_hourly_0:obj:1</abbr></strong> of type
>                <strong>file_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Filename</th><th>Filter</th><th>Filter</th></tr></thead><tbody><tr><td>/etc/cron.hourly</td><td>no value</td><td>oval:ssg-exclude_symlinks__cron_hourly:ste:1</td><td>oval:ssg-state_file_permissions_cron_hourly_0_mode_0700or_stricter_:ste:1</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_file_permissions_cron_monthly" id="rule-detail-id34433"><div class="keywords sr-only">Verify Permissions on cron.monthlyxccdf_org.ssgproject.content_rule_file_permissions_cron_monthly mediumCCE-91303-8 </div><div class="panel-heading"><h3 class="panel-title">Verify Permissions on cron.monthly</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_file_permissions_cron_monthly</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-file_permissions_cron_monthly:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:07+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
>            <abbr title="https://ncp.nist.gov/cce: CCE-91303-8">CCE-91303-8</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
>            <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">18</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.isaca.org/resources/cobit">APO01.06</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.02</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.iso.org/standard/54534.html">A.10.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.6.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.5</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(1)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.DS-5</a>, <a href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">2.2.6</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a>, <a href="https://www.cisecurity.org/benchmark/suse_linux/">5.1.6</a></p></td></tr><tr><td>Description</td><td><div class="description">
>To properly set the permissions of <code>/etc/cron.monthly</code>, run the command:
><pre>$ sudo chmod 0700 /etc/cron.monthly</pre></div></td></tr><tr><td>Rationale</td><td><div class="rationale">Service configuration files enable or disable features of their respective services that if configured incorrectly
>can lead to insecure and vulnerable configurations. Therefore, service configuration files should have the
>correct access rights to prevent unauthorized changes.</div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">Testing mode of /etc/cron.monthly/</span>Â 
>        <span class="label label-default">oval:ssg-test_file_permissions_cron_monthly_0:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="/etc/cron.monthly/">oval:ssg-object_file_permissions_cron_monthly_0:obj:1</abbr></strong> of type
>                <strong>file_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Filename</th><th>Filter</th><th>Filter</th></tr></thead><tbody><tr><td>/etc/cron.monthly</td><td>no value</td><td>oval:ssg-exclude_symlinks__cron_monthly:ste:1</td><td>oval:ssg-state_file_permissions_cron_monthly_0_mode_0700or_stricter_:ste:1</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_file_permissions_cron_weekly" id="rule-detail-id34434"><div class="keywords sr-only">Verify Permissions on cron.weeklyxccdf_org.ssgproject.content_rule_file_permissions_cron_weekly mediumCCE-91302-0 </div><div class="panel-heading"><h3 class="panel-title">Verify Permissions on cron.weekly</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_file_permissions_cron_weekly</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-file_permissions_cron_weekly:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:07+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
>            <abbr title="https://ncp.nist.gov/cce: CCE-91302-0">CCE-91302-0</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
>            <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">18</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.isaca.org/resources/cobit">APO01.06</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.02</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.iso.org/standard/54534.html">A.10.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.6.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.5</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(1)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.DS-5</a>, <a href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">2.2.6</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a>, <a href="https://www.cisecurity.org/benchmark/suse_linux/">5.1.5</a></p></td></tr><tr><td>Description</td><td><div class="description">
>To properly set the permissions of <code>/etc/cron.weekly</code>, run the command:
><pre>$ sudo chmod 0700 /etc/cron.weekly</pre></div></td></tr><tr><td>Rationale</td><td><div class="rationale">Service configuration files enable or disable features of their respective services that if configured incorrectly
>can lead to insecure and vulnerable configurations. Therefore, service configuration files should have the
>correct access rights to prevent unauthorized changes.</div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">Testing mode of /etc/cron.weekly/</span>Â 
>        <span class="label label-default">oval:ssg-test_file_permissions_cron_weekly_0:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="/etc/cron.weekly/">oval:ssg-object_file_permissions_cron_weekly_0:obj:1</abbr></strong> of type
>                <strong>file_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Filename</th><th>Filter</th><th>Filter</th></tr></thead><tbody><tr><td>/etc/cron.weekly</td><td>no value</td><td>oval:ssg-exclude_symlinks__cron_weekly:ste:1</td><td>oval:ssg-state_file_permissions_cron_weekly_0_mode_0700or_stricter_:ste:1</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_chronyd_run_as_chrony_user" id="rule-detail-id34435"><div class="keywords sr-only">Ensure that chronyd is running under chrony user accountxccdf_org.ssgproject.content_rule_chronyd_run_as_chrony_user mediumCCE-91360-8 </div><div class="panel-heading"><h3 class="panel-title">Ensure that chronyd is running under chrony user account</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_chronyd_run_as_chrony_user</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-chronyd_run_as_chrony_user:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:07+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
>            <abbr title="https://ncp.nist.gov/cce: CCE-91360-8">CCE-91360-8</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
>            <a href="https://www.cisecurity.org/benchmark/suse_linux/">2.2.1.3</a></p></td></tr><tr><td>Description</td><td><div class="description">chrony is a daemon which implements the Network Time Protocol (NTP). It is designed to
>synchronize system clocks across a variety of systems and use a source that is highly
>accurate. More information on chrony can be found at
>
>    <a href="http://chrony.tuxfamily.org/">http://chrony.tuxfamily.org/</a>.
>Chrony can be configured to be a client and/or a server.
>To ensure that chronyd is running under chrony user account,
>add or edit the
><code>OPTIONS</code> variable in <code>/etc/sysconfig/chronyd</code> to include <code>-u chrony</code>:
><pre>OPTIONS="-u chrony"</pre>
>
>This recommendation only applies if chrony is in use on the system.</div></td></tr><tr><td>Rationale</td><td><div class="rationale">If chrony is in use on the system proper configuration is vital to ensuring time synchronization
>is working properly.</div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">tests the value of OPTIONS setting in the /etc/sysconfig/chronyd file</span>Â 
>        <span class="label label-default">oval:ssg-test_chronyd_run_as_chrony_user:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/sysconfig/chronyd</td><td>OPTIONS=" -u chrony"</td></tr></tbody></table><h4><span class="label label-primary">The configuration file /etc/sysconfig/chronyd exists for chronyd_run_as_chrony_user</span>Â 
>        <span class="label label-default">oval:ssg-test_chronyd_run_as_chrony_user_config_file_exists:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Type</th><th>UID</th><th>GID</th><th>Size (B)</th><th>Permissions</th></tr></thead><tbody><tr><td>/etc/sysconfig/chronyd</td><td>regular</td><td>0</td><td>0</td><td>195</td><td><code>rw-r--r--Â </code></td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_sshd_set_keepalive_0" id="rule-detail-id34436"><div class="keywords sr-only">Set SSH Client Alive Count Max to zeroxccdf_org.ssgproject.content_rule_sshd_set_keepalive_0 mediumCCE-83284-0 </div><div class="panel-heading"><h3 class="panel-title">Set SSH Client Alive Count Max to zero</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_sshd_set_keepalive_0</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-sshd_set_keepalive_0:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:07+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
>            <abbr title="https://ncp.nist.gov/cce: CCE-83284-0">CCE-83284-0</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
>            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">18</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.5.6</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.02</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.10</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.10</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.11</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000879</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001133</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002361</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(4)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(b)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(b)(3)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)(2)(ii)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.3.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.5</a>, <a href="https://www.iso.org/standard/54534.html">A.18.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.6.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.6.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.9.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.5</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-004-6 R2.2.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.2</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.3.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.3.2</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.3.3</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-2(5)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-12</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-17(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">SC-10</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-6</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.IP-2</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-8.1.8</a>, <a href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">8.2.8</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000126-GPOS-00066</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000163-GPOS-00072</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000279-GPOS-00109</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">SLES-15-010320</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-234830r622137_rule</a></p></td></tr><tr><td>Description</td><td><div class="description">The SSH server sends at most <code>ClientAliveCountMax</code> messages
>during a SSH session and waits for a response from the SSH client.
>The option <code>ClientAliveInterval</code> configures timeout after
>each <code>ClientAliveCountMax</code> message. If the SSH server does not
>receive a response from the client, then the connection is considered unresponsive
>and terminated.
>
>To ensure the SSH timeout occurs precisely when the
><code>ClientAliveInterval</code> is set, set the <code>ClientAliveCountMax</code> to
>value of <code>0</code> in
>
>
><code>/etc/ssh/sshd_config</code>:</div></td></tr><tr><td>Rationale</td><td><div class="rationale">This ensures a user login will be terminated as soon as the <code>ClientAliveInterval</code>
>is reached.</div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">Verify if Profile set Value sshd_required as not required</span>Â 
>        <span class="label label-default">oval:ssg-test_sshd_not_required:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Var ref</th><th>Value</th></tr></thead><tbody><tr><td>oval:ssg-sshd_required:var:1</td><td>0</td></tr></tbody></table><h4><span class="label label-primary">Verify if Value of sshd_required is the default</span>Â 
>        <span class="label label-default">oval:ssg-test_sshd_requirement_unset:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Var ref</th><th>Value</th></tr></thead><tbody><tr><td>oval:ssg-sshd_required:var:1</td><td>0</td></tr></tbody></table><h4><span class="label label-primary">package openssh is removed</span>Â 
>        <span class="label label-default">oval:ssg-test_package_openssh_removed:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th><th>Arch</th><th>Epoch</th><th>Release</th><th>Version</th><th>Evr</th><th>Signature keyid</th><th>Extended name</th></tr></thead><tbody><tr><td>openssh</td><td>x86_64</td><td>(none)</td><td>150300.3.22.1</td><td>8.4p1</td><td>0:8.4p1-150300.3.22.1</td><td>70af9e8139db7c82</td><td>openssh-0:8.4p1-150300.3.22.1.x86_64</td></tr></tbody></table><h4><span class="label label-primary">Verify if Profile set Value sshd_required as required</span>Â 
>        <span class="label label-default">oval:ssg-test_sshd_required:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Var ref</th><th>Value</th></tr></thead><tbody><tr><td>oval:ssg-sshd_required:var:1</td><td>0</td></tr></tbody></table><h4><span class="label label-primary">Verify if Value of sshd_required is the default</span>Â 
>        <span class="label label-default">oval:ssg-test_sshd_requirement_unset:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Var ref</th><th>Value</th></tr></thead><tbody><tr><td>oval:ssg-sshd_required:var:1</td><td>0</td></tr></tbody></table><h4><span class="label label-primary">package openssh is installed</span>Â 
>        <span class="label label-default">oval:ssg-test_package_openssh_installed:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th><th>Arch</th><th>Epoch</th><th>Release</th><th>Version</th><th>Evr</th><th>Signature keyid</th><th>Extended name</th></tr></thead><tbody><tr><td>openssh</td><td>x86_64</td><td>(none)</td><td>150300.3.22.1</td><td>8.4p1</td><td>0:8.4p1-150300.3.22.1</td><td>70af9e8139db7c82</td><td>openssh-0:8.4p1-150300.3.22.1.x86_64</td></tr></tbody></table><h4><span class="label label-primary">tests the value of ClientAliveCountMax setting in the /etc/ssh/sshd_config file</span>Â 
>        <span class="label label-default">oval:ssg-test_sshd_set_keepalive_0:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/ssh/sshd_config</td><td>ClientAliveCountMax 0</td></tr></tbody></table><h4><span class="label label-primary">Verify that the value of ClientAliveCountMax is present</span>Â 
>        <span class="label label-default">oval:ssg-test_ClientAliveCountMax_present_sshd_set_keepalive_0:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/ssh/sshd_config</td><td>ClientAliveCountMax 0</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_sshd_set_idle_timeout" id="rule-detail-id34437"><div class="keywords sr-only">Set SSH Client Alive Intervalxccdf_org.ssgproject.content_rule_sshd_set_idle_timeout mediumCCE-83281-6 </div><div class="panel-heading"><h3 class="panel-title">Set SSH Client Alive Interval</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_sshd_set_idle_timeout</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-sshd_set_idle_timeout:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:07+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
>            <abbr title="https://ncp.nist.gov/cce: CCE-83281-6">CCE-83281-6</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
>            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R29)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">18</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.5.6</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.02</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.10</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.10</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.11</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000879</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001133</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002361</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.3.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.5</a>, <a href="https://www.iso.org/standard/54534.html">A.18.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.6.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.6.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.9.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.5</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-004-6 R2.2.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.2</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.3.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.3.2</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.3.3</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-17(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-2(5)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-12</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-17(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">SC-10</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-6</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.IP-2</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-8.1.8</a>, <a href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">8.2.8</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000126-GPOS-00066</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000163-GPOS-00072</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000279-GPOS-00109</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000395-GPOS-00175</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">SLES-15-010280</a>, <a href="https://www.cisecurity.org/benchmark/suse_linux/">5.2.16</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-234827r622137_rule</a></p></td></tr><tr><td>Description</td><td><div class="description">SSH allows administrators to set a network responsiveness timeout interval.
>After this interval has passed, the unresponsive client will be automatically logged out.
><br><br>
>To set this timeout interval, edit the following line in <code>/etc/ssh/sshd_config</code> as
>follows:
><pre>ClientAliveInterval <b><abbr title="from TestResult: xccdf_org.ssgproject.content_value_sshd_idle_timeout_value">600</abbr></b></pre>
><br><br>
>The timeout <b>interval</b> is given in seconds. For example, have a timeout
>of 10 minutes, set <b>interval</b> to 600.
><br><br>
>If a shorter timeout has already been set for the login shell, that value will
>preempt any SSH setting made in <code>/etc/ssh/sshd_config</code>. Keep in mind that
>some processes may stop SSH from correctly detecting that the user is idle.</div></td></tr><tr><td>Rationale</td><td><div class="rationale">Terminating an idle ssh session within a short time period reduces the window of
>opportunity for unauthorized personnel to take control of a management session
>enabled on the console or console port that has been let unattended.</div></td></tr><tr><td>Warnings</td><td><div class="panel panel-warning"><div class="panel-heading"><span class="label label-warning">warning</span>Â 
>                                SSH disconnecting unresponsive clients will not have desired effect without also
>configuring ClientAliveCountMax in the SSH service configuration.</div></div><div class="panel panel-warning"><div class="panel-heading"><span class="label label-warning">warning</span>Â 
>                                Following conditions may prevent the SSH session to time out:
><ul><li>Remote processes on the remote machine generates output. As the output has to be transferred over the network to the client, the timeout is reset every time such transfer happens.</li><li>Any <code>scp</code> or <code>sftp</code> activity by the same user to the host resets the timeout.</li></ul></div></div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">Verify if Profile set Value sshd_required as not required</span>Â 
>        <span class="label label-default">oval:ssg-test_sshd_not_required:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Var ref</th><th>Value</th></tr></thead><tbody><tr><td>oval:ssg-sshd_required:var:1</td><td>0</td></tr></tbody></table><h4><span class="label label-primary">Verify if Value of sshd_required is the default</span>Â 
>        <span class="label label-default">oval:ssg-test_sshd_requirement_unset:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Var ref</th><th>Value</th></tr></thead><tbody><tr><td>oval:ssg-sshd_required:var:1</td><td>0</td></tr></tbody></table><h4><span class="label label-primary">package openssh is removed</span>Â 
>        <span class="label label-default">oval:ssg-test_package_openssh_removed:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th><th>Arch</th><th>Epoch</th><th>Release</th><th>Version</th><th>Evr</th><th>Signature keyid</th><th>Extended name</th></tr></thead><tbody><tr><td>openssh</td><td>x86_64</td><td>(none)</td><td>150300.3.22.1</td><td>8.4p1</td><td>0:8.4p1-150300.3.22.1</td><td>70af9e8139db7c82</td><td>openssh-0:8.4p1-150300.3.22.1.x86_64</td></tr></tbody></table><h4><span class="label label-primary">Verify if Profile set Value sshd_required as required</span>Â 
>        <span class="label label-default">oval:ssg-test_sshd_required:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Var ref</th><th>Value</th></tr></thead><tbody><tr><td>oval:ssg-sshd_required:var:1</td><td>0</td></tr></tbody></table><h4><span class="label label-primary">Verify if Value of sshd_required is the default</span>Â 
>        <span class="label label-default">oval:ssg-test_sshd_requirement_unset:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Var ref</th><th>Value</th></tr></thead><tbody><tr><td>oval:ssg-sshd_required:var:1</td><td>0</td></tr></tbody></table><h4><span class="label label-primary">package openssh is installed</span>Â 
>        <span class="label label-default">oval:ssg-test_package_openssh_installed:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th><th>Arch</th><th>Epoch</th><th>Release</th><th>Version</th><th>Evr</th><th>Signature keyid</th><th>Extended name</th></tr></thead><tbody><tr><td>openssh</td><td>x86_64</td><td>(none)</td><td>150300.3.22.1</td><td>8.4p1</td><td>0:8.4p1-150300.3.22.1</td><td>70af9e8139db7c82</td><td>openssh-0:8.4p1-150300.3.22.1.x86_64</td></tr></tbody></table><h4><span class="label label-primary">timeout is configured</span>Â 
>        <span class="label label-default">oval:ssg-test_sshd_idle_timeout:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/ssh/sshd_config</td><td>ClientAliveInterval 600</td></tr></tbody></table><h4><span class="label label-primary">Verify if Profile set Value sshd_required as not required</span>Â 
>        <span class="label label-default">oval:ssg-test_sshd_not_required:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Var ref</th><th>Value</th></tr></thead><tbody><tr><td>oval:ssg-sshd_required:var:1</td><td>0</td></tr></tbody></table><h4><span class="label label-primary">Verify if Value of sshd_required is the default</span>Â 
>        <span class="label label-default">oval:ssg-test_sshd_requirement_unset:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Var ref</th><th>Value</th></tr></thead><tbody><tr><td>oval:ssg-sshd_required:var:1</td><td>0</td></tr></tbody></table><h4><span class="label label-primary">package openssh is removed</span>Â 
>        <span class="label label-default">oval:ssg-test_package_openssh_removed:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th><th>Arch</th><th>Epoch</th><th>Release</th><th>Version</th><th>Evr</th><th>Signature keyid</th><th>Extended name</th></tr></thead><tbody><tr><td>openssh</td><td>x86_64</td><td>(none)</td><td>150300.3.22.1</td><td>8.4p1</td><td>0:8.4p1-150300.3.22.1</td><td>70af9e8139db7c82</td><td>openssh-0:8.4p1-150300.3.22.1.x86_64</td></tr></tbody></table><h4><span class="label label-primary">Verify if Profile set Value sshd_required as required</span>Â 
>        <span class="label label-default">oval:ssg-test_sshd_required:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Var ref</th><th>Value</th></tr></thead><tbody><tr><td>oval:ssg-sshd_required:var:1</td><td>0</td></tr></tbody></table><h4><span class="label label-primary">Verify if Value of sshd_required is the default</span>Â 
>        <span class="label label-default">oval:ssg-test_sshd_requirement_unset:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Var ref</th><th>Value</th></tr></thead><tbody><tr><td>oval:ssg-sshd_required:var:1</td><td>0</td></tr></tbody></table><h4><span class="label label-primary">package openssh is installed</span>Â 
>        <span class="label label-default">oval:ssg-test_package_openssh_installed:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th><th>Arch</th><th>Epoch</th><th>Release</th><th>Version</th><th>Evr</th><th>Signature keyid</th><th>Extended name</th></tr></thead><tbody><tr><td>openssh</td><td>x86_64</td><td>(none)</td><td>150300.3.22.1</td><td>8.4p1</td><td>0:8.4p1-150300.3.22.1</td><td>70af9e8139db7c82</td><td>openssh-0:8.4p1-150300.3.22.1.x86_64</td></tr></tbody></table><h4><span class="label label-primary">Check the value of ClientAliveCountMax setting in the /etc/ssh/sshd_config file</span>Â 
>        <span class="label label-default">oval:ssg-test_sshd_set_keepalive_clientalivecountmax:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/ssh/sshd_config</td><td>ClientAliveCountMax 0</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-fail rule-detail-id-xccdf_org.ssgproject.content_rule_sshd_disable_root_login" id="rule-detail-id34438"><div class="keywords sr-only">Disable SSH Root Loginxccdf_org.ssgproject.content_rule_sshd_disable_root_login mediumCCE-85557-7 </div><div class="panel-heading"><h3 class="panel-title">Disable SSH Root Login</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_sshd_disable_root_login</td></tr><tr><td>Result</td><td class="rule-result rule-result-fail"><div><abbr title="The target system or system component did not satisfy at least one condition of the rule.">fail</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-sshd_disable_root_login:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:07+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
>            <abbr title="https://ncp.nist.gov/cce: CCE-85557-7">CCE-85557-7</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
>            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R19)</a>, <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">NT007(R21)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">18</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.5.6</a>, <a href="https://www.isaca.org/resources/cobit">APO01.06</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.10</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.06</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.10</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.5</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000770</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(4)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(b)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(b)(3)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)(2)(ii)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.iso.org/standard/54534.html">A.10.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.18.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.6.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.9.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.5</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-003-8 R5.1.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-003-8 R5.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-004-6 R2.2.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-004-6 R2.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R2.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R2.2</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R2.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.1.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.1.2</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.2</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.3.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.3.2</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.3.3</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(2)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-17(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-2(5)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-7(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-7(b)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-6</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.DS-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-3</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-2.2.4</a>, <a href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">2.2.6</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000109-GPOS-00056</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=application-servers">SRG-APP-000148-CTR-000335</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=application-servers">SRG-APP-000190-CTR-000500</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">SLES-15-020040</a>, <a href="https://www.cisecurity.org/benchmark/suse_linux/">5.2.10</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-234870r622137_rule</a></p></td></tr><tr><td>Description</td><td><div class="description">The root user should never be allowed to login to a
>system directly over a network.
>To disable root login via SSH, add or correct the following line in
>
>
><code>/etc/ssh/sshd_config</code>:
>
><pre>PermitRootLogin no</pre></div></td></tr><tr><td>Rationale</td><td><div class="rationale">Even though the communications channel may be encrypted, an additional layer of
>security is gained by extending the policy of not logging directly on as root.
>In addition, logging in with a user-specific account provides individual
>accountability of actions performed on the system and also helps to minimize
>direct attack attempts on root's password.</div></td></tr><tr class="noprint"><td colspan="2"><div class="remediation"><a class="btn btn-success" data-toggle="collapse" data-target="#id34457" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet â²</a><br><div class="panel-collapse collapse" id="id34457"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Reboot:</th><td>false</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>- name: Disable SSH Root Login
>  block:
>
>  - name: Check for duplicate values
>    lineinfile:
>      path: /etc/ssh/sshd_config
>      create: false
>      regexp: (?i)^\s*PermitRootLogin\s+
>      state: absent
>    check_mode: true
>    changed_when: false
>    register: dupes
>
>  - name: Deduplicate values from /etc/ssh/sshd_config
>    lineinfile:
>      path: /etc/ssh/sshd_config
>      create: false
>      regexp: (?i)^\s*PermitRootLogin\s+
>      state: absent
>    when: dupes.found is defined and dupes.found &gt; 1
>
>  - name: Insert correct line to /etc/ssh/sshd_config
>    lineinfile:
>      path: /etc/ssh/sshd_config
>      create: true
>      regexp: (?i)^\s*PermitRootLogin\s+
>      line: PermitRootLogin no
>      state: present
>      insertbefore: ^[#\s]*Match
>      validate: /usr/sbin/sshd -t -f %s
>  when: ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
>  tags:
>  - CCE-85557-7
>  - CJIS-5.5.6
>  - DISA-STIG-SLES-15-020040
>  - NIST-800-171-3.1.1
>  - NIST-800-171-3.1.5
>  - NIST-800-53-AC-17(a)
>  - NIST-800-53-AC-6(2)
>  - NIST-800-53-CM-6(a)
>  - NIST-800-53-CM-7(a)
>  - NIST-800-53-CM-7(b)
>  - NIST-800-53-IA-2
>  - NIST-800-53-IA-2(5)
>  - PCI-DSS-Req-2.2.4
>  - PCI-DSSv4-2.2.6
>  - low_complexity
>  - low_disruption
>  - medium_severity
>  - no_reboot_needed
>  - restrict_strategy
>  - sshd_disable_root_login
></code></pre></div></div></td></tr><tr class="noprint"><td colspan="2"><div class="remediation"><a class="btn btn-success" data-toggle="collapse" data-target="#id34458" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script â²</a><br><div class="panel-collapse collapse" id="id34458"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Reboot:</th><td>false</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code># Remediation is applicable only in certain platforms
>if [ ! -f /.dockerenv ] &amp;&amp; [ ! -f /run/.containerenv ]; then
>
>if [ -e "/etc/ssh/sshd_config" ] ; then
>    
>    LC_ALL=C sed -i "/^\s*PermitRootLogin\s\+/Id" "/etc/ssh/sshd_config"
>else
>    touch "/etc/ssh/sshd_config"
>fi
># make sure file has newline at the end
>sed -i -e '$a\' "/etc/ssh/sshd_config"
>
>cp "/etc/ssh/sshd_config" "/etc/ssh/sshd_config.bak"
># Insert before the line matching the regex '^Match'.
>line_number="$(LC_ALL=C grep -n "^Match" "/etc/ssh/sshd_config.bak" | LC_ALL=C sed 's/:.*//g')"
>if [ -z "$line_number" ]; then
>    # There was no match of '^Match', insert at
>    # the end of the file.
>    printf '%s\n' "PermitRootLogin no" &gt;&gt; "/etc/ssh/sshd_config"
>else
>    head -n "$(( line_number - 1 ))" "/etc/ssh/sshd_config.bak" &gt; "/etc/ssh/sshd_config"
>    printf '%s\n' "PermitRootLogin no" &gt;&gt; "/etc/ssh/sshd_config"
>    tail -n "+$(( line_number ))" "/etc/ssh/sshd_config.bak" &gt;&gt; "/etc/ssh/sshd_config"
>fi
># Clean up after ourselves.
>rm "/etc/ssh/sshd_config.bak"
>
>else
>    &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
>fi
></code></pre></div></div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">Verify if Profile set Value sshd_required as not required</span>Â 
>        <span class="label label-default">oval:ssg-test_sshd_not_required:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Var ref</th><th>Value</th></tr></thead><tbody><tr><td>oval:ssg-sshd_required:var:1</td><td>0</td></tr></tbody></table><h4><span class="label label-primary">Verify if Value of sshd_required is the default</span>Â 
>        <span class="label label-default">oval:ssg-test_sshd_requirement_unset:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Var ref</th><th>Value</th></tr></thead><tbody><tr><td>oval:ssg-sshd_required:var:1</td><td>0</td></tr></tbody></table><h4><span class="label label-primary">package openssh is removed</span>Â 
>        <span class="label label-default">oval:ssg-test_package_openssh_removed:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th><th>Arch</th><th>Epoch</th><th>Release</th><th>Version</th><th>Evr</th><th>Signature keyid</th><th>Extended name</th></tr></thead><tbody><tr><td>openssh</td><td>x86_64</td><td>(none)</td><td>150300.3.22.1</td><td>8.4p1</td><td>0:8.4p1-150300.3.22.1</td><td>70af9e8139db7c82</td><td>openssh-0:8.4p1-150300.3.22.1.x86_64</td></tr></tbody></table><h4><span class="label label-primary">Verify if Profile set Value sshd_required as required</span>Â 
>        <span class="label label-default">oval:ssg-test_sshd_required:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Var ref</th><th>Value</th></tr></thead><tbody><tr><td>oval:ssg-sshd_required:var:1</td><td>0</td></tr></tbody></table><h4><span class="label label-primary">Verify if Value of sshd_required is the default</span>Â 
>        <span class="label label-default">oval:ssg-test_sshd_requirement_unset:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Var ref</th><th>Value</th></tr></thead><tbody><tr><td>oval:ssg-sshd_required:var:1</td><td>0</td></tr></tbody></table><h4><span class="label label-primary">package openssh is installed</span>Â 
>        <span class="label label-default">oval:ssg-test_package_openssh_installed:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th><th>Arch</th><th>Epoch</th><th>Release</th><th>Version</th><th>Evr</th><th>Signature keyid</th><th>Extended name</th></tr></thead><tbody><tr><td>openssh</td><td>x86_64</td><td>(none)</td><td>150300.3.22.1</td><td>8.4p1</td><td>0:8.4p1-150300.3.22.1</td><td>70af9e8139db7c82</td><td>openssh-0:8.4p1-150300.3.22.1.x86_64</td></tr></tbody></table><h4><span class="label label-primary">tests the value of PermitRootLogin setting in the /etc/ssh/sshd_config file</span>Â 
>        <span class="label label-default">oval:ssg-test_sshd_disable_root_login:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/ssh/sshd_config</td><td>PermitRootLogin prohibit-password</td></tr></tbody></table><h4><span class="label label-primary">Verify that the value of PermitRootLogin is present</span>Â 
>        <span class="label label-default">oval:ssg-test_PermitRootLogin_present_sshd_disable_root_login:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/ssh/sshd_config</td><td>PermitRootLogin prohibit-password</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-fail rule-detail-id-xccdf_org.ssgproject.content_rule_sshd_disable_tcp_forwarding" id="rule-detail-id34439"><div class="keywords sr-only">Disable SSH TCP Forwardingxccdf_org.ssgproject.content_rule_sshd_disable_tcp_forwarding mediumCCE-91334-3 </div><div class="panel-heading"><h3 class="panel-title">Disable SSH TCP Forwarding</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_sshd_disable_tcp_forwarding</td></tr><tr><td>Result</td><td class="rule-result rule-result-fail"><div><abbr title="The target system or system component did not satisfy at least one condition of the rule.">fail</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-sshd_disable_tcp_forwarding:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:07+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
>            <abbr title="https://ncp.nist.gov/cce: CCE-91334-3">CCE-91334-3</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
>            <a href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">2.2.6</a>, <a href="https://www.cisecurity.org/benchmark/suse_linux/">5.2.20</a></p></td></tr><tr><td>Description</td><td><div class="description">The <code>AllowTcpForwarding</code> parameter specifies whether TCP forwarding is permitted.
>To disable TCP forwarding, add or correct the following line in
>
>
><code>/etc/ssh/sshd_config</code>:
>
><pre>AllowTcpForwarding no</pre></div></td></tr><tr><td>Rationale</td><td><div class="rationale">Leaving port forwarding enabled can expose the organization to security risks and back-doors.</div></td></tr><tr class="noprint"><td colspan="2"><div class="remediation"><a class="btn btn-success" data-toggle="collapse" data-target="#id34459" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet â²</a><br><div class="panel-collapse collapse" id="id34459"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Reboot:</th><td>false</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>- name: Disable SSH TCP Forwarding
>  block:
>
>  - name: Check for duplicate values
>    lineinfile:
>      path: /etc/ssh/sshd_config
>      create: false
>      regexp: (?i)^\s*AllowTcpForwarding\s+
>      state: absent
>    check_mode: true
>    changed_when: false
>    register: dupes
>
>  - name: Deduplicate values from /etc/ssh/sshd_config
>    lineinfile:
>      path: /etc/ssh/sshd_config
>      create: false
>      regexp: (?i)^\s*AllowTcpForwarding\s+
>      state: absent
>    when: dupes.found is defined and dupes.found &gt; 1
>
>  - name: Insert correct line to /etc/ssh/sshd_config
>    lineinfile:
>      path: /etc/ssh/sshd_config
>      create: true
>      regexp: (?i)^\s*AllowTcpForwarding\s+
>      line: AllowTcpForwarding no
>      state: present
>      insertbefore: ^[#\s]*Match
>      validate: /usr/sbin/sshd -t -f %s
>  when: ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
>  tags:
>  - CCE-91334-3
>  - PCI-DSSv4-2.2.6
>  - low_complexity
>  - low_disruption
>  - medium_severity
>  - no_reboot_needed
>  - restrict_strategy
>  - sshd_disable_tcp_forwarding
></code></pre></div></div></td></tr><tr class="noprint"><td colspan="2"><div class="remediation"><a class="btn btn-success" data-toggle="collapse" data-target="#id34460" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script â²</a><br><div class="panel-collapse collapse" id="id34460"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Reboot:</th><td>false</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code># Remediation is applicable only in certain platforms
>if [ ! -f /.dockerenv ] &amp;&amp; [ ! -f /run/.containerenv ]; then
>
>if [ -e "/etc/ssh/sshd_config" ] ; then
>    
>    LC_ALL=C sed -i "/^\s*AllowTcpForwarding\s\+/Id" "/etc/ssh/sshd_config"
>else
>    touch "/etc/ssh/sshd_config"
>fi
># make sure file has newline at the end
>sed -i -e '$a\' "/etc/ssh/sshd_config"
>
>cp "/etc/ssh/sshd_config" "/etc/ssh/sshd_config.bak"
># Insert before the line matching the regex '^Match'.
>line_number="$(LC_ALL=C grep -n "^Match" "/etc/ssh/sshd_config.bak" | LC_ALL=C sed 's/:.*//g')"
>if [ -z "$line_number" ]; then
>    # There was no match of '^Match', insert at
>    # the end of the file.
>    printf '%s\n' "AllowTcpForwarding no" &gt;&gt; "/etc/ssh/sshd_config"
>else
>    head -n "$(( line_number - 1 ))" "/etc/ssh/sshd_config.bak" &gt; "/etc/ssh/sshd_config"
>    printf '%s\n' "AllowTcpForwarding no" &gt;&gt; "/etc/ssh/sshd_config"
>    tail -n "+$(( line_number ))" "/etc/ssh/sshd_config.bak" &gt;&gt; "/etc/ssh/sshd_config"
>fi
># Clean up after ourselves.
>rm "/etc/ssh/sshd_config.bak"
>
>else
>    &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
>fi
></code></pre></div></div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">Verify if Profile set Value sshd_required as not required</span>Â 
>        <span class="label label-default">oval:ssg-test_sshd_not_required:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Var ref</th><th>Value</th></tr></thead><tbody><tr><td>oval:ssg-sshd_required:var:1</td><td>0</td></tr></tbody></table><h4><span class="label label-primary">Verify if Value of sshd_required is the default</span>Â 
>        <span class="label label-default">oval:ssg-test_sshd_requirement_unset:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Var ref</th><th>Value</th></tr></thead><tbody><tr><td>oval:ssg-sshd_required:var:1</td><td>0</td></tr></tbody></table><h4><span class="label label-primary">package openssh is removed</span>Â 
>        <span class="label label-default">oval:ssg-test_package_openssh_removed:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th><th>Arch</th><th>Epoch</th><th>Release</th><th>Version</th><th>Evr</th><th>Signature keyid</th><th>Extended name</th></tr></thead><tbody><tr><td>openssh</td><td>x86_64</td><td>(none)</td><td>150300.3.22.1</td><td>8.4p1</td><td>0:8.4p1-150300.3.22.1</td><td>70af9e8139db7c82</td><td>openssh-0:8.4p1-150300.3.22.1.x86_64</td></tr></tbody></table><h4><span class="label label-primary">Verify if Profile set Value sshd_required as required</span>Â 
>        <span class="label label-default">oval:ssg-test_sshd_required:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Var ref</th><th>Value</th></tr></thead><tbody><tr><td>oval:ssg-sshd_required:var:1</td><td>0</td></tr></tbody></table><h4><span class="label label-primary">Verify if Value of sshd_required is the default</span>Â 
>        <span class="label label-default">oval:ssg-test_sshd_requirement_unset:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Var ref</th><th>Value</th></tr></thead><tbody><tr><td>oval:ssg-sshd_required:var:1</td><td>0</td></tr></tbody></table><h4><span class="label label-primary">package openssh is installed</span>Â 
>        <span class="label label-default">oval:ssg-test_package_openssh_installed:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th><th>Arch</th><th>Epoch</th><th>Release</th><th>Version</th><th>Evr</th><th>Signature keyid</th><th>Extended name</th></tr></thead><tbody><tr><td>openssh</td><td>x86_64</td><td>(none)</td><td>150300.3.22.1</td><td>8.4p1</td><td>0:8.4p1-150300.3.22.1</td><td>70af9e8139db7c82</td><td>openssh-0:8.4p1-150300.3.22.1.x86_64</td></tr></tbody></table><h4><span class="label label-primary">tests the value of AllowTcpForwarding setting in the /etc/ssh/sshd_config file</span>Â 
>        <span class="label label-default">oval:ssg-test_sshd_disable_tcp_forwarding:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/ssh/sshd_config</td><td>AllowTcpForwarding yes</td></tr></tbody></table><h4><span class="label label-primary">Verify that the value of AllowTcpForwarding is present</span>Â 
>        <span class="label label-default">oval:ssg-test_AllowTcpForwarding_present_sshd_disable_tcp_forwarding:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/ssh/sshd_config</td><td>AllowTcpForwarding yes</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_sshd_disable_user_known_hosts" id="rule-detail-id34440"><div class="keywords sr-only">Disable SSH Support for User Known Hostsxccdf_org.ssgproject.content_rule_sshd_disable_user_known_hosts mediumCCE-85642-7 </div><div class="panel-heading"><h3 class="panel-title">Disable SSH Support for User Known Hosts</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_sshd_disable_user_known_hosts</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-sshd_disable_user_known_hosts:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:07+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
>            <abbr title="https://ncp.nist.gov/cce: CCE-85642-7">CCE-85642-7</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
>            <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.02</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.03</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.05</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.12</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(4)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(b)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(b)(3)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)(2)(ii)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.3.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.3.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.5.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.6.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.4</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-17(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-7(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-7(b)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.IP-1</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FIA_UAU.1</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">SLES-15-040230</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-235007r622137_rule</a></p></td></tr><tr><td>Description</td><td><div class="description">SSH can allow system users to connect to systems if a cache of the remote
>systems public keys is available.  This should be disabled.
><br><br>
>To ensure this behavior is disabled, add or correct the following line in
>
>
><code>/etc/ssh/sshd_config</code>:
>
><pre>IgnoreUserKnownHosts yes</pre></div></td></tr><tr><td>Rationale</td><td><div class="rationale">Configuring this setting for the SSH daemon provides additional
>assurance that remote login via SSH will require a password, even
>in the event of misconfiguration elsewhere.</div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">Verify if Profile set Value sshd_required as not required</span>Â 
>        <span class="label label-default">oval:ssg-test_sshd_not_required:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Var ref</th><th>Value</th></tr></thead><tbody><tr><td>oval:ssg-sshd_required:var:1</td><td>0</td></tr></tbody></table><h4><span class="label label-primary">Verify if Value of sshd_required is the default</span>Â 
>        <span class="label label-default">oval:ssg-test_sshd_requirement_unset:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Var ref</th><th>Value</th></tr></thead><tbody><tr><td>oval:ssg-sshd_required:var:1</td><td>0</td></tr></tbody></table><h4><span class="label label-primary">package openssh is removed</span>Â 
>        <span class="label label-default">oval:ssg-test_package_openssh_removed:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th><th>Arch</th><th>Epoch</th><th>Release</th><th>Version</th><th>Evr</th><th>Signature keyid</th><th>Extended name</th></tr></thead><tbody><tr><td>openssh</td><td>x86_64</td><td>(none)</td><td>150300.3.22.1</td><td>8.4p1</td><td>0:8.4p1-150300.3.22.1</td><td>70af9e8139db7c82</td><td>openssh-0:8.4p1-150300.3.22.1.x86_64</td></tr></tbody></table><h4><span class="label label-primary">Verify if Profile set Value sshd_required as required</span>Â 
>        <span class="label label-default">oval:ssg-test_sshd_required:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Var ref</th><th>Value</th></tr></thead><tbody><tr><td>oval:ssg-sshd_required:var:1</td><td>0</td></tr></tbody></table><h4><span class="label label-primary">Verify if Value of sshd_required is the default</span>Â 
>        <span class="label label-default">oval:ssg-test_sshd_requirement_unset:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Var ref</th><th>Value</th></tr></thead><tbody><tr><td>oval:ssg-sshd_required:var:1</td><td>0</td></tr></tbody></table><h4><span class="label label-primary">package openssh is installed</span>Â 
>        <span class="label label-default">oval:ssg-test_package_openssh_installed:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th><th>Arch</th><th>Epoch</th><th>Release</th><th>Version</th><th>Evr</th><th>Signature keyid</th><th>Extended name</th></tr></thead><tbody><tr><td>openssh</td><td>x86_64</td><td>(none)</td><td>150300.3.22.1</td><td>8.4p1</td><td>0:8.4p1-150300.3.22.1</td><td>70af9e8139db7c82</td><td>openssh-0:8.4p1-150300.3.22.1.x86_64</td></tr></tbody></table><h4><span class="label label-primary">tests the value of IgnoreUserKnownHosts setting in the /etc/ssh/sshd_config file</span>Â 
>        <span class="label label-default">oval:ssg-test_sshd_disable_user_known_hosts:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/ssh/sshd_config</td><td>IgnoreUserKnownHosts yes</td></tr></tbody></table><h4><span class="label label-primary">Verify that the value of IgnoreUserKnownHosts is present</span>Â 
>        <span class="label label-default">oval:ssg-test_IgnoreUserKnownHosts_present_sshd_disable_user_known_hosts:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/ssh/sshd_config</td><td>IgnoreUserKnownHosts yes</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_sshd_disable_x11_forwarding" id="rule-detail-id34441"><div class="keywords sr-only">Disable X11 Forwardingxccdf_org.ssgproject.content_rule_sshd_disable_x11_forwarding mediumCCE-85707-8 </div><div class="panel-heading"><h3 class="panel-title">Disable X11 Forwarding</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_sshd_disable_x11_forwarding</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-sshd_disable_x11_forwarding:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:07+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
>            <abbr title="https://ncp.nist.gov/cce: CCE-85707-8">CCE-85707-8</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
>            <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6.1(iv)</a>, <a href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">2.2.4</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">SLES-15-040290</a>, <a href="https://www.cisecurity.org/benchmark/suse_linux/">5.2.6</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-235013r622137_rule</a></p></td></tr><tr><td>Description</td><td><div class="description">The X11Forwarding parameter provides the ability to tunnel X11 traffic
>through the connection to enable remote graphic connections.
>SSH has the capability to encrypt remote X11 connections when SSH's
><code>X11Forwarding</code> option is enabled.
><br>
>The default SSH configuration disables X11Forwarding. The appropriate
>configuration is used if no value is set for <code>X11Forwarding</code>.
><br>
>To explicitly disable X11 Forwarding, add or correct the following line in
>
>
><code>/etc/ssh/sshd_config</code>:
>
><pre>X11Forwarding no</pre></div></td></tr><tr><td>Rationale</td><td><div class="rationale">Disable X11 forwarding unless there is an operational requirement to use X11
>applications directly. There is a small risk that the remote X11 servers of
>users who are logged in via SSH with X11 forwarding could be compromised by
>other users on the X11 server. Note that even if X11 forwarding is disabled,
>users can always install their own forwarders.</div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">Verify if Profile set Value sshd_required as not required</span>Â 
>        <span class="label label-default">oval:ssg-test_sshd_not_required:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Var ref</th><th>Value</th></tr></thead><tbody><tr><td>oval:ssg-sshd_required:var:1</td><td>0</td></tr></tbody></table><h4><span class="label label-primary">Verify if Value of sshd_required is the default</span>Â 
>        <span class="label label-default">oval:ssg-test_sshd_requirement_unset:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Var ref</th><th>Value</th></tr></thead><tbody><tr><td>oval:ssg-sshd_required:var:1</td><td>0</td></tr></tbody></table><h4><span class="label label-primary">package openssh is removed</span>Â 
>        <span class="label label-default">oval:ssg-test_package_openssh_removed:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th><th>Arch</th><th>Epoch</th><th>Release</th><th>Version</th><th>Evr</th><th>Signature keyid</th><th>Extended name</th></tr></thead><tbody><tr><td>openssh</td><td>x86_64</td><td>(none)</td><td>150300.3.22.1</td><td>8.4p1</td><td>0:8.4p1-150300.3.22.1</td><td>70af9e8139db7c82</td><td>openssh-0:8.4p1-150300.3.22.1.x86_64</td></tr></tbody></table><h4><span class="label label-primary">Verify if Profile set Value sshd_required as required</span>Â 
>        <span class="label label-default">oval:ssg-test_sshd_required:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Var ref</th><th>Value</th></tr></thead><tbody><tr><td>oval:ssg-sshd_required:var:1</td><td>0</td></tr></tbody></table><h4><span class="label label-primary">Verify if Value of sshd_required is the default</span>Â 
>        <span class="label label-default">oval:ssg-test_sshd_requirement_unset:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Var ref</th><th>Value</th></tr></thead><tbody><tr><td>oval:ssg-sshd_required:var:1</td><td>0</td></tr></tbody></table><h4><span class="label label-primary">package openssh is installed</span>Â 
>        <span class="label label-default">oval:ssg-test_package_openssh_installed:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th><th>Arch</th><th>Epoch</th><th>Release</th><th>Version</th><th>Evr</th><th>Signature keyid</th><th>Extended name</th></tr></thead><tbody><tr><td>openssh</td><td>x86_64</td><td>(none)</td><td>150300.3.22.1</td><td>8.4p1</td><td>0:8.4p1-150300.3.22.1</td><td>70af9e8139db7c82</td><td>openssh-0:8.4p1-150300.3.22.1.x86_64</td></tr></tbody></table><h4><span class="label label-primary">tests the value of X11Forwarding setting in the /etc/ssh/sshd_config file</span>Â 
>        <span class="label label-default">oval:ssg-test_sshd_disable_x11_forwarding:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/ssh/sshd_config</td><td>X11Forwarding no</td></tr></tbody></table><h4><span class="label label-primary">Verify that the value of X11Forwarding is present</span>Â 
>        <span class="label label-default">oval:ssg-test_X11Forwarding_present_sshd_disable_x11_forwarding:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/ssh/sshd_config</td><td>X11Forwarding no</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_sshd_enable_warning_banner" id="rule-detail-id34442"><div class="keywords sr-only">Enable SSH Warning Bannerxccdf_org.ssgproject.content_rule_sshd_enable_warning_banner mediumCCE-83263-4 </div><div class="panel-heading"><h3 class="panel-title">Enable SSH Warning Banner</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_sshd_enable_warning_banner</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-sshd_enable_warning_banner:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:07+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
>            <abbr title="https://ncp.nist.gov/cce: CCE-83263-4">CCE-83263-4</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
>            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.5.6</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.10</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.10</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.9</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000048</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000050</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001384</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001385</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001386</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001387</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001388</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(4)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(b)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(b)(3)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)(2)(ii)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.9</a>, <a href="https://www.iso.org/standard/54534.html">A.18.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.3</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-8(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-8(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-17(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-7</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FTA_TAB.1</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-2.2.4</a>, <a href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">2.2.6</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000023-GPOS-00006</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000228-GPOS-00088</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">SLES-15-010040</a>, <a href="https://www.cisecurity.org/benchmark/suse_linux/">5.2.18</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-234805r622137_rule</a></p></td></tr><tr><td>Description</td><td><div class="description">To enable the warning banner and ensure it is consistent
>across the system, add or correct the following line in
>
>
><code>/etc/ssh/sshd_config</code>:
>
><pre>Banner /etc/issue</pre>
>Another section contains information on how to create an
>appropriate system-wide warning banner.</div></td></tr><tr><td>Rationale</td><td><div class="rationale">The warning message reinforces policy awareness during the logon process and
>facilitates possible legal action against attackers. Alternatively, systems
>whose ownership should not be obvious should ensure usage of a banner that does
>not provide easy attribution.</div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">Verify if Profile set Value sshd_required as not required</span>Â 
>        <span class="label label-default">oval:ssg-test_sshd_not_required:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Var ref</th><th>Value</th></tr></thead><tbody><tr><td>oval:ssg-sshd_required:var:1</td><td>0</td></tr></tbody></table><h4><span class="label label-primary">Verify if Value of sshd_required is the default</span>Â 
>        <span class="label label-default">oval:ssg-test_sshd_requirement_unset:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Var ref</th><th>Value</th></tr></thead><tbody><tr><td>oval:ssg-sshd_required:var:1</td><td>0</td></tr></tbody></table><h4><span class="label label-primary">package openssh is removed</span>Â 
>        <span class="label label-default">oval:ssg-test_package_openssh_removed:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th><th>Arch</th><th>Epoch</th><th>Release</th><th>Version</th><th>Evr</th><th>Signature keyid</th><th>Extended name</th></tr></thead><tbody><tr><td>openssh</td><td>x86_64</td><td>(none)</td><td>150300.3.22.1</td><td>8.4p1</td><td>0:8.4p1-150300.3.22.1</td><td>70af9e8139db7c82</td><td>openssh-0:8.4p1-150300.3.22.1.x86_64</td></tr></tbody></table><h4><span class="label label-primary">Verify if Profile set Value sshd_required as required</span>Â 
>        <span class="label label-default">oval:ssg-test_sshd_required:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Var ref</th><th>Value</th></tr></thead><tbody><tr><td>oval:ssg-sshd_required:var:1</td><td>0</td></tr></tbody></table><h4><span class="label label-primary">Verify if Value of sshd_required is the default</span>Â 
>        <span class="label label-default">oval:ssg-test_sshd_requirement_unset:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Var ref</th><th>Value</th></tr></thead><tbody><tr><td>oval:ssg-sshd_required:var:1</td><td>0</td></tr></tbody></table><h4><span class="label label-primary">package openssh is installed</span>Â 
>        <span class="label label-default">oval:ssg-test_package_openssh_installed:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th><th>Arch</th><th>Epoch</th><th>Release</th><th>Version</th><th>Evr</th><th>Signature keyid</th><th>Extended name</th></tr></thead><tbody><tr><td>openssh</td><td>x86_64</td><td>(none)</td><td>150300.3.22.1</td><td>8.4p1</td><td>0:8.4p1-150300.3.22.1</td><td>70af9e8139db7c82</td><td>openssh-0:8.4p1-150300.3.22.1.x86_64</td></tr></tbody></table><h4><span class="label label-primary">tests the value of Banner setting in the /etc/ssh/sshd_config file</span>Â 
>        <span class="label label-default">oval:ssg-test_sshd_enable_warning_banner:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/ssh/sshd_config</td><td>Banner /etc/issue</td></tr></tbody></table><h4><span class="label label-primary">Verify that the value of Banner is present</span>Â 
>        <span class="label label-default">oval:ssg-test_Banner_present_sshd_enable_warning_banner:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/ssh/sshd_config</td><td>Banner /etc/issue</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_sshd_set_login_grace_time" id="rule-detail-id34443"><div class="keywords sr-only">Ensure SSH LoginGraceTime is configuredxccdf_org.ssgproject.content_rule_sshd_set_login_grace_time mediumCCE-91397-0 </div><div class="panel-heading"><h3 class="panel-title">Ensure SSH LoginGraceTime is configured</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_sshd_set_login_grace_time</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-sshd_set_login_grace_time:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:07+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
>            <abbr title="https://ncp.nist.gov/cce: CCE-91397-0">CCE-91397-0</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
>            <a href="https://www.cisecurity.org/benchmark/suse_linux/">5.2.17</a></p></td></tr><tr><td>Description</td><td><div class="description">The <code>LoginGraceTime</code> parameter to the SSH server specifies the time allowed for successful authentication to
>the SSH server. The longer the Grace period is the more open unauthenticated connections
>can exist. Like other session controls in this session the Grace Period should be limited to
>appropriate limits to ensure the service is available for needed access.</div></td></tr><tr><td>Rationale</td><td><div class="rationale">Setting the <code>LoginGraceTime</code> parameter to a low number will minimize the risk of successful
>brute force attacks to the SSH server. It will also limit the number of concurrent
>unauthenticated connections.</div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">Verify if Profile set Value sshd_required as not required</span>Â 
>        <span class="label label-default">oval:ssg-test_sshd_not_required:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Var ref</th><th>Value</th></tr></thead><tbody><tr><td>oval:ssg-sshd_required:var:1</td><td>0</td></tr></tbody></table><h4><span class="label label-primary">Verify if Value of sshd_required is the default</span>Â 
>        <span class="label label-default">oval:ssg-test_sshd_requirement_unset:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Var ref</th><th>Value</th></tr></thead><tbody><tr><td>oval:ssg-sshd_required:var:1</td><td>0</td></tr></tbody></table><h4><span class="label label-primary">package openssh is removed</span>Â 
>        <span class="label label-default">oval:ssg-test_package_openssh_removed:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th><th>Arch</th><th>Epoch</th><th>Release</th><th>Version</th><th>Evr</th><th>Signature keyid</th><th>Extended name</th></tr></thead><tbody><tr><td>openssh</td><td>x86_64</td><td>(none)</td><td>150300.3.22.1</td><td>8.4p1</td><td>0:8.4p1-150300.3.22.1</td><td>70af9e8139db7c82</td><td>openssh-0:8.4p1-150300.3.22.1.x86_64</td></tr></tbody></table><h4><span class="label label-primary">Verify if Profile set Value sshd_required as required</span>Â 
>        <span class="label label-default">oval:ssg-test_sshd_required:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Var ref</th><th>Value</th></tr></thead><tbody><tr><td>oval:ssg-sshd_required:var:1</td><td>0</td></tr></tbody></table><h4><span class="label label-primary">Verify if Value of sshd_required is the default</span>Â 
>        <span class="label label-default">oval:ssg-test_sshd_requirement_unset:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Var ref</th><th>Value</th></tr></thead><tbody><tr><td>oval:ssg-sshd_required:var:1</td><td>0</td></tr></tbody></table><h4><span class="label label-primary">package openssh is installed</span>Â 
>        <span class="label label-default">oval:ssg-test_package_openssh_installed:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th><th>Arch</th><th>Epoch</th><th>Release</th><th>Version</th><th>Evr</th><th>Signature keyid</th><th>Extended name</th></tr></thead><tbody><tr><td>openssh</td><td>x86_64</td><td>(none)</td><td>150300.3.22.1</td><td>8.4p1</td><td>0:8.4p1-150300.3.22.1</td><td>70af9e8139db7c82</td><td>openssh-0:8.4p1-150300.3.22.1.x86_64</td></tr></tbody></table><h4><span class="label label-primary">LoginGraceTime is configured</span>Â 
>        <span class="label label-default">oval:ssg-test_sshd_login_grace_time:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/ssh/sshd_config</td><td>LoginGraceTime 60</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_sshd_set_loglevel_verbose" id="rule-detail-id34444"><div class="keywords sr-only">Set SSH Daemon LogLevel to VERBOSExccdf_org.ssgproject.content_rule_sshd_set_loglevel_verbose mediumCCE-83270-9 </div><div class="panel-heading"><h3 class="panel-title">Set SSH Daemon LogLevel to VERBOSE</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_sshd_set_loglevel_verbose</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-sshd_set_loglevel_verbose:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:07+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
>            <abbr title="https://ncp.nist.gov/cce: CCE-83270-9">CCE-83270-9</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
>            <a href="https://public.cyber.mil/stigs/cci/">CCI-000067</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R7.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-17(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-17(1)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-2.2.4</a>, <a href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">2.2.6</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000032-GPOS-00013</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">SLES-15-010150</a>, <a href="https://www.cisecurity.org/benchmark/suse_linux/">5.2.5</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-234815r622137_rule</a></p></td></tr><tr><td>Description</td><td><div class="description">The <code>VERBOSE</code> parameter configures the SSH daemon to record login and logout activity.
>To specify the log level in
>SSH, add or correct the following line in
>
>
><code>/etc/ssh/sshd_config</code>:
>
><pre>LogLevel VERBOSE</pre></div></td></tr><tr><td>Rationale</td><td><div class="rationale">SSH provides several logging levels with varying amounts of verbosity. <code>DEBUG</code> is specifically
>not recommended other than strictly for debugging SSH communications since it provides
>so much data that it is difficult to identify important security information. <code>INFO</code> or
><code>VERBOSE</code> level is the basic level that only records login activity of SSH users. In many
>situations, such as Incident Response, it is important to determine when a particular user was active
>on a system. The logout record can eliminate those users who disconnected, which helps narrow the
>field.</div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">Verify if Profile set Value sshd_required as not required</span>Â 
>        <span class="label label-default">oval:ssg-test_sshd_not_required:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Var ref</th><th>Value</th></tr></thead><tbody><tr><td>oval:ssg-sshd_required:var:1</td><td>0</td></tr></tbody></table><h4><span class="label label-primary">Verify if Value of sshd_required is the default</span>Â 
>        <span class="label label-default">oval:ssg-test_sshd_requirement_unset:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Var ref</th><th>Value</th></tr></thead><tbody><tr><td>oval:ssg-sshd_required:var:1</td><td>0</td></tr></tbody></table><h4><span class="label label-primary">package openssh is removed</span>Â 
>        <span class="label label-default">oval:ssg-test_package_openssh_removed:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th><th>Arch</th><th>Epoch</th><th>Release</th><th>Version</th><th>Evr</th><th>Signature keyid</th><th>Extended name</th></tr></thead><tbody><tr><td>openssh</td><td>x86_64</td><td>(none)</td><td>150300.3.22.1</td><td>8.4p1</td><td>0:8.4p1-150300.3.22.1</td><td>70af9e8139db7c82</td><td>openssh-0:8.4p1-150300.3.22.1.x86_64</td></tr></tbody></table><h4><span class="label label-primary">Verify if Profile set Value sshd_required as required</span>Â 
>        <span class="label label-default">oval:ssg-test_sshd_required:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Var ref</th><th>Value</th></tr></thead><tbody><tr><td>oval:ssg-sshd_required:var:1</td><td>0</td></tr></tbody></table><h4><span class="label label-primary">Verify if Value of sshd_required is the default</span>Â 
>        <span class="label label-default">oval:ssg-test_sshd_requirement_unset:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Var ref</th><th>Value</th></tr></thead><tbody><tr><td>oval:ssg-sshd_required:var:1</td><td>0</td></tr></tbody></table><h4><span class="label label-primary">package openssh is installed</span>Â 
>        <span class="label label-default">oval:ssg-test_package_openssh_installed:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th><th>Arch</th><th>Epoch</th><th>Release</th><th>Version</th><th>Evr</th><th>Signature keyid</th><th>Extended name</th></tr></thead><tbody><tr><td>openssh</td><td>x86_64</td><td>(none)</td><td>150300.3.22.1</td><td>8.4p1</td><td>0:8.4p1-150300.3.22.1</td><td>70af9e8139db7c82</td><td>openssh-0:8.4p1-150300.3.22.1.x86_64</td></tr></tbody></table><h4><span class="label label-primary">tests the value of LogLevel setting in the /etc/ssh/sshd_config file</span>Â 
>        <span class="label label-default">oval:ssg-test_sshd_set_loglevel_verbose:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/ssh/sshd_config</td><td>LogLevel VERBOSE</td></tr></tbody></table><h4><span class="label label-primary">Verify that the value of LogLevel is present</span>Â 
>        <span class="label label-default">oval:ssg-test_LogLevel_present_sshd_set_loglevel_verbose:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/ssh/sshd_config</td><td>LogLevel VERBOSE</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_sshd_set_max_auth_tries" id="rule-detail-id34445"><div class="keywords sr-only">Set SSH authentication attempt limitxccdf_org.ssgproject.content_rule_sshd_set_max_auth_tries mediumCCE-91332-7 </div><div class="panel-heading"><h3 class="panel-title">Set SSH authentication attempt limit</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_sshd_set_max_auth_tries</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-sshd_set_max_auth_tries:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:07+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
>            <abbr title="https://ncp.nist.gov/cce: CCE-91332-7">CCE-91332-7</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
>            <a href="https://www.cyber.gov.au/acsc/view-all-content/ism">0421</a>, <a href="https://www.cyber.gov.au/acsc/view-all-content/ism">0422</a>, <a href="https://www.cyber.gov.au/acsc/view-all-content/ism">0431</a>, <a href="https://www.cyber.gov.au/acsc/view-all-content/ism">0974</a>, <a href="https://www.cyber.gov.au/acsc/view-all-content/ism">1173</a>, <a href="https://www.cyber.gov.au/acsc/view-all-content/ism">1401</a>, <a href="https://www.cyber.gov.au/acsc/view-all-content/ism">1504</a>, <a href="https://www.cyber.gov.au/acsc/view-all-content/ism">1505</a>, <a href="https://www.cyber.gov.au/acsc/view-all-content/ism">1546</a>, <a href="https://www.cyber.gov.au/acsc/view-all-content/ism">1557</a>, <a href="https://www.cyber.gov.au/acsc/view-all-content/ism">1558</a>, <a href="https://www.cyber.gov.au/acsc/view-all-content/ism">1559</a>, <a href="https://www.cyber.gov.au/acsc/view-all-content/ism">1560</a>, <a href="https://www.cyber.gov.au/acsc/view-all-content/ism">1561</a>, <a href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">2.2.6</a>, <a href="https://www.cisecurity.org/benchmark/suse_linux/">5.2.7</a></p></td></tr><tr><td>Description</td><td><div class="description">The <code>MaxAuthTries</code> parameter specifies the maximum number of authentication attempts
>permitted per connection. Once the number of failures reaches half this value, additional failures are logged.
>to set MaxAUthTries edit <code>/etc/ssh/sshd_config</code> as follows:
><pre>MaxAuthTries <abbr title="from TestResult: xccdf_org.ssgproject.content_value_sshd_max_auth_tries_value">4</abbr></pre></div></td></tr><tr><td>Rationale</td><td><div class="rationale">Setting the MaxAuthTries parameter to a low number will minimize the risk of successful
>brute force attacks to the SSH server.</div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">Verify if Profile set Value sshd_required as not required</span>Â 
>        <span class="label label-default">oval:ssg-test_sshd_not_required:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Var ref</th><th>Value</th></tr></thead><tbody><tr><td>oval:ssg-sshd_required:var:1</td><td>0</td></tr></tbody></table><h4><span class="label label-primary">Verify if Value of sshd_required is the default</span>Â 
>        <span class="label label-default">oval:ssg-test_sshd_requirement_unset:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Var ref</th><th>Value</th></tr></thead><tbody><tr><td>oval:ssg-sshd_required:var:1</td><td>0</td></tr></tbody></table><h4><span class="label label-primary">package openssh-server is removed</span>Â 
>        <span class="label label-default">oval:ssg-test_package_openssh-server_removed:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th><th>Arch</th><th>Epoch</th><th>Release</th><th>Version</th><th>Evr</th><th>Signature keyid</th><th>Extended name</th></tr></thead><tbody><tr><td>openssh-server</td><td>x86_64</td><td>(none)</td><td>150300.3.22.1</td><td>8.4p1</td><td>0:8.4p1-150300.3.22.1</td><td>70af9e8139db7c82</td><td>openssh-server-0:8.4p1-150300.3.22.1.x86_64</td></tr></tbody></table><h4><span class="label label-primary">Verify if Profile set Value sshd_required as required</span>Â 
>        <span class="label label-default">oval:ssg-test_sshd_required:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Var ref</th><th>Value</th></tr></thead><tbody><tr><td>oval:ssg-sshd_required:var:1</td><td>0</td></tr></tbody></table><h4><span class="label label-primary">Verify if Value of sshd_required is the default</span>Â 
>        <span class="label label-default">oval:ssg-test_sshd_requirement_unset:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Var ref</th><th>Value</th></tr></thead><tbody><tr><td>oval:ssg-sshd_required:var:1</td><td>0</td></tr></tbody></table><h4><span class="label label-primary">package openssh-server is installed</span>Â 
>        <span class="label label-default">oval:ssg-test_package_openssh-server_installed:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th><th>Arch</th><th>Epoch</th><th>Release</th><th>Version</th><th>Evr</th><th>Signature keyid</th><th>Extended name</th></tr></thead><tbody><tr><td>openssh-server</td><td>x86_64</td><td>(none)</td><td>150300.3.22.1</td><td>8.4p1</td><td>0:8.4p1-150300.3.22.1</td><td>70af9e8139db7c82</td><td>openssh-server-0:8.4p1-150300.3.22.1.x86_64</td></tr></tbody></table><h4><span class="label label-primary">maxauthtries is configured</span>Â 
>        <span class="label label-default">oval:ssg-test_sshd_max_auth_tries:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/ssh/sshd_config</td><td>MaxAuthTries 4</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_sshd_set_max_sessions" id="rule-detail-id34446"><div class="keywords sr-only">Set SSH MaxSessions limitxccdf_org.ssgproject.content_rule_sshd_set_max_sessions mediumCCE-91309-5 </div><div class="panel-heading"><h3 class="panel-title">Set SSH MaxSessions limit</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_sshd_set_max_sessions</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-sshd_set_max_sessions:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:07+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
>            <abbr title="https://ncp.nist.gov/cce: CCE-91309-5">CCE-91309-5</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
>            <a href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">2.2.6</a>, <a href="https://www.cisecurity.org/benchmark/suse_linux/">5.2.22</a></p></td></tr><tr><td>Description</td><td><div class="description">The <code>MaxSessions</code> parameter specifies the maximum number of open sessions permitted
>from a given connection. To set MaxSessions edit
><code>/etc/ssh/sshd_config</code> as follows: <pre>MaxSessions <abbr title="from TestResult: xccdf_org.ssgproject.content_value_var_sshd_max_sessions">10</abbr></pre></div></td></tr><tr><td>Rationale</td><td><div class="rationale">To protect a system from denial of service due to a large number of concurrent
>sessions, use the rate limiting function of MaxSessions to protect availability
>of sshd logins and prevent overwhelming the daemon.</div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">Verify if Profile set Value sshd_required as not required</span>Â 
>        <span class="label label-default">oval:ssg-test_sshd_not_required:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Var ref</th><th>Value</th></tr></thead><tbody><tr><td>oval:ssg-sshd_required:var:1</td><td>0</td></tr></tbody></table><h4><span class="label label-primary">Verify if Value of sshd_required is the default</span>Â 
>        <span class="label label-default">oval:ssg-test_sshd_requirement_unset:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Var ref</th><th>Value</th></tr></thead><tbody><tr><td>oval:ssg-sshd_required:var:1</td><td>0</td></tr></tbody></table><h4><span class="label label-primary">package openssh is removed</span>Â 
>        <span class="label label-default">oval:ssg-test_package_openssh_removed:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th><th>Arch</th><th>Epoch</th><th>Release</th><th>Version</th><th>Evr</th><th>Signature keyid</th><th>Extended name</th></tr></thead><tbody><tr><td>openssh</td><td>x86_64</td><td>(none)</td><td>150300.3.22.1</td><td>8.4p1</td><td>0:8.4p1-150300.3.22.1</td><td>70af9e8139db7c82</td><td>openssh-0:8.4p1-150300.3.22.1.x86_64</td></tr></tbody></table><h4><span class="label label-primary">Verify if Profile set Value sshd_required as required</span>Â 
>        <span class="label label-default">oval:ssg-test_sshd_required:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Var ref</th><th>Value</th></tr></thead><tbody><tr><td>oval:ssg-sshd_required:var:1</td><td>0</td></tr></tbody></table><h4><span class="label label-primary">Verify if Value of sshd_required is the default</span>Â 
>        <span class="label label-default">oval:ssg-test_sshd_requirement_unset:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Var ref</th><th>Value</th></tr></thead><tbody><tr><td>oval:ssg-sshd_required:var:1</td><td>0</td></tr></tbody></table><h4><span class="label label-primary">package openssh is installed</span>Â 
>        <span class="label label-default">oval:ssg-test_package_openssh_installed:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th><th>Arch</th><th>Epoch</th><th>Release</th><th>Version</th><th>Evr</th><th>Signature keyid</th><th>Extended name</th></tr></thead><tbody><tr><td>openssh</td><td>x86_64</td><td>(none)</td><td>150300.3.22.1</td><td>8.4p1</td><td>0:8.4p1-150300.3.22.1</td><td>70af9e8139db7c82</td><td>openssh-0:8.4p1-150300.3.22.1.x86_64</td></tr></tbody></table><h4><span class="label label-primary">maxsessions is configured</span>Â 
>        <span class="label label-default">oval:ssg-test_sshd_max_sessions:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/ssh/sshd_config</td><td>MaxSessions 10</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_sshd_set_maxstartups" id="rule-detail-id34447"><div class="keywords sr-only">Ensure SSH MaxStartups is configuredxccdf_org.ssgproject.content_rule_sshd_set_maxstartups mediumCCE-91308-7 </div><div class="panel-heading"><h3 class="panel-title">Ensure SSH MaxStartups is configured</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_sshd_set_maxstartups</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-sshd_set_maxstartups:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:07+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
>            <abbr title="https://ncp.nist.gov/cce: CCE-91308-7">CCE-91308-7</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
>            <a href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">2.2.6</a>, <a href="https://www.cisecurity.org/benchmark/suse_linux/">5.2.21</a></p></td></tr><tr><td>Description</td><td><div class="description">The MaxStartups parameter specifies the maximum number of concurrent
>unauthenticated connections to the SSH daemon. Additional connections will be
>dropped until authentication succeeds or the LoginGraceTime expires for a
>connection. To confgure MaxStartups, you should add or correct the following
>line in the
><code>/etc/ssh/sshd_config</code> file:
><pre>MaxStartups <abbr title="from TestResult: xccdf_org.ssgproject.content_value_var_sshd_set_maxstartups">10:30:100</abbr></pre>
>CIS recommends a MaxStartups value of '10:30:60', or more restrictive where
>dictated by site policy.</div></td></tr><tr><td>Rationale</td><td><div class="rationale">To protect a system from denial of service due to a large number of pending
>authentication connection attempts, use the rate limiting function of MaxStartups
>to protect availability of sshd logins and prevent overwhelming the daemon.</div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">Verify if Profile set Value sshd_required as not required</span>Â 
>        <span class="label label-default">oval:ssg-test_sshd_not_required:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Var ref</th><th>Value</th></tr></thead><tbody><tr><td>oval:ssg-sshd_required:var:1</td><td>0</td></tr></tbody></table><h4><span class="label label-primary">Verify if Value of sshd_required is the default</span>Â 
>        <span class="label label-default">oval:ssg-test_sshd_requirement_unset:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Var ref</th><th>Value</th></tr></thead><tbody><tr><td>oval:ssg-sshd_required:var:1</td><td>0</td></tr></tbody></table><h4><span class="label label-primary">package openssh is removed</span>Â 
>        <span class="label label-default">oval:ssg-test_package_openssh_removed:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th><th>Arch</th><th>Epoch</th><th>Release</th><th>Version</th><th>Evr</th><th>Signature keyid</th><th>Extended name</th></tr></thead><tbody><tr><td>openssh</td><td>x86_64</td><td>(none)</td><td>150300.3.22.1</td><td>8.4p1</td><td>0:8.4p1-150300.3.22.1</td><td>70af9e8139db7c82</td><td>openssh-0:8.4p1-150300.3.22.1.x86_64</td></tr></tbody></table><h4><span class="label label-primary">SSH MaxStartups start parameter is less than or equal to 10</span>Â 
>        <span class="label label-default">oval:ssg-tst_maxstartups_start_parameter:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/ssh/sshd_config</td><td>MaxStartups 10:30:100</td></tr></tbody></table><h4><span class="label label-primary">SSH MaxStartups rate parameter is greater than or equal to 30</span>Â 
>        <span class="label label-default">oval:ssg-tst_maxstartups_rate_parameter:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/ssh/sshd_config</td><td>MaxStartups 10:30:100</td></tr></tbody></table><h4><span class="label label-primary">SSH MaxStartups full parameter is less than or equal to 100</span>Â 
>        <span class="label label-default">oval:ssg-tst_maxstartups_full_parameter:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/ssh/sshd_config</td><td>MaxStartups 10:30:100</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_sshd_use_approved_ciphers" id="rule-detail-id34448"><div class="keywords sr-only">Use Only FIPS 140-2 Validated Ciphersxccdf_org.ssgproject.content_rule_sshd_use_approved_ciphers mediumCCE-91337-6 </div><div class="panel-heading"><h3 class="panel-title">Use Only FIPS 140-2 Validated Ciphers</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_sshd_use_approved_ciphers</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-sshd_use_approved_ciphers:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:07+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
>            <abbr title="https://ncp.nist.gov/cce: CCE-91337-6">CCE-91337-6</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
>            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">18</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.5.6</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.02</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.03</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.10</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.06</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.10</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.13</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.13.11</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.13.8</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000068</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000803</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000877</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002890</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-003123</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(b)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(b)(2)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)(2)(ii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.314(b)(2)(i)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.3.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.3.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.5.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.6.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.18.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.6.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.9.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.5</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-17(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-17(2)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">SC-13</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">MA-4(6)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(1)(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">SC-12(2)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">SC-12(3)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-6</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.IP-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">2.2.7</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000033-GPOS-00014</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000120-GPOS-00061</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000125-GPOS-00065</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000250-GPOS-00093</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000393-GPOS-00173</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000394-GPOS-00174</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">SLES-15-010160</a>, <a href="https://www.cisecurity.org/benchmark/suse_linux/">5.2.13</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-234816r744125_rule</a></p></td></tr><tr><td>Description</td><td><div class="description">Limit the ciphers to those algorithms which are FIPS-approved.
>Counter (CTR) mode is also preferred over cipher-block chaining (CBC) mode.
>The following line in <code>/etc/ssh/sshd_config</code>
>demonstrates use of FIPS-approved ciphers:
><pre>Ciphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc</pre>
>The man page <code>sshd_config(5)</code> contains a list of supported ciphers.
>
>The rule is parametrized to use the following ciphers: <code><abbr title="from TestResult: xccdf_org.ssgproject.content_value_sshd_approved_ciphers">aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se</abbr></code>.</div></td></tr><tr><td>Rationale</td><td><div class="rationale">Unapproved mechanisms that are used for authentication to the cryptographic module are not verified and therefore
>cannot be relied upon to provide confidentiality or integrity, and system data may be compromised.
><br>
>Operating systems utilizing encryption are required to use FIPS-compliant mechanisms for authenticating to
>cryptographic modules.
><br>
>FIPS 140-2 is the current standard for validating that mechanisms used to access cryptographic modules
>utilize authentication that meets industry and government requirements. For government systems, this allows
>Security Levels 1, 2, 3, or 4 for use on SUSE Linux Enterprise 15.</div></td></tr><tr><td>Warnings</td><td><div class="panel panel-warning"><div class="panel-heading"><span class="label label-warning">warning</span>Â 
>                                The system needs to be rebooted for these changes to take effect.</div></div><div class="panel panel-warning"><div class="panel-heading"><span class="label label-warning">warning</span>Â 
>                                System Crypto Modules must be provided by a vendor that undergoes
>FIPS-140 certifications.
>FIPS-140 is applicable to all Federal agencies that use
>cryptographic-based security systems to protect sensitive information
>in computer and telecommunication systems (including voice systems) as
>defined in Section 5131 of the Information Technology Management Reform
>Act of 1996, Public Law 104-106. This standard shall be used in
>designing and implementing cryptographic modules that Federal
>departments and agencies operate or are operated for them under
>contract. See <b><a href="https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.140-2.pdf">https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.140-2.pdf</a></b>
>To meet this, the system has to have cryptographic software provided by
>a vendor that has undergone this certification. This means providing
>documentation, test results, design information, and independent third
>party review by an accredited lab. While open source software is
>capable of meeting this, it does not meet FIPS-140 unless the vendor
>submits to this process.</div></div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">installed OS part of unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_rhel7_unix_family:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">installed OS part of unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_rhel7_unix_family:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhel7_unix_family:obj:1</abbr></strong> of type
>                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">redhat-release-client is version 7</span>Â 
>        <span class="label label-default">oval:ssg-test_rhel7_client:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhel7_client:obj:1</abbr></strong> of type
>                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>redhat-release-client</td></tr></tbody></table><h4><span class="label label-primary">redhat-release-client is version 7</span>Â 
>        <span class="label label-default">oval:ssg-test_rhel7_client:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhel7_client:obj:1</abbr></strong> of type
>                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>redhat-release-client</td></tr></tbody></table><h4><span class="label label-primary">redhat-release-workstation is version 7</span>Â 
>        <span class="label label-default">oval:ssg-test_rhel7_workstation:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhel7_workstation:obj:1</abbr></strong> of type
>                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>redhat-release-workstation</td></tr></tbody></table><h4><span class="label label-primary">redhat-release-workstation is version 7</span>Â 
>        <span class="label label-default">oval:ssg-test_rhel7_workstation:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhel7_workstation:obj:1</abbr></strong> of type
>                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>redhat-release-workstation</td></tr></tbody></table><h4><span class="label label-primary">redhat-release-server is version 7</span>Â 
>        <span class="label label-default">oval:ssg-test_rhel7_server:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhel7_server:obj:1</abbr></strong> of type
>                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>redhat-release-server</td></tr></tbody></table><h4><span class="label label-primary">redhat-release-server is version 7</span>Â 
>        <span class="label label-default">oval:ssg-test_rhel7_server:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhel7_server:obj:1</abbr></strong> of type
>                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>redhat-release-server</td></tr></tbody></table><h4><span class="label label-primary">redhat-release-computenode is version 7</span>Â 
>        <span class="label label-default">oval:ssg-test_rhel7_computenode:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhel7_computenode:obj:1</abbr></strong> of type
>                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>redhat-release-computenode</td></tr></tbody></table><h4><span class="label label-primary">redhat-release-computenode is version 7</span>Â 
>        <span class="label label-default">oval:ssg-test_rhel7_computenode:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhel7_computenode:obj:1</abbr></strong> of type
>                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>redhat-release-computenode</td></tr></tbody></table><h4><span class="label label-primary">redhat-release-virtualization-host RPM package is installed</span>Â 
>        <span class="label label-default">oval:ssg-test_rhvh4_version:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhvh4_version:obj:1</abbr></strong> of type
>                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>redhat-release-virtualization-host</td></tr></tbody></table><h4><span class="label label-primary">redhat-release-virtualization-host RPM package is installed</span>Â 
>        <span class="label label-default">oval:ssg-test_rhvh4_version:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhvh4_version:obj:1</abbr></strong> of type
>                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>redhat-release-virtualization-host</td></tr></tbody></table><h4><span class="label label-primary">RHEVH base RHEL is version 7</span>Â 
>        <span class="label label-default">oval:ssg-test_rhevh_rhel7_version:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhevh_rhel7_version:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/redhat-release</td><td>^Red Hat Enterprise Linux release (\d)\.\d+$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">RHEVH base RHEL is version 7</span>Â 
>        <span class="label label-default">oval:ssg-test_rhevh_rhel7_version:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhevh_rhel7_version:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/redhat-release</td><td>^Red Hat Enterprise Linux release (\d)\.\d+$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">installed OS part of unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_rhel7_unix_family:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">installed OS part of unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_rhel7_unix_family:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhel7_unix_family:obj:1</abbr></strong> of type
>                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">redhat-release-client is version 7</span>Â 
>        <span class="label label-default">oval:ssg-test_rhel7_client:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhel7_client:obj:1</abbr></strong> of type
>                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>redhat-release-client</td></tr></tbody></table><h4><span class="label label-primary">redhat-release-client is version 7</span>Â 
>        <span class="label label-default">oval:ssg-test_rhel7_client:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhel7_client:obj:1</abbr></strong> of type
>                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>redhat-release-client</td></tr></tbody></table><h4><span class="label label-primary">redhat-release-workstation is version 7</span>Â 
>        <span class="label label-default">oval:ssg-test_rhel7_workstation:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhel7_workstation:obj:1</abbr></strong> of type
>                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>redhat-release-workstation</td></tr></tbody></table><h4><span class="label label-primary">redhat-release-workstation is version 7</span>Â 
>        <span class="label label-default">oval:ssg-test_rhel7_workstation:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhel7_workstation:obj:1</abbr></strong> of type
>                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>redhat-release-workstation</td></tr></tbody></table><h4><span class="label label-primary">redhat-release-server is version 7</span>Â 
>        <span class="label label-default">oval:ssg-test_rhel7_server:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhel7_server:obj:1</abbr></strong> of type
>                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>redhat-release-server</td></tr></tbody></table><h4><span class="label label-primary">redhat-release-server is version 7</span>Â 
>        <span class="label label-default">oval:ssg-test_rhel7_server:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhel7_server:obj:1</abbr></strong> of type
>                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>redhat-release-server</td></tr></tbody></table><h4><span class="label label-primary">redhat-release-computenode is version 7</span>Â 
>        <span class="label label-default">oval:ssg-test_rhel7_computenode:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhel7_computenode:obj:1</abbr></strong> of type
>                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>redhat-release-computenode</td></tr></tbody></table><h4><span class="label label-primary">redhat-release-computenode is version 7</span>Â 
>        <span class="label label-default">oval:ssg-test_rhel7_computenode:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhel7_computenode:obj:1</abbr></strong> of type
>                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>redhat-release-computenode</td></tr></tbody></table><h4><span class="label label-primary">redhat-release-virtualization-host RPM package is installed</span>Â 
>        <span class="label label-default">oval:ssg-test_rhvh4_version:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhvh4_version:obj:1</abbr></strong> of type
>                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>redhat-release-virtualization-host</td></tr></tbody></table><h4><span class="label label-primary">redhat-release-virtualization-host RPM package is installed</span>Â 
>        <span class="label label-default">oval:ssg-test_rhvh4_version:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhvh4_version:obj:1</abbr></strong> of type
>                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>redhat-release-virtualization-host</td></tr></tbody></table><h4><span class="label label-primary">RHEVH base RHEL is version 7</span>Â 
>        <span class="label label-default">oval:ssg-test_rhevh_rhel7_version:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhevh_rhel7_version:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/redhat-release</td><td>^Red Hat Enterprise Linux release (\d)\.\d+$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">RHEVH base RHEL is version 7</span>Â 
>        <span class="label label-default">oval:ssg-test_rhevh_rhel7_version:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhevh_rhel7_version:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/redhat-release</td><td>^Red Hat Enterprise Linux release (\d)\.\d+$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">installed OS part of unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_rhel8_unix_family:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">installed OS part of unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_rhel8_unix_family:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhel8_unix_family:obj:1</abbr></strong> of type
>                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">redhat-release is version 8</span>Â 
>        <span class="label label-default">oval:ssg-test_rhel8:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhel8:obj:1</abbr></strong> of type
>                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>redhat-release</td></tr></tbody></table><h4><span class="label label-primary">redhat-release is version 8</span>Â 
>        <span class="label label-default">oval:ssg-test_rhel8:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhel8:obj:1</abbr></strong> of type
>                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>redhat-release</td></tr></tbody></table><h4><span class="label label-primary">redhat-release-virtualization-host RPM package is installed</span>Â 
>        <span class="label label-default">oval:ssg-test_rhvh4_version:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhvh4_version:obj:1</abbr></strong> of type
>                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>redhat-release-virtualization-host</td></tr></tbody></table><h4><span class="label label-primary">redhat-release-virtualization-host RPM package is installed</span>Â 
>        <span class="label label-default">oval:ssg-test_rhvh4_version:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhvh4_version:obj:1</abbr></strong> of type
>                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>redhat-release-virtualization-host</td></tr></tbody></table><h4><span class="label label-primary">RHEVH base RHEL is version 8</span>Â 
>        <span class="label label-default">oval:ssg-test_rhevh_rhel8_version:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhevh_rhel8_version:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/redhat-release</td><td>^Red Hat Enterprise Linux release (\d)\.\d+$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">RHEVH base RHEL is version 8</span>Â 
>        <span class="label label-default">oval:ssg-test_rhevh_rhel8_version:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhevh_rhel8_version:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/redhat-release</td><td>^Red Hat Enterprise Linux release (\d)\.\d+$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">installed OS part of unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_rhel8_unix_family:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">installed OS part of unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_rhel8_unix_family:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhel8_unix_family:obj:1</abbr></strong> of type
>                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">redhat-release is version 8</span>Â 
>        <span class="label label-default">oval:ssg-test_rhel8:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhel8:obj:1</abbr></strong> of type
>                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>redhat-release</td></tr></tbody></table><h4><span class="label label-primary">redhat-release is version 8</span>Â 
>        <span class="label label-default">oval:ssg-test_rhel8:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhel8:obj:1</abbr></strong> of type
>                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>redhat-release</td></tr></tbody></table><h4><span class="label label-primary">redhat-release-virtualization-host RPM package is installed</span>Â 
>        <span class="label label-default">oval:ssg-test_rhvh4_version:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhvh4_version:obj:1</abbr></strong> of type
>                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>redhat-release-virtualization-host</td></tr></tbody></table><h4><span class="label label-primary">redhat-release-virtualization-host RPM package is installed</span>Â 
>        <span class="label label-default">oval:ssg-test_rhvh4_version:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhvh4_version:obj:1</abbr></strong> of type
>                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>redhat-release-virtualization-host</td></tr></tbody></table><h4><span class="label label-primary">RHEVH base RHEL is version 8</span>Â 
>        <span class="label label-default">oval:ssg-test_rhevh_rhel8_version:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhevh_rhel8_version:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/redhat-release</td><td>^Red Hat Enterprise Linux release (\d)\.\d+$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">RHEVH base RHEL is version 8</span>Â 
>        <span class="label label-default">oval:ssg-test_rhevh_rhel8_version:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhevh_rhel8_version:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/redhat-release</td><td>^Red Hat Enterprise Linux release (\d)\.\d+$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">os-release is rhcos</span>Â 
>        <span class="label label-default">oval:ssg-test_rhcos:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/os-release</td><td>ID="sles"</td></tr></tbody></table><h4><span class="label label-primary">os-release is rhcos</span>Â 
>        <span class="label label-default">oval:ssg-test_rhcos:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhcos:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/os-release</td><td>^ID="(\w+)"$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">rhcoreos is version 4</span>Â 
>        <span class="label label-default">oval:ssg-test_rhcos4:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhcos4:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/os-release</td><td>^VERSION_ID="(\d)\.\d+"$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">rhcoreos is version 4</span>Â 
>        <span class="label label-default">oval:ssg-test_rhcos4:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhcos4:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/os-release</td><td>^VERSION_ID="(\d)\.\d+"$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">os-release is rhcos</span>Â 
>        <span class="label label-default">oval:ssg-test_rhcos:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/os-release</td><td>ID="sles"</td></tr></tbody></table><h4><span class="label label-primary">os-release is rhcos</span>Â 
>        <span class="label label-default">oval:ssg-test_rhcos:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhcos:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/os-release</td><td>^ID="(\w+)"$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">rhcoreos is version 4</span>Â 
>        <span class="label label-default">oval:ssg-test_rhcos4:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhcos4:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/os-release</td><td>^VERSION_ID="(\d)\.\d+"$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">rhcoreos is version 4</span>Â 
>        <span class="label label-default">oval:ssg-test_rhcos4:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhcos4:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/os-release</td><td>^VERSION_ID="(\d)\.\d+"$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_unix_family:obj:1</abbr></strong> of type
>                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_unix_family:obj:1</abbr></strong> of type
>                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">oraclelinux-release is version 7</span>Â 
>        <span class="label label-default">oval:ssg-test_ol7_system:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_ol7_system:obj:1</abbr></strong> of type
>                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>oraclelinux-release</td></tr></tbody></table><h4><span class="label label-primary">oraclelinux-release is version 7</span>Â 
>        <span class="label label-default">oval:ssg-test_ol7_system:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_ol7_system:obj:1</abbr></strong> of type
>                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>oraclelinux-release</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_unix_family:obj:1</abbr></strong> of type
>                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_unix_family:obj:1</abbr></strong> of type
>                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">oraclelinux-release is version 7</span>Â 
>        <span class="label label-default">oval:ssg-test_ol7_system:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_ol7_system:obj:1</abbr></strong> of type
>                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>oraclelinux-release</td></tr></tbody></table><h4><span class="label label-primary">oraclelinux-release is version 7</span>Â 
>        <span class="label label-default">oval:ssg-test_ol7_system:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_ol7_system:obj:1</abbr></strong> of type
>                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>oraclelinux-release</td></tr></tbody></table><h4><span class="label label-primary">installed OS part of unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_sle12_unix_family:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">installed OS part of unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_sle12_unix_family:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_sle12_unix_family:obj:1</abbr></strong> of type
>                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">sled-release is version 6</span>Â 
>        <span class="label label-default">oval:ssg-test_sle12_desktop:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_sle12_desktop:obj:1</abbr></strong> of type
>                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>sled-release</td></tr></tbody></table><h4><span class="label label-primary">sled-release is version 6</span>Â 
>        <span class="label label-default">oval:ssg-test_sle12_desktop:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_sle12_desktop:obj:1</abbr></strong> of type
>                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>sled-release</td></tr></tbody></table><h4><span class="label label-primary">sles-release is version 6</span>Â 
>        <span class="label label-default">oval:ssg-test_sle12_server:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th><th>Arch</th><th>Epoch</th><th>Release</th><th>Version</th><th>Evr</th><th>Signature keyid</th><th>Extended name</th></tr></thead><tbody><tr><td>sles-release</td><td>x86_64</td><td>(none)</td><td>150500.43.4</td><td>15.5</td><td>0:15.5-150500.43.4</td><td>70af9e8139db7c82</td><td>sles-release-0:15.5-150500.43.4.x86_64</td></tr></tbody></table><h4><span class="label label-primary">sles-release is version 6</span>Â 
>        <span class="label label-default">oval:ssg-test_sle12_server:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_sle12_server:obj:1</abbr></strong> of type
>                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>sles-release</td></tr></tbody></table><h4><span class="label label-primary">SLES_SAP-release is version 12</span>Â 
>        <span class="label label-default">oval:ssg-test_sles_12_for_sap:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_sles_12_for_sap:obj:1</abbr></strong> of type
>                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>SLES_SAP-release</td></tr></tbody></table><h4><span class="label label-primary">SLES_SAP-release is version 12</span>Â 
>        <span class="label label-default">oval:ssg-test_sles_12_for_sap:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_sles_12_for_sap:obj:1</abbr></strong> of type
>                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>SLES_SAP-release</td></tr></tbody></table><h4><span class="label label-primary">installed OS part of unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_sle12_unix_family:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">installed OS part of unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_sle12_unix_family:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_sle12_unix_family:obj:1</abbr></strong> of type
>                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">sled-release is version 6</span>Â 
>        <span class="label label-default">oval:ssg-test_sle12_desktop:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_sle12_desktop:obj:1</abbr></strong> of type
>                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>sled-release</td></tr></tbody></table><h4><span class="label label-primary">sled-release is version 6</span>Â 
>        <span class="label label-default">oval:ssg-test_sle12_desktop:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_sle12_desktop:obj:1</abbr></strong> of type
>                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>sled-release</td></tr></tbody></table><h4><span class="label label-primary">sles-release is version 6</span>Â 
>        <span class="label label-default">oval:ssg-test_sle12_server:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th><th>Arch</th><th>Epoch</th><th>Release</th><th>Version</th><th>Evr</th><th>Signature keyid</th><th>Extended name</th></tr></thead><tbody><tr><td>sles-release</td><td>x86_64</td><td>(none)</td><td>150500.43.4</td><td>15.5</td><td>0:15.5-150500.43.4</td><td>70af9e8139db7c82</td><td>sles-release-0:15.5-150500.43.4.x86_64</td></tr></tbody></table><h4><span class="label label-primary">sles-release is version 6</span>Â 
>        <span class="label label-default">oval:ssg-test_sle12_server:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_sle12_server:obj:1</abbr></strong> of type
>                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>sles-release</td></tr></tbody></table><h4><span class="label label-primary">SLES_SAP-release is version 12</span>Â 
>        <span class="label label-default">oval:ssg-test_sles_12_for_sap:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_sles_12_for_sap:obj:1</abbr></strong> of type
>                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>SLES_SAP-release</td></tr></tbody></table><h4><span class="label label-primary">SLES_SAP-release is version 12</span>Â 
>        <span class="label label-default">oval:ssg-test_sles_12_for_sap:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_sles_12_for_sap:obj:1</abbr></strong> of type
>                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>SLES_SAP-release</td></tr></tbody></table><h4><span class="label label-primary">installed OS part of unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_sle15_unix_family:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">installed OS part of unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_sle15_unix_family:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">sled-release is version 15</span>Â 
>        <span class="label label-default">oval:ssg-test_sle15_desktop:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_sle15_desktop:obj:1</abbr></strong> of type
>                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>sled-release</td></tr></tbody></table><h4><span class="label label-primary">sled-release is version 15</span>Â 
>        <span class="label label-default">oval:ssg-test_sle15_desktop:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_sle15_desktop:obj:1</abbr></strong> of type
>                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>sled-release</td></tr></tbody></table><h4><span class="label label-primary">sles-release is version 15</span>Â 
>        <span class="label label-default">oval:ssg-test_sle15_server:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th><th>Arch</th><th>Epoch</th><th>Release</th><th>Version</th><th>Evr</th><th>Signature keyid</th><th>Extended name</th></tr></thead><tbody><tr><td>sles-release</td><td>x86_64</td><td>(none)</td><td>150500.43.4</td><td>15.5</td><td>0:15.5-150500.43.4</td><td>70af9e8139db7c82</td><td>sles-release-0:15.5-150500.43.4.x86_64</td></tr></tbody></table><h4><span class="label label-primary">sles-release is version 15</span>Â 
>        <span class="label label-default">oval:ssg-test_sle15_server:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th><th>Arch</th><th>Epoch</th><th>Release</th><th>Version</th><th>Evr</th><th>Signature keyid</th><th>Extended name</th></tr></thead><tbody><tr><td>sles-release</td><td>x86_64</td><td>(none)</td><td>150500.43.4</td><td>15.5</td><td>0:15.5-150500.43.4</td><td>70af9e8139db7c82</td><td>sles-release-0:15.5-150500.43.4.x86_64</td></tr></tbody></table><h4><span class="label label-primary">SLES_SAP-release is version 15</span>Â 
>        <span class="label label-default">oval:ssg-test_sles_15_for_sap:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_sles_15_for_sap:obj:1</abbr></strong> of type
>                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>SLES_SAP-release</td></tr></tbody></table><h4><span class="label label-primary">SLES_SAP-release is version 15</span>Â 
>        <span class="label label-default">oval:ssg-test_sles_15_for_sap:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_sles_15_for_sap:obj:1</abbr></strong> of type
>                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>SLES_SAP-release</td></tr></tbody></table><h4><span class="label label-primary">SUMA is version 4</span>Â 
>        <span class="label label-default">oval:ssg-test_suma_4:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_suma_4:obj:1</abbr></strong> of type
>                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>SUSE-Manager-Server-release</td></tr></tbody></table><h4><span class="label label-primary">SUMA is version 4</span>Â 
>        <span class="label label-default">oval:ssg-test_suma_4:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_suma_4:obj:1</abbr></strong> of type
>                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>SUSE-Manager-Server-release</td></tr></tbody></table><h4><span class="label label-primary">SLE HPC release is version 15</span>Â 
>        <span class="label label-default">oval:ssg-test_sle_hpc:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_sle_hpc:obj:1</abbr></strong> of type
>                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>SLE_HPC-release</td></tr></tbody></table><h4><span class="label label-primary">SLE HPC release is version 15</span>Â 
>        <span class="label label-default">oval:ssg-test_sle_hpc:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_sle_hpc:obj:1</abbr></strong> of type
>                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>SLE_HPC-release</td></tr></tbody></table><h4><span class="label label-primary">installed OS part of unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_sle15_unix_family:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">installed OS part of unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_sle15_unix_family:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">sled-release is version 15</span>Â 
>        <span class="label label-default">oval:ssg-test_sle15_desktop:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_sle15_desktop:obj:1</abbr></strong> of type
>                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>sled-release</td></tr></tbody></table><h4><span class="label label-primary">sled-release is version 15</span>Â 
>        <span class="label label-default">oval:ssg-test_sle15_desktop:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_sle15_desktop:obj:1</abbr></strong> of type
>                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>sled-release</td></tr></tbody></table><h4><span class="label label-primary">sles-release is version 15</span>Â 
>        <span class="label label-default">oval:ssg-test_sle15_server:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th><th>Arch</th><th>Epoch</th><th>Release</th><th>Version</th><th>Evr</th><th>Signature keyid</th><th>Extended name</th></tr></thead><tbody><tr><td>sles-release</td><td>x86_64</td><td>(none)</td><td>150500.43.4</td><td>15.5</td><td>0:15.5-150500.43.4</td><td>70af9e8139db7c82</td><td>sles-release-0:15.5-150500.43.4.x86_64</td></tr></tbody></table><h4><span class="label label-primary">sles-release is version 15</span>Â 
>        <span class="label label-default">oval:ssg-test_sle15_server:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th><th>Arch</th><th>Epoch</th><th>Release</th><th>Version</th><th>Evr</th><th>Signature keyid</th><th>Extended name</th></tr></thead><tbody><tr><td>sles-release</td><td>x86_64</td><td>(none)</td><td>150500.43.4</td><td>15.5</td><td>0:15.5-150500.43.4</td><td>70af9e8139db7c82</td><td>sles-release-0:15.5-150500.43.4.x86_64</td></tr></tbody></table><h4><span class="label label-primary">SLES_SAP-release is version 15</span>Â 
>        <span class="label label-default">oval:ssg-test_sles_15_for_sap:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_sles_15_for_sap:obj:1</abbr></strong> of type
>                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>SLES_SAP-release</td></tr></tbody></table><h4><span class="label label-primary">SLES_SAP-release is version 15</span>Â 
>        <span class="label label-default">oval:ssg-test_sles_15_for_sap:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_sles_15_for_sap:obj:1</abbr></strong> of type
>                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>SLES_SAP-release</td></tr></tbody></table><h4><span class="label label-primary">SUMA is version 4</span>Â 
>        <span class="label label-default">oval:ssg-test_suma_4:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_suma_4:obj:1</abbr></strong> of type
>                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>SUSE-Manager-Server-release</td></tr></tbody></table><h4><span class="label label-primary">SUMA is version 4</span>Â 
>        <span class="label label-default">oval:ssg-test_suma_4:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_suma_4:obj:1</abbr></strong> of type
>                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>SUSE-Manager-Server-release</td></tr></tbody></table><h4><span class="label label-primary">SLE HPC release is version 15</span>Â 
>        <span class="label label-default">oval:ssg-test_sle_hpc:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_sle_hpc:obj:1</abbr></strong> of type
>                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>SLE_HPC-release</td></tr></tbody></table><h4><span class="label label-primary">SLE HPC release is version 15</span>Â 
>        <span class="label label-default">oval:ssg-test_sle_hpc:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_sle_hpc:obj:1</abbr></strong> of type
>                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>SLE_HPC-release</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_unix_family:obj:1</abbr></strong> of type
>                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_unix_family:obj:1</abbr></strong> of type
>                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">/etc/lsb-release exists</span>Â 
>        <span class="label label-default">oval:ssg-test_lsb:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="check /etc/lsb-release file">oval:ssg-obj_lsb:obj:1</abbr></strong> of type
>                <strong>file_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th></tr></thead><tbody><tr><td>/etc/lsb-release</td></tr></tbody></table><h4><span class="label label-primary">/etc/lsb-release exists</span>Â 
>        <span class="label label-default">oval:ssg-test_lsb:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="check /etc/lsb-release file">oval:ssg-obj_lsb:obj:1</abbr></strong> of type
>                <strong>file_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th></tr></thead><tbody><tr><td>/etc/lsb-release</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu</span>Â 
>        <span class="label label-default">oval:ssg-test_ubuntu:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu">oval:ssg-obj_ubuntu:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_ID=Ubuntu$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu</span>Â 
>        <span class="label label-default">oval:ssg-test_ubuntu:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu">oval:ssg-obj_ubuntu:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_ID=Ubuntu$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_unix_family:obj:1</abbr></strong> of type
>                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_unix_family:obj:1</abbr></strong> of type
>                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">/etc/lsb-release exists</span>Â 
>        <span class="label label-default">oval:ssg-test_lsb:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="check /etc/lsb-release file">oval:ssg-obj_lsb:obj:1</abbr></strong> of type
>                <strong>file_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th></tr></thead><tbody><tr><td>/etc/lsb-release</td></tr></tbody></table><h4><span class="label label-primary">/etc/lsb-release exists</span>Â 
>        <span class="label label-default">oval:ssg-test_lsb:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="check /etc/lsb-release file">oval:ssg-obj_lsb:obj:1</abbr></strong> of type
>                <strong>file_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th></tr></thead><tbody><tr><td>/etc/lsb-release</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu</span>Â 
>        <span class="label label-default">oval:ssg-test_ubuntu:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu">oval:ssg-obj_ubuntu:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_ID=Ubuntu$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu</span>Â 
>        <span class="label label-default">oval:ssg-test_ubuntu:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu">oval:ssg-obj_ubuntu:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_ID=Ubuntu$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu version</span>Â 
>        <span class="label label-default">oval:ssg-test_ubuntu_xenial:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu version">oval:ssg-obj_ubuntu_xenial:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_CODENAME=xenial$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu version</span>Â 
>        <span class="label label-default">oval:ssg-test_ubuntu_xenial:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu version">oval:ssg-obj_ubuntu_xenial:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_CODENAME=xenial$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_unix_family:obj:1</abbr></strong> of type
>                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_unix_family:obj:1</abbr></strong> of type
>                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">/etc/lsb-release exists</span>Â 
>        <span class="label label-default">oval:ssg-test_lsb:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="check /etc/lsb-release file">oval:ssg-obj_lsb:obj:1</abbr></strong> of type
>                <strong>file_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th></tr></thead><tbody><tr><td>/etc/lsb-release</td></tr></tbody></table><h4><span class="label label-primary">/etc/lsb-release exists</span>Â 
>        <span class="label label-default">oval:ssg-test_lsb:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="check /etc/lsb-release file">oval:ssg-obj_lsb:obj:1</abbr></strong> of type
>                <strong>file_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th></tr></thead><tbody><tr><td>/etc/lsb-release</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu</span>Â 
>        <span class="label label-default">oval:ssg-test_ubuntu:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu">oval:ssg-obj_ubuntu:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_ID=Ubuntu$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu</span>Â 
>        <span class="label label-default">oval:ssg-test_ubuntu:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu">oval:ssg-obj_ubuntu:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_ID=Ubuntu$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_unix_family:obj:1</abbr></strong> of type
>                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_unix_family:obj:1</abbr></strong> of type
>                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">/etc/lsb-release exists</span>Â 
>        <span class="label label-default">oval:ssg-test_lsb:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="check /etc/lsb-release file">oval:ssg-obj_lsb:obj:1</abbr></strong> of type
>                <strong>file_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th></tr></thead><tbody><tr><td>/etc/lsb-release</td></tr></tbody></table><h4><span class="label label-primary">/etc/lsb-release exists</span>Â 
>        <span class="label label-default">oval:ssg-test_lsb:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="check /etc/lsb-release file">oval:ssg-obj_lsb:obj:1</abbr></strong> of type
>                <strong>file_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th></tr></thead><tbody><tr><td>/etc/lsb-release</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu</span>Â 
>        <span class="label label-default">oval:ssg-test_ubuntu:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu">oval:ssg-obj_ubuntu:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_ID=Ubuntu$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu</span>Â 
>        <span class="label label-default">oval:ssg-test_ubuntu:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu">oval:ssg-obj_ubuntu:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_ID=Ubuntu$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu version</span>Â 
>        <span class="label label-default">oval:ssg-test_ubuntu_xenial:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu version">oval:ssg-obj_ubuntu_xenial:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_CODENAME=xenial$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu version</span>Â 
>        <span class="label label-default">oval:ssg-test_ubuntu_xenial:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu version">oval:ssg-obj_ubuntu_xenial:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_CODENAME=xenial$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_unix_family:obj:1</abbr></strong> of type
>                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_unix_family:obj:1</abbr></strong> of type
>                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">/etc/lsb-release exists</span>Â 
>        <span class="label label-default">oval:ssg-test_lsb:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="check /etc/lsb-release file">oval:ssg-obj_lsb:obj:1</abbr></strong> of type
>                <strong>file_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th></tr></thead><tbody><tr><td>/etc/lsb-release</td></tr></tbody></table><h4><span class="label label-primary">/etc/lsb-release exists</span>Â 
>        <span class="label label-default">oval:ssg-test_lsb:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="check /etc/lsb-release file">oval:ssg-obj_lsb:obj:1</abbr></strong> of type
>                <strong>file_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th></tr></thead><tbody><tr><td>/etc/lsb-release</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu</span>Â 
>        <span class="label label-default">oval:ssg-test_ubuntu:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu">oval:ssg-obj_ubuntu:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_ID=Ubuntu$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu</span>Â 
>        <span class="label label-default">oval:ssg-test_ubuntu:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu">oval:ssg-obj_ubuntu:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_ID=Ubuntu$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_unix_family:obj:1</abbr></strong> of type
>                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_unix_family:obj:1</abbr></strong> of type
>                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">/etc/lsb-release exists</span>Â 
>        <span class="label label-default">oval:ssg-test_lsb:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="check /etc/lsb-release file">oval:ssg-obj_lsb:obj:1</abbr></strong> of type
>                <strong>file_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th></tr></thead><tbody><tr><td>/etc/lsb-release</td></tr></tbody></table><h4><span class="label label-primary">/etc/lsb-release exists</span>Â 
>        <span class="label label-default">oval:ssg-test_lsb:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="check /etc/lsb-release file">oval:ssg-obj_lsb:obj:1</abbr></strong> of type
>                <strong>file_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th></tr></thead><tbody><tr><td>/etc/lsb-release</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu</span>Â 
>        <span class="label label-default">oval:ssg-test_ubuntu:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu">oval:ssg-obj_ubuntu:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_ID=Ubuntu$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu</span>Â 
>        <span class="label label-default">oval:ssg-test_ubuntu:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu">oval:ssg-obj_ubuntu:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_ID=Ubuntu$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu version</span>Â 
>        <span class="label label-default">oval:ssg-test_ubuntu_bionic:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu version">oval:ssg-obj_ubuntu_bionic:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_CODENAME=bionic$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu version</span>Â 
>        <span class="label label-default">oval:ssg-test_ubuntu_bionic:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu version">oval:ssg-obj_ubuntu_bionic:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_CODENAME=bionic$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_unix_family:obj:1</abbr></strong> of type
>                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_unix_family:obj:1</abbr></strong> of type
>                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">/etc/lsb-release exists</span>Â 
>        <span class="label label-default">oval:ssg-test_lsb:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="check /etc/lsb-release file">oval:ssg-obj_lsb:obj:1</abbr></strong> of type
>                <strong>file_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th></tr></thead><tbody><tr><td>/etc/lsb-release</td></tr></tbody></table><h4><span class="label label-primary">/etc/lsb-release exists</span>Â 
>        <span class="label label-default">oval:ssg-test_lsb:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="check /etc/lsb-release file">oval:ssg-obj_lsb:obj:1</abbr></strong> of type
>                <strong>file_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th></tr></thead><tbody><tr><td>/etc/lsb-release</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu</span>Â 
>        <span class="label label-default">oval:ssg-test_ubuntu:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu">oval:ssg-obj_ubuntu:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_ID=Ubuntu$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu</span>Â 
>        <span class="label label-default">oval:ssg-test_ubuntu:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu">oval:ssg-obj_ubuntu:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_ID=Ubuntu$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_unix_family:obj:1</abbr></strong> of type
>                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_unix_family:obj:1</abbr></strong> of type
>                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">/etc/lsb-release exists</span>Â 
>        <span class="label label-default">oval:ssg-test_lsb:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="check /etc/lsb-release file">oval:ssg-obj_lsb:obj:1</abbr></strong> of type
>                <strong>file_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th></tr></thead><tbody><tr><td>/etc/lsb-release</td></tr></tbody></table><h4><span class="label label-primary">/etc/lsb-release exists</span>Â 
>        <span class="label label-default">oval:ssg-test_lsb:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="check /etc/lsb-release file">oval:ssg-obj_lsb:obj:1</abbr></strong> of type
>                <strong>file_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th></tr></thead><tbody><tr><td>/etc/lsb-release</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu</span>Â 
>        <span class="label label-default">oval:ssg-test_ubuntu:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu">oval:ssg-obj_ubuntu:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_ID=Ubuntu$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu</span>Â 
>        <span class="label label-default">oval:ssg-test_ubuntu:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu">oval:ssg-obj_ubuntu:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_ID=Ubuntu$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu version</span>Â 
>        <span class="label label-default">oval:ssg-test_ubuntu_bionic:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu version">oval:ssg-obj_ubuntu_bionic:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_CODENAME=bionic$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu version</span>Â 
>        <span class="label label-default">oval:ssg-test_ubuntu_bionic:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu version">oval:ssg-obj_ubuntu_bionic:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_CODENAME=bionic$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_unix_family:obj:1</abbr></strong> of type
>                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_unix_family:obj:1</abbr></strong> of type
>                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">/etc/lsb-release exists</span>Â 
>        <span class="label label-default">oval:ssg-test_lsb:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="check /etc/lsb-release file">oval:ssg-obj_lsb:obj:1</abbr></strong> of type
>                <strong>file_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th></tr></thead><tbody><tr><td>/etc/lsb-release</td></tr></tbody></table><h4><span class="label label-primary">/etc/lsb-release exists</span>Â 
>        <span class="label label-default">oval:ssg-test_lsb:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="check /etc/lsb-release file">oval:ssg-obj_lsb:obj:1</abbr></strong> of type
>                <strong>file_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th></tr></thead><tbody><tr><td>/etc/lsb-release</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu</span>Â 
>        <span class="label label-default">oval:ssg-test_ubuntu:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu">oval:ssg-obj_ubuntu:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_ID=Ubuntu$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu</span>Â 
>        <span class="label label-default">oval:ssg-test_ubuntu:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu">oval:ssg-obj_ubuntu:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_ID=Ubuntu$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_unix_family:obj:1</abbr></strong> of type
>                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_unix_family:obj:1</abbr></strong> of type
>                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">/etc/lsb-release exists</span>Â 
>        <span class="label label-default">oval:ssg-test_lsb:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="check /etc/lsb-release file">oval:ssg-obj_lsb:obj:1</abbr></strong> of type
>                <strong>file_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th></tr></thead><tbody><tr><td>/etc/lsb-release</td></tr></tbody></table><h4><span class="label label-primary">/etc/lsb-release exists</span>Â 
>        <span class="label label-default">oval:ssg-test_lsb:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="check /etc/lsb-release file">oval:ssg-obj_lsb:obj:1</abbr></strong> of type
>                <strong>file_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th></tr></thead><tbody><tr><td>/etc/lsb-release</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu</span>Â 
>        <span class="label label-default">oval:ssg-test_ubuntu:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu">oval:ssg-obj_ubuntu:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_ID=Ubuntu$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu</span>Â 
>        <span class="label label-default">oval:ssg-test_ubuntu:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu">oval:ssg-obj_ubuntu:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_ID=Ubuntu$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu version</span>Â 
>        <span class="label label-default">oval:ssg-test_ubuntu_focal:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu version">oval:ssg-obj_ubuntu_focal:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_CODENAME=focal$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu version</span>Â 
>        <span class="label label-default">oval:ssg-test_ubuntu_focal:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu version">oval:ssg-obj_ubuntu_focal:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_CODENAME=focal$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_unix_family:obj:1</abbr></strong> of type
>                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_unix_family:obj:1</abbr></strong> of type
>                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">/etc/lsb-release exists</span>Â 
>        <span class="label label-default">oval:ssg-test_lsb:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="check /etc/lsb-release file">oval:ssg-obj_lsb:obj:1</abbr></strong> of type
>                <strong>file_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th></tr></thead><tbody><tr><td>/etc/lsb-release</td></tr></tbody></table><h4><span class="label label-primary">/etc/lsb-release exists</span>Â 
>        <span class="label label-default">oval:ssg-test_lsb:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="check /etc/lsb-release file">oval:ssg-obj_lsb:obj:1</abbr></strong> of type
>                <strong>file_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th></tr></thead><tbody><tr><td>/etc/lsb-release</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu</span>Â 
>        <span class="label label-default">oval:ssg-test_ubuntu:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu">oval:ssg-obj_ubuntu:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_ID=Ubuntu$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu</span>Â 
>        <span class="label label-default">oval:ssg-test_ubuntu:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu">oval:ssg-obj_ubuntu:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_ID=Ubuntu$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_unix_family:obj:1</abbr></strong> of type
>                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_unix_family:obj:1</abbr></strong> of type
>                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">/etc/lsb-release exists</span>Â 
>        <span class="label label-default">oval:ssg-test_lsb:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="check /etc/lsb-release file">oval:ssg-obj_lsb:obj:1</abbr></strong> of type
>                <strong>file_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th></tr></thead><tbody><tr><td>/etc/lsb-release</td></tr></tbody></table><h4><span class="label label-primary">/etc/lsb-release exists</span>Â 
>        <span class="label label-default">oval:ssg-test_lsb:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="check /etc/lsb-release file">oval:ssg-obj_lsb:obj:1</abbr></strong> of type
>                <strong>file_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th></tr></thead><tbody><tr><td>/etc/lsb-release</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu</span>Â 
>        <span class="label label-default">oval:ssg-test_ubuntu:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu">oval:ssg-obj_ubuntu:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_ID=Ubuntu$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu</span>Â 
>        <span class="label label-default">oval:ssg-test_ubuntu:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu">oval:ssg-obj_ubuntu:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_ID=Ubuntu$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu version</span>Â 
>        <span class="label label-default">oval:ssg-test_ubuntu_focal:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu version">oval:ssg-obj_ubuntu_focal:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_CODENAME=focal$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu version</span>Â 
>        <span class="label label-default">oval:ssg-test_ubuntu_focal:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu version">oval:ssg-obj_ubuntu_focal:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_CODENAME=focal$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Verify if Profile set Value sshd_required as not required</span>Â 
>        <span class="label label-default">oval:ssg-test_sshd_not_required:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Var ref</th><th>Value</th></tr></thead><tbody><tr><td>oval:ssg-sshd_required:var:1</td><td>0</td></tr></tbody></table><h4><span class="label label-primary">Verify if Value of sshd_required is the default</span>Â 
>        <span class="label label-default">oval:ssg-test_sshd_requirement_unset:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Var ref</th><th>Value</th></tr></thead><tbody><tr><td>oval:ssg-sshd_required:var:1</td><td>0</td></tr></tbody></table><h4><span class="label label-primary">package openssh-server is removed</span>Â 
>        <span class="label label-default">oval:ssg-test_package_openssh-server_removed:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th><th>Arch</th><th>Epoch</th><th>Release</th><th>Version</th><th>Evr</th><th>Signature keyid</th><th>Extended name</th></tr></thead><tbody><tr><td>openssh-server</td><td>x86_64</td><td>(none)</td><td>150300.3.22.1</td><td>8.4p1</td><td>0:8.4p1-150300.3.22.1</td><td>70af9e8139db7c82</td><td>openssh-server-0:8.4p1-150300.3.22.1.x86_64</td></tr></tbody></table><h4><span class="label label-primary">Verify if Profile set Value sshd_required as required</span>Â 
>        <span class="label label-default">oval:ssg-test_sshd_required:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Var ref</th><th>Value</th></tr></thead><tbody><tr><td>oval:ssg-sshd_required:var:1</td><td>0</td></tr></tbody></table><h4><span class="label label-primary">Verify if Value of sshd_required is the default</span>Â 
>        <span class="label label-default">oval:ssg-test_sshd_requirement_unset:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Var ref</th><th>Value</th></tr></thead><tbody><tr><td>oval:ssg-sshd_required:var:1</td><td>0</td></tr></tbody></table><h4><span class="label label-primary">package openssh-server is installed</span>Â 
>        <span class="label label-default">oval:ssg-test_package_openssh-server_installed:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th><th>Arch</th><th>Epoch</th><th>Release</th><th>Version</th><th>Evr</th><th>Signature keyid</th><th>Extended name</th></tr></thead><tbody><tr><td>openssh-server</td><td>x86_64</td><td>(none)</td><td>150300.3.22.1</td><td>8.4p1</td><td>0:8.4p1-150300.3.22.1</td><td>70af9e8139db7c82</td><td>openssh-server-0:8.4p1-150300.3.22.1.x86_64</td></tr></tbody></table><h4><span class="label label-primary">tests the value of Ciphers setting in the /etc/ssh/sshd_config file</span>Â 
>        <span class="label label-default">oval:ssg-test_sshd_use_approved_ciphers:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Var ref</th><th>Value</th><th>Value</th><th>Value</th></tr></thead><tbody><tr><td>oval:ssg-var_sshd_config_ciphers:var:1</td><td>aes256-ctr</td><td>aes192-ctr</td><td>aes128-ctr</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_sshd_use_approved_ciphers_ordered_stig" id="rule-detail-id34449"><div class="keywords sr-only">Use Only FIPS 140-2 Validated Ciphersxccdf_org.ssgproject.content_rule_sshd_use_approved_ciphers_ordered_stig mediumCCE-83271-7 </div><div class="panel-heading"><h3 class="panel-title">Use Only FIPS 140-2 Validated Ciphers</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_sshd_use_approved_ciphers_ordered_stig</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-sshd_use_approved_ciphers_ordered_stig:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:07+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
>            <abbr title="https://ncp.nist.gov/cce: CCE-83271-7">CCE-83271-7</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
>            <a href="https://public.cyber.mil/stigs/cci/">CCI-000068</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000803</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000877</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002890</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-003123</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000033-GPOS-00014</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000120-GPOS-00061</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000125-GPOS-00065</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000250-GPOS-00093</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000393-GPOS-00173</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000394-GPOS-00174</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">SLES-15-010160</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-234816r744125_rule</a></p></td></tr><tr><td>Description</td><td><div class="description">Limit the ciphers to those algorithms which are FIPS-approved.
>The following line in <code>/etc/ssh/sshd_config</code>
>demonstrates use of FIPS-approved ciphers:
><pre>Ciphers aes256-ctr,aes192-ctr,aes128-ctr</pre>
>This rule ensures that there are configured ciphers mentioned
>above (or their subset), keeping the given order of algorithms.</div></td></tr><tr><td>Rationale</td><td><div class="rationale">Unapproved mechanisms that are used for authentication to the cryptographic module are not verified and therefore
>cannot be relied upon to provide confidentiality or integrity, and system data may be compromised.
><br>
>Operating systems utilizing encryption are required to use FIPS-compliant mechanisms for authenticating to
>cryptographic modules.
><br>
>FIPS 140-2 is the current standard for validating that mechanisms used to access cryptographic modules
>utilize authentication that meets industry and government requirements. For government systems, this allows
>Security Levels 1, 2, 3, or 4 for use on SUSE Linux Enterprise 15.</div></td></tr><tr><td>Warnings</td><td><div class="panel panel-warning"><div class="panel-heading"><span class="label label-warning">warning</span>Â 
>                                The system needs to be rebooted for these changes to take effect.</div></div><div class="panel panel-warning"><div class="panel-heading"><span class="label label-warning">warning</span>Â 
>                                System Crypto Modules must be provided by a vendor that undergoes
>FIPS-140 certifications.
>FIPS-140 is applicable to all Federal agencies that use
>cryptographic-based security systems to protect sensitive information
>in computer and telecommunication systems (including voice systems) as
>defined in Section 5131 of the Information Technology Management Reform
>Act of 1996, Public Law 104-106. This standard shall be used in
>designing and implementing cryptographic modules that Federal
>departments and agencies operate or are operated for them under
>contract. See <b><a href="https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.140-2.pdf">https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.140-2.pdf</a></b>
>To meet this, the system has to have cryptographic software provided by
>a vendor that has undergone this certification. This means providing
>documentation, test results, design information, and independent third
>party review by an accredited lab. While open source software is
>capable of meeting this, it does not meet FIPS-140 unless the vendor
>submits to this process.</div></div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">installed OS part of unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_rhel7_unix_family:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">installed OS part of unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_rhel7_unix_family:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhel7_unix_family:obj:1</abbr></strong> of type
>                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">redhat-release-client is version 7</span>Â 
>        <span class="label label-default">oval:ssg-test_rhel7_client:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhel7_client:obj:1</abbr></strong> of type
>                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>redhat-release-client</td></tr></tbody></table><h4><span class="label label-primary">redhat-release-client is version 7</span>Â 
>        <span class="label label-default">oval:ssg-test_rhel7_client:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhel7_client:obj:1</abbr></strong> of type
>                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>redhat-release-client</td></tr></tbody></table><h4><span class="label label-primary">redhat-release-workstation is version 7</span>Â 
>        <span class="label label-default">oval:ssg-test_rhel7_workstation:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhel7_workstation:obj:1</abbr></strong> of type
>                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>redhat-release-workstation</td></tr></tbody></table><h4><span class="label label-primary">redhat-release-workstation is version 7</span>Â 
>        <span class="label label-default">oval:ssg-test_rhel7_workstation:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhel7_workstation:obj:1</abbr></strong> of type
>                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>redhat-release-workstation</td></tr></tbody></table><h4><span class="label label-primary">redhat-release-server is version 7</span>Â 
>        <span class="label label-default">oval:ssg-test_rhel7_server:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhel7_server:obj:1</abbr></strong> of type
>                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>redhat-release-server</td></tr></tbody></table><h4><span class="label label-primary">redhat-release-server is version 7</span>Â 
>        <span class="label label-default">oval:ssg-test_rhel7_server:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhel7_server:obj:1</abbr></strong> of type
>                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>redhat-release-server</td></tr></tbody></table><h4><span class="label label-primary">redhat-release-computenode is version 7</span>Â 
>        <span class="label label-default">oval:ssg-test_rhel7_computenode:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhel7_computenode:obj:1</abbr></strong> of type
>                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>redhat-release-computenode</td></tr></tbody></table><h4><span class="label label-primary">redhat-release-computenode is version 7</span>Â 
>        <span class="label label-default">oval:ssg-test_rhel7_computenode:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhel7_computenode:obj:1</abbr></strong> of type
>                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>redhat-release-computenode</td></tr></tbody></table><h4><span class="label label-primary">redhat-release-virtualization-host RPM package is installed</span>Â 
>        <span class="label label-default">oval:ssg-test_rhvh4_version:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhvh4_version:obj:1</abbr></strong> of type
>                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>redhat-release-virtualization-host</td></tr></tbody></table><h4><span class="label label-primary">redhat-release-virtualization-host RPM package is installed</span>Â 
>        <span class="label label-default">oval:ssg-test_rhvh4_version:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhvh4_version:obj:1</abbr></strong> of type
>                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>redhat-release-virtualization-host</td></tr></tbody></table><h4><span class="label label-primary">RHEVH base RHEL is version 7</span>Â 
>        <span class="label label-default">oval:ssg-test_rhevh_rhel7_version:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhevh_rhel7_version:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/redhat-release</td><td>^Red Hat Enterprise Linux release (\d)\.\d+$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">RHEVH base RHEL is version 7</span>Â 
>        <span class="label label-default">oval:ssg-test_rhevh_rhel7_version:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhevh_rhel7_version:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/redhat-release</td><td>^Red Hat Enterprise Linux release (\d)\.\d+$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">installed OS part of unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_rhel7_unix_family:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">installed OS part of unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_rhel7_unix_family:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhel7_unix_family:obj:1</abbr></strong> of type
>                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">redhat-release-client is version 7</span>Â 
>        <span class="label label-default">oval:ssg-test_rhel7_client:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhel7_client:obj:1</abbr></strong> of type
>                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>redhat-release-client</td></tr></tbody></table><h4><span class="label label-primary">redhat-release-client is version 7</span>Â 
>        <span class="label label-default">oval:ssg-test_rhel7_client:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhel7_client:obj:1</abbr></strong> of type
>                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>redhat-release-client</td></tr></tbody></table><h4><span class="label label-primary">redhat-release-workstation is version 7</span>Â 
>        <span class="label label-default">oval:ssg-test_rhel7_workstation:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhel7_workstation:obj:1</abbr></strong> of type
>                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>redhat-release-workstation</td></tr></tbody></table><h4><span class="label label-primary">redhat-release-workstation is version 7</span>Â 
>        <span class="label label-default">oval:ssg-test_rhel7_workstation:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhel7_workstation:obj:1</abbr></strong> of type
>                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>redhat-release-workstation</td></tr></tbody></table><h4><span class="label label-primary">redhat-release-server is version 7</span>Â 
>        <span class="label label-default">oval:ssg-test_rhel7_server:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhel7_server:obj:1</abbr></strong> of type
>                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>redhat-release-server</td></tr></tbody></table><h4><span class="label label-primary">redhat-release-server is version 7</span>Â 
>        <span class="label label-default">oval:ssg-test_rhel7_server:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhel7_server:obj:1</abbr></strong> of type
>                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>redhat-release-server</td></tr></tbody></table><h4><span class="label label-primary">redhat-release-computenode is version 7</span>Â 
>        <span class="label label-default">oval:ssg-test_rhel7_computenode:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhel7_computenode:obj:1</abbr></strong> of type
>                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>redhat-release-computenode</td></tr></tbody></table><h4><span class="label label-primary">redhat-release-computenode is version 7</span>Â 
>        <span class="label label-default">oval:ssg-test_rhel7_computenode:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhel7_computenode:obj:1</abbr></strong> of type
>                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>redhat-release-computenode</td></tr></tbody></table><h4><span class="label label-primary">redhat-release-virtualization-host RPM package is installed</span>Â 
>        <span class="label label-default">oval:ssg-test_rhvh4_version:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhvh4_version:obj:1</abbr></strong> of type
>                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>redhat-release-virtualization-host</td></tr></tbody></table><h4><span class="label label-primary">redhat-release-virtualization-host RPM package is installed</span>Â 
>        <span class="label label-default">oval:ssg-test_rhvh4_version:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhvh4_version:obj:1</abbr></strong> of type
>                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>redhat-release-virtualization-host</td></tr></tbody></table><h4><span class="label label-primary">RHEVH base RHEL is version 7</span>Â 
>        <span class="label label-default">oval:ssg-test_rhevh_rhel7_version:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhevh_rhel7_version:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/redhat-release</td><td>^Red Hat Enterprise Linux release (\d)\.\d+$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">RHEVH base RHEL is version 7</span>Â 
>        <span class="label label-default">oval:ssg-test_rhevh_rhel7_version:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhevh_rhel7_version:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/redhat-release</td><td>^Red Hat Enterprise Linux release (\d)\.\d+$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">installed OS part of unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_rhel8_unix_family:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">installed OS part of unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_rhel8_unix_family:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhel8_unix_family:obj:1</abbr></strong> of type
>                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">redhat-release is version 8</span>Â 
>        <span class="label label-default">oval:ssg-test_rhel8:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhel8:obj:1</abbr></strong> of type
>                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>redhat-release</td></tr></tbody></table><h4><span class="label label-primary">redhat-release is version 8</span>Â 
>        <span class="label label-default">oval:ssg-test_rhel8:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhel8:obj:1</abbr></strong> of type
>                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>redhat-release</td></tr></tbody></table><h4><span class="label label-primary">redhat-release-virtualization-host RPM package is installed</span>Â 
>        <span class="label label-default">oval:ssg-test_rhvh4_version:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhvh4_version:obj:1</abbr></strong> of type
>                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>redhat-release-virtualization-host</td></tr></tbody></table><h4><span class="label label-primary">redhat-release-virtualization-host RPM package is installed</span>Â 
>        <span class="label label-default">oval:ssg-test_rhvh4_version:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhvh4_version:obj:1</abbr></strong> of type
>                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>redhat-release-virtualization-host</td></tr></tbody></table><h4><span class="label label-primary">RHEVH base RHEL is version 8</span>Â 
>        <span class="label label-default">oval:ssg-test_rhevh_rhel8_version:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhevh_rhel8_version:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/redhat-release</td><td>^Red Hat Enterprise Linux release (\d)\.\d+$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">RHEVH base RHEL is version 8</span>Â 
>        <span class="label label-default">oval:ssg-test_rhevh_rhel8_version:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhevh_rhel8_version:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/redhat-release</td><td>^Red Hat Enterprise Linux release (\d)\.\d+$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">installed OS part of unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_rhel8_unix_family:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">installed OS part of unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_rhel8_unix_family:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhel8_unix_family:obj:1</abbr></strong> of type
>                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">redhat-release is version 8</span>Â 
>        <span class="label label-default">oval:ssg-test_rhel8:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhel8:obj:1</abbr></strong> of type
>                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>redhat-release</td></tr></tbody></table><h4><span class="label label-primary">redhat-release is version 8</span>Â 
>        <span class="label label-default">oval:ssg-test_rhel8:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhel8:obj:1</abbr></strong> of type
>                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>redhat-release</td></tr></tbody></table><h4><span class="label label-primary">redhat-release-virtualization-host RPM package is installed</span>Â 
>        <span class="label label-default">oval:ssg-test_rhvh4_version:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhvh4_version:obj:1</abbr></strong> of type
>                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>redhat-release-virtualization-host</td></tr></tbody></table><h4><span class="label label-primary">redhat-release-virtualization-host RPM package is installed</span>Â 
>        <span class="label label-default">oval:ssg-test_rhvh4_version:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhvh4_version:obj:1</abbr></strong> of type
>                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>redhat-release-virtualization-host</td></tr></tbody></table><h4><span class="label label-primary">RHEVH base RHEL is version 8</span>Â 
>        <span class="label label-default">oval:ssg-test_rhevh_rhel8_version:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhevh_rhel8_version:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/redhat-release</td><td>^Red Hat Enterprise Linux release (\d)\.\d+$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">RHEVH base RHEL is version 8</span>Â 
>        <span class="label label-default">oval:ssg-test_rhevh_rhel8_version:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhevh_rhel8_version:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/redhat-release</td><td>^Red Hat Enterprise Linux release (\d)\.\d+$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">os-release is rhcos</span>Â 
>        <span class="label label-default">oval:ssg-test_rhcos:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/os-release</td><td>ID="sles"</td></tr></tbody></table><h4><span class="label label-primary">os-release is rhcos</span>Â 
>        <span class="label label-default">oval:ssg-test_rhcos:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhcos:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/os-release</td><td>^ID="(\w+)"$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">rhcoreos is version 4</span>Â 
>        <span class="label label-default">oval:ssg-test_rhcos4:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhcos4:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/os-release</td><td>^VERSION_ID="(\d)\.\d+"$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">rhcoreos is version 4</span>Â 
>        <span class="label label-default">oval:ssg-test_rhcos4:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhcos4:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/os-release</td><td>^VERSION_ID="(\d)\.\d+"$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">os-release is rhcos</span>Â 
>        <span class="label label-default">oval:ssg-test_rhcos:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/os-release</td><td>ID="sles"</td></tr></tbody></table><h4><span class="label label-primary">os-release is rhcos</span>Â 
>        <span class="label label-default">oval:ssg-test_rhcos:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhcos:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/os-release</td><td>^ID="(\w+)"$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">rhcoreos is version 4</span>Â 
>        <span class="label label-default">oval:ssg-test_rhcos4:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhcos4:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/os-release</td><td>^VERSION_ID="(\d)\.\d+"$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">rhcoreos is version 4</span>Â 
>        <span class="label label-default">oval:ssg-test_rhcos4:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhcos4:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/os-release</td><td>^VERSION_ID="(\d)\.\d+"$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_unix_family:obj:1</abbr></strong> of type
>                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_unix_family:obj:1</abbr></strong> of type
>                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">oraclelinux-release is version 7</span>Â 
>        <span class="label label-default">oval:ssg-test_ol7_system:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_ol7_system:obj:1</abbr></strong> of type
>                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>oraclelinux-release</td></tr></tbody></table><h4><span class="label label-primary">oraclelinux-release is version 7</span>Â 
>        <span class="label label-default">oval:ssg-test_ol7_system:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_ol7_system:obj:1</abbr></strong> of type
>                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>oraclelinux-release</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_unix_family:obj:1</abbr></strong> of type
>                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_unix_family:obj:1</abbr></strong> of type
>                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">oraclelinux-release is version 7</span>Â 
>        <span class="label label-default">oval:ssg-test_ol7_system:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_ol7_system:obj:1</abbr></strong> of type
>                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>oraclelinux-release</td></tr></tbody></table><h4><span class="label label-primary">oraclelinux-release is version 7</span>Â 
>        <span class="label label-default">oval:ssg-test_ol7_system:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_ol7_system:obj:1</abbr></strong> of type
>                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>oraclelinux-release</td></tr></tbody></table><h4><span class="label label-primary">installed OS part of unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_sle12_unix_family:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">installed OS part of unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_sle12_unix_family:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_sle12_unix_family:obj:1</abbr></strong> of type
>                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">sled-release is version 6</span>Â 
>        <span class="label label-default">oval:ssg-test_sle12_desktop:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_sle12_desktop:obj:1</abbr></strong> of type
>                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>sled-release</td></tr></tbody></table><h4><span class="label label-primary">sled-release is version 6</span>Â 
>        <span class="label label-default">oval:ssg-test_sle12_desktop:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_sle12_desktop:obj:1</abbr></strong> of type
>                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>sled-release</td></tr></tbody></table><h4><span class="label label-primary">sles-release is version 6</span>Â 
>        <span class="label label-default">oval:ssg-test_sle12_server:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th><th>Arch</th><th>Epoch</th><th>Release</th><th>Version</th><th>Evr</th><th>Signature keyid</th><th>Extended name</th></tr></thead><tbody><tr><td>sles-release</td><td>x86_64</td><td>(none)</td><td>150500.43.4</td><td>15.5</td><td>0:15.5-150500.43.4</td><td>70af9e8139db7c82</td><td>sles-release-0:15.5-150500.43.4.x86_64</td></tr></tbody></table><h4><span class="label label-primary">sles-release is version 6</span>Â 
>        <span class="label label-default">oval:ssg-test_sle12_server:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_sle12_server:obj:1</abbr></strong> of type
>                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>sles-release</td></tr></tbody></table><h4><span class="label label-primary">SLES_SAP-release is version 12</span>Â 
>        <span class="label label-default">oval:ssg-test_sles_12_for_sap:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_sles_12_for_sap:obj:1</abbr></strong> of type
>                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>SLES_SAP-release</td></tr></tbody></table><h4><span class="label label-primary">SLES_SAP-release is version 12</span>Â 
>        <span class="label label-default">oval:ssg-test_sles_12_for_sap:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_sles_12_for_sap:obj:1</abbr></strong> of type
>                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>SLES_SAP-release</td></tr></tbody></table><h4><span class="label label-primary">installed OS part of unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_sle12_unix_family:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">installed OS part of unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_sle12_unix_family:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_sle12_unix_family:obj:1</abbr></strong> of type
>                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">sled-release is version 6</span>Â 
>        <span class="label label-default">oval:ssg-test_sle12_desktop:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_sle12_desktop:obj:1</abbr></strong> of type
>                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>sled-release</td></tr></tbody></table><h4><span class="label label-primary">sled-release is version 6</span>Â 
>        <span class="label label-default">oval:ssg-test_sle12_desktop:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_sle12_desktop:obj:1</abbr></strong> of type
>                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>sled-release</td></tr></tbody></table><h4><span class="label label-primary">sles-release is version 6</span>Â 
>        <span class="label label-default">oval:ssg-test_sle12_server:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th><th>Arch</th><th>Epoch</th><th>Release</th><th>Version</th><th>Evr</th><th>Signature keyid</th><th>Extended name</th></tr></thead><tbody><tr><td>sles-release</td><td>x86_64</td><td>(none)</td><td>150500.43.4</td><td>15.5</td><td>0:15.5-150500.43.4</td><td>70af9e8139db7c82</td><td>sles-release-0:15.5-150500.43.4.x86_64</td></tr></tbody></table><h4><span class="label label-primary">sles-release is version 6</span>Â 
>        <span class="label label-default">oval:ssg-test_sle12_server:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_sle12_server:obj:1</abbr></strong> of type
>                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>sles-release</td></tr></tbody></table><h4><span class="label label-primary">SLES_SAP-release is version 12</span>Â 
>        <span class="label label-default">oval:ssg-test_sles_12_for_sap:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_sles_12_for_sap:obj:1</abbr></strong> of type
>                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>SLES_SAP-release</td></tr></tbody></table><h4><span class="label label-primary">SLES_SAP-release is version 12</span>Â 
>        <span class="label label-default">oval:ssg-test_sles_12_for_sap:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_sles_12_for_sap:obj:1</abbr></strong> of type
>                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>SLES_SAP-release</td></tr></tbody></table><h4><span class="label label-primary">installed OS part of unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_sle15_unix_family:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">installed OS part of unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_sle15_unix_family:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">sled-release is version 15</span>Â 
>        <span class="label label-default">oval:ssg-test_sle15_desktop:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_sle15_desktop:obj:1</abbr></strong> of type
>                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>sled-release</td></tr></tbody></table><h4><span class="label label-primary">sled-release is version 15</span>Â 
>        <span class="label label-default">oval:ssg-test_sle15_desktop:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_sle15_desktop:obj:1</abbr></strong> of type
>                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>sled-release</td></tr></tbody></table><h4><span class="label label-primary">sles-release is version 15</span>Â 
>        <span class="label label-default">oval:ssg-test_sle15_server:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th><th>Arch</th><th>Epoch</th><th>Release</th><th>Version</th><th>Evr</th><th>Signature keyid</th><th>Extended name</th></tr></thead><tbody><tr><td>sles-release</td><td>x86_64</td><td>(none)</td><td>150500.43.4</td><td>15.5</td><td>0:15.5-150500.43.4</td><td>70af9e8139db7c82</td><td>sles-release-0:15.5-150500.43.4.x86_64</td></tr></tbody></table><h4><span class="label label-primary">sles-release is version 15</span>Â 
>        <span class="label label-default">oval:ssg-test_sle15_server:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th><th>Arch</th><th>Epoch</th><th>Release</th><th>Version</th><th>Evr</th><th>Signature keyid</th><th>Extended name</th></tr></thead><tbody><tr><td>sles-release</td><td>x86_64</td><td>(none)</td><td>150500.43.4</td><td>15.5</td><td>0:15.5-150500.43.4</td><td>70af9e8139db7c82</td><td>sles-release-0:15.5-150500.43.4.x86_64</td></tr></tbody></table><h4><span class="label label-primary">SLES_SAP-release is version 15</span>Â 
>        <span class="label label-default">oval:ssg-test_sles_15_for_sap:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_sles_15_for_sap:obj:1</abbr></strong> of type
>                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>SLES_SAP-release</td></tr></tbody></table><h4><span class="label label-primary">SLES_SAP-release is version 15</span>Â 
>        <span class="label label-default">oval:ssg-test_sles_15_for_sap:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_sles_15_for_sap:obj:1</abbr></strong> of type
>                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>SLES_SAP-release</td></tr></tbody></table><h4><span class="label label-primary">SUMA is version 4</span>Â 
>        <span class="label label-default">oval:ssg-test_suma_4:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_suma_4:obj:1</abbr></strong> of type
>                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>SUSE-Manager-Server-release</td></tr></tbody></table><h4><span class="label label-primary">SUMA is version 4</span>Â 
>        <span class="label label-default">oval:ssg-test_suma_4:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_suma_4:obj:1</abbr></strong> of type
>                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>SUSE-Manager-Server-release</td></tr></tbody></table><h4><span class="label label-primary">SLE HPC release is version 15</span>Â 
>        <span class="label label-default">oval:ssg-test_sle_hpc:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_sle_hpc:obj:1</abbr></strong> of type
>                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>SLE_HPC-release</td></tr></tbody></table><h4><span class="label label-primary">SLE HPC release is version 15</span>Â 
>        <span class="label label-default">oval:ssg-test_sle_hpc:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_sle_hpc:obj:1</abbr></strong> of type
>                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>SLE_HPC-release</td></tr></tbody></table><h4><span class="label label-primary">installed OS part of unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_sle15_unix_family:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">installed OS part of unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_sle15_unix_family:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">sled-release is version 15</span>Â 
>        <span class="label label-default">oval:ssg-test_sle15_desktop:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_sle15_desktop:obj:1</abbr></strong> of type
>                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>sled-release</td></tr></tbody></table><h4><span class="label label-primary">sled-release is version 15</span>Â 
>        <span class="label label-default">oval:ssg-test_sle15_desktop:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_sle15_desktop:obj:1</abbr></strong> of type
>                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>sled-release</td></tr></tbody></table><h4><span class="label label-primary">sles-release is version 15</span>Â 
>        <span class="label label-default">oval:ssg-test_sle15_server:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th><th>Arch</th><th>Epoch</th><th>Release</th><th>Version</th><th>Evr</th><th>Signature keyid</th><th>Extended name</th></tr></thead><tbody><tr><td>sles-release</td><td>x86_64</td><td>(none)</td><td>150500.43.4</td><td>15.5</td><td>0:15.5-150500.43.4</td><td>70af9e8139db7c82</td><td>sles-release-0:15.5-150500.43.4.x86_64</td></tr></tbody></table><h4><span class="label label-primary">sles-release is version 15</span>Â 
>        <span class="label label-default">oval:ssg-test_sle15_server:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th><th>Arch</th><th>Epoch</th><th>Release</th><th>Version</th><th>Evr</th><th>Signature keyid</th><th>Extended name</th></tr></thead><tbody><tr><td>sles-release</td><td>x86_64</td><td>(none)</td><td>150500.43.4</td><td>15.5</td><td>0:15.5-150500.43.4</td><td>70af9e8139db7c82</td><td>sles-release-0:15.5-150500.43.4.x86_64</td></tr></tbody></table><h4><span class="label label-primary">SLES_SAP-release is version 15</span>Â 
>        <span class="label label-default">oval:ssg-test_sles_15_for_sap:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_sles_15_for_sap:obj:1</abbr></strong> of type
>                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>SLES_SAP-release</td></tr></tbody></table><h4><span class="label label-primary">SLES_SAP-release is version 15</span>Â 
>        <span class="label label-default">oval:ssg-test_sles_15_for_sap:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_sles_15_for_sap:obj:1</abbr></strong> of type
>                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>SLES_SAP-release</td></tr></tbody></table><h4><span class="label label-primary">SUMA is version 4</span>Â 
>        <span class="label label-default">oval:ssg-test_suma_4:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_suma_4:obj:1</abbr></strong> of type
>                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>SUSE-Manager-Server-release</td></tr></tbody></table><h4><span class="label label-primary">SUMA is version 4</span>Â 
>        <span class="label label-default">oval:ssg-test_suma_4:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_suma_4:obj:1</abbr></strong> of type
>                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>SUSE-Manager-Server-release</td></tr></tbody></table><h4><span class="label label-primary">SLE HPC release is version 15</span>Â 
>        <span class="label label-default">oval:ssg-test_sle_hpc:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_sle_hpc:obj:1</abbr></strong> of type
>                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>SLE_HPC-release</td></tr></tbody></table><h4><span class="label label-primary">SLE HPC release is version 15</span>Â 
>        <span class="label label-default">oval:ssg-test_sle_hpc:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_sle_hpc:obj:1</abbr></strong> of type
>                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>SLE_HPC-release</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_unix_family:obj:1</abbr></strong> of type
>                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_unix_family:obj:1</abbr></strong> of type
>                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">/etc/lsb-release exists</span>Â 
>        <span class="label label-default">oval:ssg-test_lsb:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="check /etc/lsb-release file">oval:ssg-obj_lsb:obj:1</abbr></strong> of type
>                <strong>file_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th></tr></thead><tbody><tr><td>/etc/lsb-release</td></tr></tbody></table><h4><span class="label label-primary">/etc/lsb-release exists</span>Â 
>        <span class="label label-default">oval:ssg-test_lsb:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="check /etc/lsb-release file">oval:ssg-obj_lsb:obj:1</abbr></strong> of type
>                <strong>file_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th></tr></thead><tbody><tr><td>/etc/lsb-release</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu</span>Â 
>        <span class="label label-default">oval:ssg-test_ubuntu:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu">oval:ssg-obj_ubuntu:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_ID=Ubuntu$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu</span>Â 
>        <span class="label label-default">oval:ssg-test_ubuntu:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu">oval:ssg-obj_ubuntu:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_ID=Ubuntu$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_unix_family:obj:1</abbr></strong> of type
>                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_unix_family:obj:1</abbr></strong> of type
>                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">/etc/lsb-release exists</span>Â 
>        <span class="label label-default">oval:ssg-test_lsb:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="check /etc/lsb-release file">oval:ssg-obj_lsb:obj:1</abbr></strong> of type
>                <strong>file_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th></tr></thead><tbody><tr><td>/etc/lsb-release</td></tr></tbody></table><h4><span class="label label-primary">/etc/lsb-release exists</span>Â 
>        <span class="label label-default">oval:ssg-test_lsb:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="check /etc/lsb-release file">oval:ssg-obj_lsb:obj:1</abbr></strong> of type
>                <strong>file_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th></tr></thead><tbody><tr><td>/etc/lsb-release</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu</span>Â 
>        <span class="label label-default">oval:ssg-test_ubuntu:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu">oval:ssg-obj_ubuntu:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_ID=Ubuntu$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu</span>Â 
>        <span class="label label-default">oval:ssg-test_ubuntu:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu">oval:ssg-obj_ubuntu:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_ID=Ubuntu$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu version</span>Â 
>        <span class="label label-default">oval:ssg-test_ubuntu_xenial:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu version">oval:ssg-obj_ubuntu_xenial:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_CODENAME=xenial$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu version</span>Â 
>        <span class="label label-default">oval:ssg-test_ubuntu_xenial:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu version">oval:ssg-obj_ubuntu_xenial:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_CODENAME=xenial$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_unix_family:obj:1</abbr></strong> of type
>                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_unix_family:obj:1</abbr></strong> of type
>                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">/etc/lsb-release exists</span>Â 
>        <span class="label label-default">oval:ssg-test_lsb:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="check /etc/lsb-release file">oval:ssg-obj_lsb:obj:1</abbr></strong> of type
>                <strong>file_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th></tr></thead><tbody><tr><td>/etc/lsb-release</td></tr></tbody></table><h4><span class="label label-primary">/etc/lsb-release exists</span>Â 
>        <span class="label label-default">oval:ssg-test_lsb:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="check /etc/lsb-release file">oval:ssg-obj_lsb:obj:1</abbr></strong> of type
>                <strong>file_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th></tr></thead><tbody><tr><td>/etc/lsb-release</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu</span>Â 
>        <span class="label label-default">oval:ssg-test_ubuntu:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu">oval:ssg-obj_ubuntu:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_ID=Ubuntu$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu</span>Â 
>        <span class="label label-default">oval:ssg-test_ubuntu:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu">oval:ssg-obj_ubuntu:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_ID=Ubuntu$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_unix_family:obj:1</abbr></strong> of type
>                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_unix_family:obj:1</abbr></strong> of type
>                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">/etc/lsb-release exists</span>Â 
>        <span class="label label-default">oval:ssg-test_lsb:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="check /etc/lsb-release file">oval:ssg-obj_lsb:obj:1</abbr></strong> of type
>                <strong>file_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th></tr></thead><tbody><tr><td>/etc/lsb-release</td></tr></tbody></table><h4><span class="label label-primary">/etc/lsb-release exists</span>Â 
>        <span class="label label-default">oval:ssg-test_lsb:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="check /etc/lsb-release file">oval:ssg-obj_lsb:obj:1</abbr></strong> of type
>                <strong>file_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th></tr></thead><tbody><tr><td>/etc/lsb-release</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu</span>Â 
>        <span class="label label-default">oval:ssg-test_ubuntu:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu">oval:ssg-obj_ubuntu:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_ID=Ubuntu$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu</span>Â 
>        <span class="label label-default">oval:ssg-test_ubuntu:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu">oval:ssg-obj_ubuntu:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_ID=Ubuntu$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu version</span>Â 
>        <span class="label label-default">oval:ssg-test_ubuntu_xenial:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu version">oval:ssg-obj_ubuntu_xenial:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_CODENAME=xenial$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu version</span>Â 
>        <span class="label label-default">oval:ssg-test_ubuntu_xenial:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu version">oval:ssg-obj_ubuntu_xenial:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_CODENAME=xenial$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_unix_family:obj:1</abbr></strong> of type
>                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_unix_family:obj:1</abbr></strong> of type
>                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">/etc/lsb-release exists</span>Â 
>        <span class="label label-default">oval:ssg-test_lsb:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="check /etc/lsb-release file">oval:ssg-obj_lsb:obj:1</abbr></strong> of type
>                <strong>file_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th></tr></thead><tbody><tr><td>/etc/lsb-release</td></tr></tbody></table><h4><span class="label label-primary">/etc/lsb-release exists</span>Â 
>        <span class="label label-default">oval:ssg-test_lsb:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="check /etc/lsb-release file">oval:ssg-obj_lsb:obj:1</abbr></strong> of type
>                <strong>file_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th></tr></thead><tbody><tr><td>/etc/lsb-release</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu</span>Â 
>        <span class="label label-default">oval:ssg-test_ubuntu:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu">oval:ssg-obj_ubuntu:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_ID=Ubuntu$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu</span>Â 
>        <span class="label label-default">oval:ssg-test_ubuntu:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu">oval:ssg-obj_ubuntu:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_ID=Ubuntu$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_unix_family:obj:1</abbr></strong> of type
>                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_unix_family:obj:1</abbr></strong> of type
>                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">/etc/lsb-release exists</span>Â 
>        <span class="label label-default">oval:ssg-test_lsb:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="check /etc/lsb-release file">oval:ssg-obj_lsb:obj:1</abbr></strong> of type
>                <strong>file_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th></tr></thead><tbody><tr><td>/etc/lsb-release</td></tr></tbody></table><h4><span class="label label-primary">/etc/lsb-release exists</span>Â 
>        <span class="label label-default">oval:ssg-test_lsb:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="check /etc/lsb-release file">oval:ssg-obj_lsb:obj:1</abbr></strong> of type
>                <strong>file_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th></tr></thead><tbody><tr><td>/etc/lsb-release</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu</span>Â 
>        <span class="label label-default">oval:ssg-test_ubuntu:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu">oval:ssg-obj_ubuntu:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_ID=Ubuntu$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu</span>Â 
>        <span class="label label-default">oval:ssg-test_ubuntu:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu">oval:ssg-obj_ubuntu:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_ID=Ubuntu$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu version</span>Â 
>        <span class="label label-default">oval:ssg-test_ubuntu_bionic:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu version">oval:ssg-obj_ubuntu_bionic:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_CODENAME=bionic$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu version</span>Â 
>        <span class="label label-default">oval:ssg-test_ubuntu_bionic:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu version">oval:ssg-obj_ubuntu_bionic:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_CODENAME=bionic$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_unix_family:obj:1</abbr></strong> of type
>                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_unix_family:obj:1</abbr></strong> of type
>                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">/etc/lsb-release exists</span>Â 
>        <span class="label label-default">oval:ssg-test_lsb:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="check /etc/lsb-release file">oval:ssg-obj_lsb:obj:1</abbr></strong> of type
>                <strong>file_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th></tr></thead><tbody><tr><td>/etc/lsb-release</td></tr></tbody></table><h4><span class="label label-primary">/etc/lsb-release exists</span>Â 
>        <span class="label label-default">oval:ssg-test_lsb:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="check /etc/lsb-release file">oval:ssg-obj_lsb:obj:1</abbr></strong> of type
>                <strong>file_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th></tr></thead><tbody><tr><td>/etc/lsb-release</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu</span>Â 
>        <span class="label label-default">oval:ssg-test_ubuntu:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu">oval:ssg-obj_ubuntu:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_ID=Ubuntu$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu</span>Â 
>        <span class="label label-default">oval:ssg-test_ubuntu:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu">oval:ssg-obj_ubuntu:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_ID=Ubuntu$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_unix_family:obj:1</abbr></strong> of type
>                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_unix_family:obj:1</abbr></strong> of type
>                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">/etc/lsb-release exists</span>Â 
>        <span class="label label-default">oval:ssg-test_lsb:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="check /etc/lsb-release file">oval:ssg-obj_lsb:obj:1</abbr></strong> of type
>                <strong>file_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th></tr></thead><tbody><tr><td>/etc/lsb-release</td></tr></tbody></table><h4><span class="label label-primary">/etc/lsb-release exists</span>Â 
>        <span class="label label-default">oval:ssg-test_lsb:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="check /etc/lsb-release file">oval:ssg-obj_lsb:obj:1</abbr></strong> of type
>                <strong>file_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th></tr></thead><tbody><tr><td>/etc/lsb-release</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu</span>Â 
>        <span class="label label-default">oval:ssg-test_ubuntu:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu">oval:ssg-obj_ubuntu:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_ID=Ubuntu$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu</span>Â 
>        <span class="label label-default">oval:ssg-test_ubuntu:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu">oval:ssg-obj_ubuntu:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_ID=Ubuntu$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu version</span>Â 
>        <span class="label label-default">oval:ssg-test_ubuntu_bionic:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu version">oval:ssg-obj_ubuntu_bionic:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_CODENAME=bionic$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu version</span>Â 
>        <span class="label label-default">oval:ssg-test_ubuntu_bionic:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu version">oval:ssg-obj_ubuntu_bionic:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_CODENAME=bionic$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_unix_family:obj:1</abbr></strong> of type
>                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_unix_family:obj:1</abbr></strong> of type
>                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">/etc/lsb-release exists</span>Â 
>        <span class="label label-default">oval:ssg-test_lsb:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="check /etc/lsb-release file">oval:ssg-obj_lsb:obj:1</abbr></strong> of type
>                <strong>file_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th></tr></thead><tbody><tr><td>/etc/lsb-release</td></tr></tbody></table><h4><span class="label label-primary">/etc/lsb-release exists</span>Â 
>        <span class="label label-default">oval:ssg-test_lsb:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="check /etc/lsb-release file">oval:ssg-obj_lsb:obj:1</abbr></strong> of type
>                <strong>file_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th></tr></thead><tbody><tr><td>/etc/lsb-release</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu</span>Â 
>        <span class="label label-default">oval:ssg-test_ubuntu:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu">oval:ssg-obj_ubuntu:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_ID=Ubuntu$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu</span>Â 
>        <span class="label label-default">oval:ssg-test_ubuntu:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu">oval:ssg-obj_ubuntu:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_ID=Ubuntu$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_unix_family:obj:1</abbr></strong> of type
>                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_unix_family:obj:1</abbr></strong> of type
>                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">/etc/lsb-release exists</span>Â 
>        <span class="label label-default">oval:ssg-test_lsb:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="check /etc/lsb-release file">oval:ssg-obj_lsb:obj:1</abbr></strong> of type
>                <strong>file_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th></tr></thead><tbody><tr><td>/etc/lsb-release</td></tr></tbody></table><h4><span class="label label-primary">/etc/lsb-release exists</span>Â 
>        <span class="label label-default">oval:ssg-test_lsb:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="check /etc/lsb-release file">oval:ssg-obj_lsb:obj:1</abbr></strong> of type
>                <strong>file_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th></tr></thead><tbody><tr><td>/etc/lsb-release</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu</span>Â 
>        <span class="label label-default">oval:ssg-test_ubuntu:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu">oval:ssg-obj_ubuntu:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_ID=Ubuntu$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu</span>Â 
>        <span class="label label-default">oval:ssg-test_ubuntu:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu">oval:ssg-obj_ubuntu:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_ID=Ubuntu$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu version</span>Â 
>        <span class="label label-default">oval:ssg-test_ubuntu_focal:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu version">oval:ssg-obj_ubuntu_focal:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_CODENAME=focal$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu version</span>Â 
>        <span class="label label-default">oval:ssg-test_ubuntu_focal:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu version">oval:ssg-obj_ubuntu_focal:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_CODENAME=focal$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_unix_family:obj:1</abbr></strong> of type
>                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_unix_family:obj:1</abbr></strong> of type
>                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">/etc/lsb-release exists</span>Â 
>        <span class="label label-default">oval:ssg-test_lsb:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="check /etc/lsb-release file">oval:ssg-obj_lsb:obj:1</abbr></strong> of type
>                <strong>file_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th></tr></thead><tbody><tr><td>/etc/lsb-release</td></tr></tbody></table><h4><span class="label label-primary">/etc/lsb-release exists</span>Â 
>        <span class="label label-default">oval:ssg-test_lsb:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="check /etc/lsb-release file">oval:ssg-obj_lsb:obj:1</abbr></strong> of type
>                <strong>file_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th></tr></thead><tbody><tr><td>/etc/lsb-release</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu</span>Â 
>        <span class="label label-default">oval:ssg-test_ubuntu:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu">oval:ssg-obj_ubuntu:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_ID=Ubuntu$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu</span>Â 
>        <span class="label label-default">oval:ssg-test_ubuntu:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu">oval:ssg-obj_ubuntu:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_ID=Ubuntu$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_unix_family:obj:1</abbr></strong> of type
>                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_unix_family:obj:1</abbr></strong> of type
>                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">/etc/lsb-release exists</span>Â 
>        <span class="label label-default">oval:ssg-test_lsb:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="check /etc/lsb-release file">oval:ssg-obj_lsb:obj:1</abbr></strong> of type
>                <strong>file_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th></tr></thead><tbody><tr><td>/etc/lsb-release</td></tr></tbody></table><h4><span class="label label-primary">/etc/lsb-release exists</span>Â 
>        <span class="label label-default">oval:ssg-test_lsb:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="check /etc/lsb-release file">oval:ssg-obj_lsb:obj:1</abbr></strong> of type
>                <strong>file_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th></tr></thead><tbody><tr><td>/etc/lsb-release</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu</span>Â 
>        <span class="label label-default">oval:ssg-test_ubuntu:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu">oval:ssg-obj_ubuntu:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_ID=Ubuntu$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu</span>Â 
>        <span class="label label-default">oval:ssg-test_ubuntu:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu">oval:ssg-obj_ubuntu:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_ID=Ubuntu$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu version</span>Â 
>        <span class="label label-default">oval:ssg-test_ubuntu_focal:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu version">oval:ssg-obj_ubuntu_focal:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_CODENAME=focal$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu version</span>Â 
>        <span class="label label-default">oval:ssg-test_ubuntu_focal:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu version">oval:ssg-obj_ubuntu_focal:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_CODENAME=focal$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Verify if Profile set Value sshd_required as not required</span>Â 
>        <span class="label label-default">oval:ssg-test_sshd_not_required:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Var ref</th><th>Value</th></tr></thead><tbody><tr><td>oval:ssg-sshd_required:var:1</td><td>0</td></tr></tbody></table><h4><span class="label label-primary">Verify if Value of sshd_required is the default</span>Â 
>        <span class="label label-default">oval:ssg-test_sshd_requirement_unset:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Var ref</th><th>Value</th></tr></thead><tbody><tr><td>oval:ssg-sshd_required:var:1</td><td>0</td></tr></tbody></table><h4><span class="label label-primary">package openssh-server is removed</span>Â 
>        <span class="label label-default">oval:ssg-test_package_openssh-server_removed:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th><th>Arch</th><th>Epoch</th><th>Release</th><th>Version</th><th>Evr</th><th>Signature keyid</th><th>Extended name</th></tr></thead><tbody><tr><td>openssh-server</td><td>x86_64</td><td>(none)</td><td>150300.3.22.1</td><td>8.4p1</td><td>0:8.4p1-150300.3.22.1</td><td>70af9e8139db7c82</td><td>openssh-server-0:8.4p1-150300.3.22.1.x86_64</td></tr></tbody></table><h4><span class="label label-primary">Verify if Profile set Value sshd_required as required</span>Â 
>        <span class="label label-default">oval:ssg-test_sshd_required:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Var ref</th><th>Value</th></tr></thead><tbody><tr><td>oval:ssg-sshd_required:var:1</td><td>0</td></tr></tbody></table><h4><span class="label label-primary">Verify if Value of sshd_required is the default</span>Â 
>        <span class="label label-default">oval:ssg-test_sshd_requirement_unset:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Var ref</th><th>Value</th></tr></thead><tbody><tr><td>oval:ssg-sshd_required:var:1</td><td>0</td></tr></tbody></table><h4><span class="label label-primary">package openssh-server is installed</span>Â 
>        <span class="label label-default">oval:ssg-test_package_openssh-server_installed:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th><th>Arch</th><th>Epoch</th><th>Release</th><th>Version</th><th>Evr</th><th>Signature keyid</th><th>Extended name</th></tr></thead><tbody><tr><td>openssh-server</td><td>x86_64</td><td>(none)</td><td>150300.3.22.1</td><td>8.4p1</td><td>0:8.4p1-150300.3.22.1</td><td>70af9e8139db7c82</td><td>openssh-server-0:8.4p1-150300.3.22.1.x86_64</td></tr></tbody></table><h4><span class="label label-primary">tests the value of Ciphers setting in the /etc/ssh/sshd_config file</span>Â 
>        <span class="label label-default">oval:ssg-test_sshd_use_approved_ciphers_ordered_stig:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/ssh/sshd_config</td><td>Ciphers aes256-ctr,aes192-ctr,aes128-ctr
># Per CCE-91338-4: Set MACs hmac-sha2-512,hmac-sha2-256,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com in /etc/ssh/sshd_config</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_sshd_use_approved_macs" id="rule-detail-id34450"><div class="keywords sr-only">Use Only FIPS 140-2 Validated MACsxccdf_org.ssgproject.content_rule_sshd_use_approved_macs mediumCCE-91338-4 </div><div class="panel-heading"><h3 class="panel-title">Use Only FIPS 140-2 Validated MACs</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_sshd_use_approved_macs</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-sshd_use_approved_macs:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:07+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
>            <abbr title="https://ncp.nist.gov/cce: CCE-91338-4">CCE-91338-4</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
>            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.isaca.org/resources/cobit">APO01.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.03</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.13</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.13.11</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.13.8</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000068</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000803</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000877</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001453</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-003123</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(b)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(b)(2)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)(2)(ii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.314(b)(2)(i)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.10.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.6.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.9.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.5</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-17(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-17(2)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">SC-13</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">MA-4(6)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">SC-12(2)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">SC-12(3)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.DS-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">2.2.7</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000125-GPOS-00065</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000250-GPOS-00093</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000394-GPOS-00174</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">SLES-15-010270</a>, <a href="https://www.cisecurity.org/benchmark/suse_linux/">5.2.14</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-234826r744126_rule</a></p></td></tr><tr><td>Description</td><td><div class="description">Limit the MACs to those hash algorithms which are FIPS-approved.
>The following line in <code>/etc/ssh/sshd_config</code>
>demonstrates use of FIPS-approved MACs:
>
><pre>MACs hmac-sha2-512,hmac-sha2-256</pre>
>
>The man page <code>sshd_config(5)</code> contains a list of supported MACs.
>
>The rule is parametrized to use the following MACs: <code><abbr title="from TestResult: xccdf_org.ssgproject.content_value_sshd_approved_macs">hmac-sha2-512,hmac-sha2-256,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com</abbr></code>.</div></td></tr><tr><td>Rationale</td><td><div class="rationale">DoD Information Systems are required to use FIPS-approved cryptographic hash
>functions. The only SSHv2 hash algorithms meeting this requirement is SHA2.</div></td></tr><tr><td>Warnings</td><td><div class="panel panel-warning"><div class="panel-heading"><span class="label label-warning">warning</span>Â 
>                                The system needs to be rebooted for these changes to take effect.</div></div><div class="panel panel-warning"><div class="panel-heading"><span class="label label-warning">warning</span>Â 
>                                System Crypto Modules must be provided by a vendor that undergoes
>FIPS-140 certifications.
>FIPS-140 is applicable to all Federal agencies that use
>cryptographic-based security systems to protect sensitive information
>in computer and telecommunication systems (including voice systems) as
>defined in Section 5131 of the Information Technology Management Reform
>Act of 1996, Public Law 104-106. This standard shall be used in
>designing and implementing cryptographic modules that Federal
>departments and agencies operate or are operated for them under
>contract. See <b><a href="https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.140-2.pdf">https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.140-2.pdf</a></b>
>To meet this, the system has to have cryptographic software provided by
>a vendor that has undergone this certification. This means providing
>documentation, test results, design information, and independent third
>party review by an accredited lab. While open source software is
>capable of meeting this, it does not meet FIPS-140 unless the vendor
>submits to this process.</div></div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">installed OS part of unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_rhel7_unix_family:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">installed OS part of unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_rhel7_unix_family:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhel7_unix_family:obj:1</abbr></strong> of type
>                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">redhat-release-client is version 7</span>Â 
>        <span class="label label-default">oval:ssg-test_rhel7_client:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhel7_client:obj:1</abbr></strong> of type
>                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>redhat-release-client</td></tr></tbody></table><h4><span class="label label-primary">redhat-release-client is version 7</span>Â 
>        <span class="label label-default">oval:ssg-test_rhel7_client:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhel7_client:obj:1</abbr></strong> of type
>                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>redhat-release-client</td></tr></tbody></table><h4><span class="label label-primary">redhat-release-workstation is version 7</span>Â 
>        <span class="label label-default">oval:ssg-test_rhel7_workstation:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhel7_workstation:obj:1</abbr></strong> of type
>                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>redhat-release-workstation</td></tr></tbody></table><h4><span class="label label-primary">redhat-release-workstation is version 7</span>Â 
>        <span class="label label-default">oval:ssg-test_rhel7_workstation:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhel7_workstation:obj:1</abbr></strong> of type
>                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>redhat-release-workstation</td></tr></tbody></table><h4><span class="label label-primary">redhat-release-server is version 7</span>Â 
>        <span class="label label-default">oval:ssg-test_rhel7_server:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhel7_server:obj:1</abbr></strong> of type
>                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>redhat-release-server</td></tr></tbody></table><h4><span class="label label-primary">redhat-release-server is version 7</span>Â 
>        <span class="label label-default">oval:ssg-test_rhel7_server:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhel7_server:obj:1</abbr></strong> of type
>                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>redhat-release-server</td></tr></tbody></table><h4><span class="label label-primary">redhat-release-computenode is version 7</span>Â 
>        <span class="label label-default">oval:ssg-test_rhel7_computenode:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhel7_computenode:obj:1</abbr></strong> of type
>                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>redhat-release-computenode</td></tr></tbody></table><h4><span class="label label-primary">redhat-release-computenode is version 7</span>Â 
>        <span class="label label-default">oval:ssg-test_rhel7_computenode:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhel7_computenode:obj:1</abbr></strong> of type
>                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>redhat-release-computenode</td></tr></tbody></table><h4><span class="label label-primary">redhat-release-virtualization-host RPM package is installed</span>Â 
>        <span class="label label-default">oval:ssg-test_rhvh4_version:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhvh4_version:obj:1</abbr></strong> of type
>                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>redhat-release-virtualization-host</td></tr></tbody></table><h4><span class="label label-primary">redhat-release-virtualization-host RPM package is installed</span>Â 
>        <span class="label label-default">oval:ssg-test_rhvh4_version:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhvh4_version:obj:1</abbr></strong> of type
>                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>redhat-release-virtualization-host</td></tr></tbody></table><h4><span class="label label-primary">RHEVH base RHEL is version 7</span>Â 
>        <span class="label label-default">oval:ssg-test_rhevh_rhel7_version:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhevh_rhel7_version:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/redhat-release</td><td>^Red Hat Enterprise Linux release (\d)\.\d+$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">RHEVH base RHEL is version 7</span>Â 
>        <span class="label label-default">oval:ssg-test_rhevh_rhel7_version:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhevh_rhel7_version:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/redhat-release</td><td>^Red Hat Enterprise Linux release (\d)\.\d+$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">installed OS part of unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_rhel7_unix_family:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">installed OS part of unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_rhel7_unix_family:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhel7_unix_family:obj:1</abbr></strong> of type
>                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">redhat-release-client is version 7</span>Â 
>        <span class="label label-default">oval:ssg-test_rhel7_client:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhel7_client:obj:1</abbr></strong> of type
>                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>redhat-release-client</td></tr></tbody></table><h4><span class="label label-primary">redhat-release-client is version 7</span>Â 
>        <span class="label label-default">oval:ssg-test_rhel7_client:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhel7_client:obj:1</abbr></strong> of type
>                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>redhat-release-client</td></tr></tbody></table><h4><span class="label label-primary">redhat-release-workstation is version 7</span>Â 
>        <span class="label label-default">oval:ssg-test_rhel7_workstation:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhel7_workstation:obj:1</abbr></strong> of type
>                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>redhat-release-workstation</td></tr></tbody></table><h4><span class="label label-primary">redhat-release-workstation is version 7</span>Â 
>        <span class="label label-default">oval:ssg-test_rhel7_workstation:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhel7_workstation:obj:1</abbr></strong> of type
>                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>redhat-release-workstation</td></tr></tbody></table><h4><span class="label label-primary">redhat-release-server is version 7</span>Â 
>        <span class="label label-default">oval:ssg-test_rhel7_server:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhel7_server:obj:1</abbr></strong> of type
>                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>redhat-release-server</td></tr></tbody></table><h4><span class="label label-primary">redhat-release-server is version 7</span>Â 
>        <span class="label label-default">oval:ssg-test_rhel7_server:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhel7_server:obj:1</abbr></strong> of type
>                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>redhat-release-server</td></tr></tbody></table><h4><span class="label label-primary">redhat-release-computenode is version 7</span>Â 
>        <span class="label label-default">oval:ssg-test_rhel7_computenode:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhel7_computenode:obj:1</abbr></strong> of type
>                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>redhat-release-computenode</td></tr></tbody></table><h4><span class="label label-primary">redhat-release-computenode is version 7</span>Â 
>        <span class="label label-default">oval:ssg-test_rhel7_computenode:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhel7_computenode:obj:1</abbr></strong> of type
>                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>redhat-release-computenode</td></tr></tbody></table><h4><span class="label label-primary">redhat-release-virtualization-host RPM package is installed</span>Â 
>        <span class="label label-default">oval:ssg-test_rhvh4_version:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhvh4_version:obj:1</abbr></strong> of type
>                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>redhat-release-virtualization-host</td></tr></tbody></table><h4><span class="label label-primary">redhat-release-virtualization-host RPM package is installed</span>Â 
>        <span class="label label-default">oval:ssg-test_rhvh4_version:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhvh4_version:obj:1</abbr></strong> of type
>                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>redhat-release-virtualization-host</td></tr></tbody></table><h4><span class="label label-primary">RHEVH base RHEL is version 7</span>Â 
>        <span class="label label-default">oval:ssg-test_rhevh_rhel7_version:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhevh_rhel7_version:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/redhat-release</td><td>^Red Hat Enterprise Linux release (\d)\.\d+$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">RHEVH base RHEL is version 7</span>Â 
>        <span class="label label-default">oval:ssg-test_rhevh_rhel7_version:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhevh_rhel7_version:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/redhat-release</td><td>^Red Hat Enterprise Linux release (\d)\.\d+$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">installed OS part of unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_rhel8_unix_family:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">installed OS part of unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_rhel8_unix_family:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhel8_unix_family:obj:1</abbr></strong> of type
>                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">redhat-release is version 8</span>Â 
>        <span class="label label-default">oval:ssg-test_rhel8:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhel8:obj:1</abbr></strong> of type
>                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>redhat-release</td></tr></tbody></table><h4><span class="label label-primary">redhat-release is version 8</span>Â 
>        <span class="label label-default">oval:ssg-test_rhel8:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhel8:obj:1</abbr></strong> of type
>                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>redhat-release</td></tr></tbody></table><h4><span class="label label-primary">redhat-release-virtualization-host RPM package is installed</span>Â 
>        <span class="label label-default">oval:ssg-test_rhvh4_version:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhvh4_version:obj:1</abbr></strong> of type
>                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>redhat-release-virtualization-host</td></tr></tbody></table><h4><span class="label label-primary">redhat-release-virtualization-host RPM package is installed</span>Â 
>        <span class="label label-default">oval:ssg-test_rhvh4_version:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhvh4_version:obj:1</abbr></strong> of type
>                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>redhat-release-virtualization-host</td></tr></tbody></table><h4><span class="label label-primary">RHEVH base RHEL is version 8</span>Â 
>        <span class="label label-default">oval:ssg-test_rhevh_rhel8_version:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhevh_rhel8_version:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/redhat-release</td><td>^Red Hat Enterprise Linux release (\d)\.\d+$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">RHEVH base RHEL is version 8</span>Â 
>        <span class="label label-default">oval:ssg-test_rhevh_rhel8_version:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhevh_rhel8_version:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/redhat-release</td><td>^Red Hat Enterprise Linux release (\d)\.\d+$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">installed OS part of unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_rhel8_unix_family:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">installed OS part of unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_rhel8_unix_family:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhel8_unix_family:obj:1</abbr></strong> of type
>                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">redhat-release is version 8</span>Â 
>        <span class="label label-default">oval:ssg-test_rhel8:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhel8:obj:1</abbr></strong> of type
>                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>redhat-release</td></tr></tbody></table><h4><span class="label label-primary">redhat-release is version 8</span>Â 
>        <span class="label label-default">oval:ssg-test_rhel8:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhel8:obj:1</abbr></strong> of type
>                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>redhat-release</td></tr></tbody></table><h4><span class="label label-primary">redhat-release-virtualization-host RPM package is installed</span>Â 
>        <span class="label label-default">oval:ssg-test_rhvh4_version:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhvh4_version:obj:1</abbr></strong> of type
>                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>redhat-release-virtualization-host</td></tr></tbody></table><h4><span class="label label-primary">redhat-release-virtualization-host RPM package is installed</span>Â 
>        <span class="label label-default">oval:ssg-test_rhvh4_version:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhvh4_version:obj:1</abbr></strong> of type
>                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>redhat-release-virtualization-host</td></tr></tbody></table><h4><span class="label label-primary">RHEVH base RHEL is version 8</span>Â 
>        <span class="label label-default">oval:ssg-test_rhevh_rhel8_version:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhevh_rhel8_version:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/redhat-release</td><td>^Red Hat Enterprise Linux release (\d)\.\d+$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">RHEVH base RHEL is version 8</span>Â 
>        <span class="label label-default">oval:ssg-test_rhevh_rhel8_version:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhevh_rhel8_version:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/redhat-release</td><td>^Red Hat Enterprise Linux release (\d)\.\d+$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">os-release is rhcos</span>Â 
>        <span class="label label-default">oval:ssg-test_rhcos:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/os-release</td><td>ID="sles"</td></tr></tbody></table><h4><span class="label label-primary">os-release is rhcos</span>Â 
>        <span class="label label-default">oval:ssg-test_rhcos:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhcos:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/os-release</td><td>^ID="(\w+)"$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">rhcoreos is version 4</span>Â 
>        <span class="label label-default">oval:ssg-test_rhcos4:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhcos4:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/os-release</td><td>^VERSION_ID="(\d)\.\d+"$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">rhcoreos is version 4</span>Â 
>        <span class="label label-default">oval:ssg-test_rhcos4:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhcos4:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/os-release</td><td>^VERSION_ID="(\d)\.\d+"$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">os-release is rhcos</span>Â 
>        <span class="label label-default">oval:ssg-test_rhcos:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/os-release</td><td>ID="sles"</td></tr></tbody></table><h4><span class="label label-primary">os-release is rhcos</span>Â 
>        <span class="label label-default">oval:ssg-test_rhcos:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhcos:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/os-release</td><td>^ID="(\w+)"$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">rhcoreos is version 4</span>Â 
>        <span class="label label-default">oval:ssg-test_rhcos4:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhcos4:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/os-release</td><td>^VERSION_ID="(\d)\.\d+"$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">rhcoreos is version 4</span>Â 
>        <span class="label label-default">oval:ssg-test_rhcos4:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhcos4:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/os-release</td><td>^VERSION_ID="(\d)\.\d+"$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_unix_family:obj:1</abbr></strong> of type
>                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_unix_family:obj:1</abbr></strong> of type
>                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">oraclelinux-release is version 7</span>Â 
>        <span class="label label-default">oval:ssg-test_ol7_system:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_ol7_system:obj:1</abbr></strong> of type
>                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>oraclelinux-release</td></tr></tbody></table><h4><span class="label label-primary">oraclelinux-release is version 7</span>Â 
>        <span class="label label-default">oval:ssg-test_ol7_system:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_ol7_system:obj:1</abbr></strong> of type
>                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>oraclelinux-release</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_unix_family:obj:1</abbr></strong> of type
>                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_unix_family:obj:1</abbr></strong> of type
>                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">oraclelinux-release is version 7</span>Â 
>        <span class="label label-default">oval:ssg-test_ol7_system:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_ol7_system:obj:1</abbr></strong> of type
>                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>oraclelinux-release</td></tr></tbody></table><h4><span class="label label-primary">oraclelinux-release is version 7</span>Â 
>        <span class="label label-default">oval:ssg-test_ol7_system:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_ol7_system:obj:1</abbr></strong> of type
>                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>oraclelinux-release</td></tr></tbody></table><h4><span class="label label-primary">installed OS part of unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_sle12_unix_family:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">installed OS part of unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_sle12_unix_family:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_sle12_unix_family:obj:1</abbr></strong> of type
>                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">sled-release is version 6</span>Â 
>        <span class="label label-default">oval:ssg-test_sle12_desktop:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_sle12_desktop:obj:1</abbr></strong> of type
>                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>sled-release</td></tr></tbody></table><h4><span class="label label-primary">sled-release is version 6</span>Â 
>        <span class="label label-default">oval:ssg-test_sle12_desktop:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_sle12_desktop:obj:1</abbr></strong> of type
>                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>sled-release</td></tr></tbody></table><h4><span class="label label-primary">sles-release is version 6</span>Â 
>        <span class="label label-default">oval:ssg-test_sle12_server:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th><th>Arch</th><th>Epoch</th><th>Release</th><th>Version</th><th>Evr</th><th>Signature keyid</th><th>Extended name</th></tr></thead><tbody><tr><td>sles-release</td><td>x86_64</td><td>(none)</td><td>150500.43.4</td><td>15.5</td><td>0:15.5-150500.43.4</td><td>70af9e8139db7c82</td><td>sles-release-0:15.5-150500.43.4.x86_64</td></tr></tbody></table><h4><span class="label label-primary">sles-release is version 6</span>Â 
>        <span class="label label-default">oval:ssg-test_sle12_server:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_sle12_server:obj:1</abbr></strong> of type
>                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>sles-release</td></tr></tbody></table><h4><span class="label label-primary">SLES_SAP-release is version 12</span>Â 
>        <span class="label label-default">oval:ssg-test_sles_12_for_sap:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_sles_12_for_sap:obj:1</abbr></strong> of type
>                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>SLES_SAP-release</td></tr></tbody></table><h4><span class="label label-primary">SLES_SAP-release is version 12</span>Â 
>        <span class="label label-default">oval:ssg-test_sles_12_for_sap:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_sles_12_for_sap:obj:1</abbr></strong> of type
>                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>SLES_SAP-release</td></tr></tbody></table><h4><span class="label label-primary">installed OS part of unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_sle12_unix_family:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">installed OS part of unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_sle12_unix_family:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_sle12_unix_family:obj:1</abbr></strong> of type
>                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">sled-release is version 6</span>Â 
>        <span class="label label-default">oval:ssg-test_sle12_desktop:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_sle12_desktop:obj:1</abbr></strong> of type
>                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>sled-release</td></tr></tbody></table><h4><span class="label label-primary">sled-release is version 6</span>Â 
>        <span class="label label-default">oval:ssg-test_sle12_desktop:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_sle12_desktop:obj:1</abbr></strong> of type
>                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>sled-release</td></tr></tbody></table><h4><span class="label label-primary">sles-release is version 6</span>Â 
>        <span class="label label-default">oval:ssg-test_sle12_server:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th><th>Arch</th><th>Epoch</th><th>Release</th><th>Version</th><th>Evr</th><th>Signature keyid</th><th>Extended name</th></tr></thead><tbody><tr><td>sles-release</td><td>x86_64</td><td>(none)</td><td>150500.43.4</td><td>15.5</td><td>0:15.5-150500.43.4</td><td>70af9e8139db7c82</td><td>sles-release-0:15.5-150500.43.4.x86_64</td></tr></tbody></table><h4><span class="label label-primary">sles-release is version 6</span>Â 
>        <span class="label label-default">oval:ssg-test_sle12_server:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_sle12_server:obj:1</abbr></strong> of type
>                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>sles-release</td></tr></tbody></table><h4><span class="label label-primary">SLES_SAP-release is version 12</span>Â 
>        <span class="label label-default">oval:ssg-test_sles_12_for_sap:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_sles_12_for_sap:obj:1</abbr></strong> of type
>                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>SLES_SAP-release</td></tr></tbody></table><h4><span class="label label-primary">SLES_SAP-release is version 12</span>Â 
>        <span class="label label-default">oval:ssg-test_sles_12_for_sap:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_sles_12_for_sap:obj:1</abbr></strong> of type
>                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>SLES_SAP-release</td></tr></tbody></table><h4><span class="label label-primary">installed OS part of unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_sle15_unix_family:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">installed OS part of unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_sle15_unix_family:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">sled-release is version 15</span>Â 
>        <span class="label label-default">oval:ssg-test_sle15_desktop:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_sle15_desktop:obj:1</abbr></strong> of type
>                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>sled-release</td></tr></tbody></table><h4><span class="label label-primary">sled-release is version 15</span>Â 
>        <span class="label label-default">oval:ssg-test_sle15_desktop:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_sle15_desktop:obj:1</abbr></strong> of type
>                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>sled-release</td></tr></tbody></table><h4><span class="label label-primary">sles-release is version 15</span>Â 
>        <span class="label label-default">oval:ssg-test_sle15_server:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th><th>Arch</th><th>Epoch</th><th>Release</th><th>Version</th><th>Evr</th><th>Signature keyid</th><th>Extended name</th></tr></thead><tbody><tr><td>sles-release</td><td>x86_64</td><td>(none)</td><td>150500.43.4</td><td>15.5</td><td>0:15.5-150500.43.4</td><td>70af9e8139db7c82</td><td>sles-release-0:15.5-150500.43.4.x86_64</td></tr></tbody></table><h4><span class="label label-primary">sles-release is version 15</span>Â 
>        <span class="label label-default">oval:ssg-test_sle15_server:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th><th>Arch</th><th>Epoch</th><th>Release</th><th>Version</th><th>Evr</th><th>Signature keyid</th><th>Extended name</th></tr></thead><tbody><tr><td>sles-release</td><td>x86_64</td><td>(none)</td><td>150500.43.4</td><td>15.5</td><td>0:15.5-150500.43.4</td><td>70af9e8139db7c82</td><td>sles-release-0:15.5-150500.43.4.x86_64</td></tr></tbody></table><h4><span class="label label-primary">SLES_SAP-release is version 15</span>Â 
>        <span class="label label-default">oval:ssg-test_sles_15_for_sap:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_sles_15_for_sap:obj:1</abbr></strong> of type
>                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>SLES_SAP-release</td></tr></tbody></table><h4><span class="label label-primary">SLES_SAP-release is version 15</span>Â 
>        <span class="label label-default">oval:ssg-test_sles_15_for_sap:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_sles_15_for_sap:obj:1</abbr></strong> of type
>                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>SLES_SAP-release</td></tr></tbody></table><h4><span class="label label-primary">SUMA is version 4</span>Â 
>        <span class="label label-default">oval:ssg-test_suma_4:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_suma_4:obj:1</abbr></strong> of type
>                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>SUSE-Manager-Server-release</td></tr></tbody></table><h4><span class="label label-primary">SUMA is version 4</span>Â 
>        <span class="label label-default">oval:ssg-test_suma_4:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_suma_4:obj:1</abbr></strong> of type
>                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>SUSE-Manager-Server-release</td></tr></tbody></table><h4><span class="label label-primary">SLE HPC release is version 15</span>Â 
>        <span class="label label-default">oval:ssg-test_sle_hpc:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_sle_hpc:obj:1</abbr></strong> of type
>                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>SLE_HPC-release</td></tr></tbody></table><h4><span class="label label-primary">SLE HPC release is version 15</span>Â 
>        <span class="label label-default">oval:ssg-test_sle_hpc:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_sle_hpc:obj:1</abbr></strong> of type
>                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>SLE_HPC-release</td></tr></tbody></table><h4><span class="label label-primary">installed OS part of unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_sle15_unix_family:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">installed OS part of unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_sle15_unix_family:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">sled-release is version 15</span>Â 
>        <span class="label label-default">oval:ssg-test_sle15_desktop:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_sle15_desktop:obj:1</abbr></strong> of type
>                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>sled-release</td></tr></tbody></table><h4><span class="label label-primary">sled-release is version 15</span>Â 
>        <span class="label label-default">oval:ssg-test_sle15_desktop:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_sle15_desktop:obj:1</abbr></strong> of type
>                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>sled-release</td></tr></tbody></table><h4><span class="label label-primary">sles-release is version 15</span>Â 
>        <span class="label label-default">oval:ssg-test_sle15_server:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th><th>Arch</th><th>Epoch</th><th>Release</th><th>Version</th><th>Evr</th><th>Signature keyid</th><th>Extended name</th></tr></thead><tbody><tr><td>sles-release</td><td>x86_64</td><td>(none)</td><td>150500.43.4</td><td>15.5</td><td>0:15.5-150500.43.4</td><td>70af9e8139db7c82</td><td>sles-release-0:15.5-150500.43.4.x86_64</td></tr></tbody></table><h4><span class="label label-primary">sles-release is version 15</span>Â 
>        <span class="label label-default">oval:ssg-test_sle15_server:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th><th>Arch</th><th>Epoch</th><th>Release</th><th>Version</th><th>Evr</th><th>Signature keyid</th><th>Extended name</th></tr></thead><tbody><tr><td>sles-release</td><td>x86_64</td><td>(none)</td><td>150500.43.4</td><td>15.5</td><td>0:15.5-150500.43.4</td><td>70af9e8139db7c82</td><td>sles-release-0:15.5-150500.43.4.x86_64</td></tr></tbody></table><h4><span class="label label-primary">SLES_SAP-release is version 15</span>Â 
>        <span class="label label-default">oval:ssg-test_sles_15_for_sap:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_sles_15_for_sap:obj:1</abbr></strong> of type
>                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>SLES_SAP-release</td></tr></tbody></table><h4><span class="label label-primary">SLES_SAP-release is version 15</span>Â 
>        <span class="label label-default">oval:ssg-test_sles_15_for_sap:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_sles_15_for_sap:obj:1</abbr></strong> of type
>                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>SLES_SAP-release</td></tr></tbody></table><h4><span class="label label-primary">SUMA is version 4</span>Â 
>        <span class="label label-default">oval:ssg-test_suma_4:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_suma_4:obj:1</abbr></strong> of type
>                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>SUSE-Manager-Server-release</td></tr></tbody></table><h4><span class="label label-primary">SUMA is version 4</span>Â 
>        <span class="label label-default">oval:ssg-test_suma_4:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_suma_4:obj:1</abbr></strong> of type
>                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>SUSE-Manager-Server-release</td></tr></tbody></table><h4><span class="label label-primary">SLE HPC release is version 15</span>Â 
>        <span class="label label-default">oval:ssg-test_sle_hpc:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_sle_hpc:obj:1</abbr></strong> of type
>                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>SLE_HPC-release</td></tr></tbody></table><h4><span class="label label-primary">SLE HPC release is version 15</span>Â 
>        <span class="label label-default">oval:ssg-test_sle_hpc:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_sle_hpc:obj:1</abbr></strong> of type
>                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>SLE_HPC-release</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_unix_family:obj:1</abbr></strong> of type
>                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_unix_family:obj:1</abbr></strong> of type
>                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">/etc/lsb-release exists</span>Â 
>        <span class="label label-default">oval:ssg-test_lsb:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="check /etc/lsb-release file">oval:ssg-obj_lsb:obj:1</abbr></strong> of type
>                <strong>file_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th></tr></thead><tbody><tr><td>/etc/lsb-release</td></tr></tbody></table><h4><span class="label label-primary">/etc/lsb-release exists</span>Â 
>        <span class="label label-default">oval:ssg-test_lsb:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="check /etc/lsb-release file">oval:ssg-obj_lsb:obj:1</abbr></strong> of type
>                <strong>file_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th></tr></thead><tbody><tr><td>/etc/lsb-release</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu</span>Â 
>        <span class="label label-default">oval:ssg-test_ubuntu:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu">oval:ssg-obj_ubuntu:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_ID=Ubuntu$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu</span>Â 
>        <span class="label label-default">oval:ssg-test_ubuntu:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu">oval:ssg-obj_ubuntu:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_ID=Ubuntu$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_unix_family:obj:1</abbr></strong> of type
>                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_unix_family:obj:1</abbr></strong> of type
>                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">/etc/lsb-release exists</span>Â 
>        <span class="label label-default">oval:ssg-test_lsb:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="check /etc/lsb-release file">oval:ssg-obj_lsb:obj:1</abbr></strong> of type
>                <strong>file_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th></tr></thead><tbody><tr><td>/etc/lsb-release</td></tr></tbody></table><h4><span class="label label-primary">/etc/lsb-release exists</span>Â 
>        <span class="label label-default">oval:ssg-test_lsb:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="check /etc/lsb-release file">oval:ssg-obj_lsb:obj:1</abbr></strong> of type
>                <strong>file_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th></tr></thead><tbody><tr><td>/etc/lsb-release</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu</span>Â 
>        <span class="label label-default">oval:ssg-test_ubuntu:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu">oval:ssg-obj_ubuntu:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_ID=Ubuntu$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu</span>Â 
>        <span class="label label-default">oval:ssg-test_ubuntu:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu">oval:ssg-obj_ubuntu:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_ID=Ubuntu$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu version</span>Â 
>        <span class="label label-default">oval:ssg-test_ubuntu_xenial:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu version">oval:ssg-obj_ubuntu_xenial:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_CODENAME=xenial$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu version</span>Â 
>        <span class="label label-default">oval:ssg-test_ubuntu_xenial:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu version">oval:ssg-obj_ubuntu_xenial:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_CODENAME=xenial$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_unix_family:obj:1</abbr></strong> of type
>                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_unix_family:obj:1</abbr></strong> of type
>                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">/etc/lsb-release exists</span>Â 
>        <span class="label label-default">oval:ssg-test_lsb:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="check /etc/lsb-release file">oval:ssg-obj_lsb:obj:1</abbr></strong> of type
>                <strong>file_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th></tr></thead><tbody><tr><td>/etc/lsb-release</td></tr></tbody></table><h4><span class="label label-primary">/etc/lsb-release exists</span>Â 
>        <span class="label label-default">oval:ssg-test_lsb:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="check /etc/lsb-release file">oval:ssg-obj_lsb:obj:1</abbr></strong> of type
>                <strong>file_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th></tr></thead><tbody><tr><td>/etc/lsb-release</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu</span>Â 
>        <span class="label label-default">oval:ssg-test_ubuntu:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu">oval:ssg-obj_ubuntu:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_ID=Ubuntu$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu</span>Â 
>        <span class="label label-default">oval:ssg-test_ubuntu:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu">oval:ssg-obj_ubuntu:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_ID=Ubuntu$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_unix_family:obj:1</abbr></strong> of type
>                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_unix_family:obj:1</abbr></strong> of type
>                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">/etc/lsb-release exists</span>Â 
>        <span class="label label-default">oval:ssg-test_lsb:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="check /etc/lsb-release file">oval:ssg-obj_lsb:obj:1</abbr></strong> of type
>                <strong>file_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th></tr></thead><tbody><tr><td>/etc/lsb-release</td></tr></tbody></table><h4><span class="label label-primary">/etc/lsb-release exists</span>Â 
>        <span class="label label-default">oval:ssg-test_lsb:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="check /etc/lsb-release file">oval:ssg-obj_lsb:obj:1</abbr></strong> of type
>                <strong>file_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th></tr></thead><tbody><tr><td>/etc/lsb-release</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu</span>Â 
>        <span class="label label-default">oval:ssg-test_ubuntu:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu">oval:ssg-obj_ubuntu:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_ID=Ubuntu$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu</span>Â 
>        <span class="label label-default">oval:ssg-test_ubuntu:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu">oval:ssg-obj_ubuntu:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_ID=Ubuntu$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu version</span>Â 
>        <span class="label label-default">oval:ssg-test_ubuntu_xenial:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu version">oval:ssg-obj_ubuntu_xenial:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_CODENAME=xenial$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu version</span>Â 
>        <span class="label label-default">oval:ssg-test_ubuntu_xenial:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu version">oval:ssg-obj_ubuntu_xenial:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_CODENAME=xenial$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_unix_family:obj:1</abbr></strong> of type
>                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_unix_family:obj:1</abbr></strong> of type
>                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">/etc/lsb-release exists</span>Â 
>        <span class="label label-default">oval:ssg-test_lsb:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="check /etc/lsb-release file">oval:ssg-obj_lsb:obj:1</abbr></strong> of type
>                <strong>file_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th></tr></thead><tbody><tr><td>/etc/lsb-release</td></tr></tbody></table><h4><span class="label label-primary">/etc/lsb-release exists</span>Â 
>        <span class="label label-default">oval:ssg-test_lsb:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="check /etc/lsb-release file">oval:ssg-obj_lsb:obj:1</abbr></strong> of type
>                <strong>file_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th></tr></thead><tbody><tr><td>/etc/lsb-release</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu</span>Â 
>        <span class="label label-default">oval:ssg-test_ubuntu:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu">oval:ssg-obj_ubuntu:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_ID=Ubuntu$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu</span>Â 
>        <span class="label label-default">oval:ssg-test_ubuntu:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu">oval:ssg-obj_ubuntu:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_ID=Ubuntu$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_unix_family:obj:1</abbr></strong> of type
>                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_unix_family:obj:1</abbr></strong> of type
>                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">/etc/lsb-release exists</span>Â 
>        <span class="label label-default">oval:ssg-test_lsb:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="check /etc/lsb-release file">oval:ssg-obj_lsb:obj:1</abbr></strong> of type
>                <strong>file_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th></tr></thead><tbody><tr><td>/etc/lsb-release</td></tr></tbody></table><h4><span class="label label-primary">/etc/lsb-release exists</span>Â 
>        <span class="label label-default">oval:ssg-test_lsb:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="check /etc/lsb-release file">oval:ssg-obj_lsb:obj:1</abbr></strong> of type
>                <strong>file_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th></tr></thead><tbody><tr><td>/etc/lsb-release</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu</span>Â 
>        <span class="label label-default">oval:ssg-test_ubuntu:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu">oval:ssg-obj_ubuntu:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_ID=Ubuntu$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu</span>Â 
>        <span class="label label-default">oval:ssg-test_ubuntu:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu">oval:ssg-obj_ubuntu:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_ID=Ubuntu$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu version</span>Â 
>        <span class="label label-default">oval:ssg-test_ubuntu_bionic:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu version">oval:ssg-obj_ubuntu_bionic:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_CODENAME=bionic$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu version</span>Â 
>        <span class="label label-default">oval:ssg-test_ubuntu_bionic:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu version">oval:ssg-obj_ubuntu_bionic:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_CODENAME=bionic$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_unix_family:obj:1</abbr></strong> of type
>                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_unix_family:obj:1</abbr></strong> of type
>                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">/etc/lsb-release exists</span>Â 
>        <span class="label label-default">oval:ssg-test_lsb:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="check /etc/lsb-release file">oval:ssg-obj_lsb:obj:1</abbr></strong> of type
>                <strong>file_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th></tr></thead><tbody><tr><td>/etc/lsb-release</td></tr></tbody></table><h4><span class="label label-primary">/etc/lsb-release exists</span>Â 
>        <span class="label label-default">oval:ssg-test_lsb:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="check /etc/lsb-release file">oval:ssg-obj_lsb:obj:1</abbr></strong> of type
>                <strong>file_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th></tr></thead><tbody><tr><td>/etc/lsb-release</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu</span>Â 
>        <span class="label label-default">oval:ssg-test_ubuntu:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu">oval:ssg-obj_ubuntu:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_ID=Ubuntu$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu</span>Â 
>        <span class="label label-default">oval:ssg-test_ubuntu:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu">oval:ssg-obj_ubuntu:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_ID=Ubuntu$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_unix_family:obj:1</abbr></strong> of type
>                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_unix_family:obj:1</abbr></strong> of type
>                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">/etc/lsb-release exists</span>Â 
>        <span class="label label-default">oval:ssg-test_lsb:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="check /etc/lsb-release file">oval:ssg-obj_lsb:obj:1</abbr></strong> of type
>                <strong>file_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th></tr></thead><tbody><tr><td>/etc/lsb-release</td></tr></tbody></table><h4><span class="label label-primary">/etc/lsb-release exists</span>Â 
>        <span class="label label-default">oval:ssg-test_lsb:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="check /etc/lsb-release file">oval:ssg-obj_lsb:obj:1</abbr></strong> of type
>                <strong>file_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th></tr></thead><tbody><tr><td>/etc/lsb-release</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu</span>Â 
>        <span class="label label-default">oval:ssg-test_ubuntu:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu">oval:ssg-obj_ubuntu:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_ID=Ubuntu$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu</span>Â 
>        <span class="label label-default">oval:ssg-test_ubuntu:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu">oval:ssg-obj_ubuntu:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_ID=Ubuntu$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu version</span>Â 
>        <span class="label label-default">oval:ssg-test_ubuntu_bionic:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu version">oval:ssg-obj_ubuntu_bionic:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_CODENAME=bionic$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu version</span>Â 
>        <span class="label label-default">oval:ssg-test_ubuntu_bionic:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu version">oval:ssg-obj_ubuntu_bionic:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_CODENAME=bionic$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_unix_family:obj:1</abbr></strong> of type
>                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_unix_family:obj:1</abbr></strong> of type
>                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">/etc/lsb-release exists</span>Â 
>        <span class="label label-default">oval:ssg-test_lsb:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="check /etc/lsb-release file">oval:ssg-obj_lsb:obj:1</abbr></strong> of type
>                <strong>file_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th></tr></thead><tbody><tr><td>/etc/lsb-release</td></tr></tbody></table><h4><span class="label label-primary">/etc/lsb-release exists</span>Â 
>        <span class="label label-default">oval:ssg-test_lsb:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="check /etc/lsb-release file">oval:ssg-obj_lsb:obj:1</abbr></strong> of type
>                <strong>file_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th></tr></thead><tbody><tr><td>/etc/lsb-release</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu</span>Â 
>        <span class="label label-default">oval:ssg-test_ubuntu:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu">oval:ssg-obj_ubuntu:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_ID=Ubuntu$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu</span>Â 
>        <span class="label label-default">oval:ssg-test_ubuntu:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu">oval:ssg-obj_ubuntu:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_ID=Ubuntu$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_unix_family:obj:1</abbr></strong> of type
>                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_unix_family:obj:1</abbr></strong> of type
>                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">/etc/lsb-release exists</span>Â 
>        <span class="label label-default">oval:ssg-test_lsb:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="check /etc/lsb-release file">oval:ssg-obj_lsb:obj:1</abbr></strong> of type
>                <strong>file_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th></tr></thead><tbody><tr><td>/etc/lsb-release</td></tr></tbody></table><h4><span class="label label-primary">/etc/lsb-release exists</span>Â 
>        <span class="label label-default">oval:ssg-test_lsb:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="check /etc/lsb-release file">oval:ssg-obj_lsb:obj:1</abbr></strong> of type
>                <strong>file_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th></tr></thead><tbody><tr><td>/etc/lsb-release</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu</span>Â 
>        <span class="label label-default">oval:ssg-test_ubuntu:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu">oval:ssg-obj_ubuntu:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_ID=Ubuntu$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu</span>Â 
>        <span class="label label-default">oval:ssg-test_ubuntu:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu">oval:ssg-obj_ubuntu:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_ID=Ubuntu$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu version</span>Â 
>        <span class="label label-default">oval:ssg-test_ubuntu_focal:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu version">oval:ssg-obj_ubuntu_focal:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_CODENAME=focal$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu version</span>Â 
>        <span class="label label-default">oval:ssg-test_ubuntu_focal:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu version">oval:ssg-obj_ubuntu_focal:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_CODENAME=focal$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_unix_family:obj:1</abbr></strong> of type
>                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_unix_family:obj:1</abbr></strong> of type
>                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">/etc/lsb-release exists</span>Â 
>        <span class="label label-default">oval:ssg-test_lsb:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="check /etc/lsb-release file">oval:ssg-obj_lsb:obj:1</abbr></strong> of type
>                <strong>file_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th></tr></thead><tbody><tr><td>/etc/lsb-release</td></tr></tbody></table><h4><span class="label label-primary">/etc/lsb-release exists</span>Â 
>        <span class="label label-default">oval:ssg-test_lsb:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="check /etc/lsb-release file">oval:ssg-obj_lsb:obj:1</abbr></strong> of type
>                <strong>file_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th></tr></thead><tbody><tr><td>/etc/lsb-release</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu</span>Â 
>        <span class="label label-default">oval:ssg-test_ubuntu:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu">oval:ssg-obj_ubuntu:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_ID=Ubuntu$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu</span>Â 
>        <span class="label label-default">oval:ssg-test_ubuntu:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu">oval:ssg-obj_ubuntu:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_ID=Ubuntu$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_unix_family:obj:1</abbr></strong> of type
>                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_unix_family:obj:1</abbr></strong> of type
>                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">/etc/lsb-release exists</span>Â 
>        <span class="label label-default">oval:ssg-test_lsb:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="check /etc/lsb-release file">oval:ssg-obj_lsb:obj:1</abbr></strong> of type
>                <strong>file_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th></tr></thead><tbody><tr><td>/etc/lsb-release</td></tr></tbody></table><h4><span class="label label-primary">/etc/lsb-release exists</span>Â 
>        <span class="label label-default">oval:ssg-test_lsb:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="check /etc/lsb-release file">oval:ssg-obj_lsb:obj:1</abbr></strong> of type
>                <strong>file_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th></tr></thead><tbody><tr><td>/etc/lsb-release</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu</span>Â 
>        <span class="label label-default">oval:ssg-test_ubuntu:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu">oval:ssg-obj_ubuntu:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_ID=Ubuntu$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu</span>Â 
>        <span class="label label-default">oval:ssg-test_ubuntu:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu">oval:ssg-obj_ubuntu:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_ID=Ubuntu$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu version</span>Â 
>        <span class="label label-default">oval:ssg-test_ubuntu_focal:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu version">oval:ssg-obj_ubuntu_focal:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_CODENAME=focal$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu version</span>Â 
>        <span class="label label-default">oval:ssg-test_ubuntu_focal:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu version">oval:ssg-obj_ubuntu_focal:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_CODENAME=focal$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Verify if Profile set Value sshd_required as not required</span>Â 
>        <span class="label label-default">oval:ssg-test_sshd_not_required:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Var ref</th><th>Value</th></tr></thead><tbody><tr><td>oval:ssg-sshd_required:var:1</td><td>0</td></tr></tbody></table><h4><span class="label label-primary">Verify if Value of sshd_required is the default</span>Â 
>        <span class="label label-default">oval:ssg-test_sshd_requirement_unset:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Var ref</th><th>Value</th></tr></thead><tbody><tr><td>oval:ssg-sshd_required:var:1</td><td>0</td></tr></tbody></table><h4><span class="label label-primary">package openssh is removed</span>Â 
>        <span class="label label-default">oval:ssg-test_package_openssh_removed:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th><th>Arch</th><th>Epoch</th><th>Release</th><th>Version</th><th>Evr</th><th>Signature keyid</th><th>Extended name</th></tr></thead><tbody><tr><td>openssh</td><td>x86_64</td><td>(none)</td><td>150300.3.22.1</td><td>8.4p1</td><td>0:8.4p1-150300.3.22.1</td><td>70af9e8139db7c82</td><td>openssh-0:8.4p1-150300.3.22.1.x86_64</td></tr></tbody></table><h4><span class="label label-primary">Verify if Profile set Value sshd_required as required</span>Â 
>        <span class="label label-default">oval:ssg-test_sshd_required:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Var ref</th><th>Value</th></tr></thead><tbody><tr><td>oval:ssg-sshd_required:var:1</td><td>0</td></tr></tbody></table><h4><span class="label label-primary">Verify if Value of sshd_required is the default</span>Â 
>        <span class="label label-default">oval:ssg-test_sshd_requirement_unset:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Var ref</th><th>Value</th></tr></thead><tbody><tr><td>oval:ssg-sshd_required:var:1</td><td>0</td></tr></tbody></table><h4><span class="label label-primary">package openssh is installed</span>Â 
>        <span class="label label-default">oval:ssg-test_package_openssh_installed:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th><th>Arch</th><th>Epoch</th><th>Release</th><th>Version</th><th>Evr</th><th>Signature keyid</th><th>Extended name</th></tr></thead><tbody><tr><td>openssh</td><td>x86_64</td><td>(none)</td><td>150300.3.22.1</td><td>8.4p1</td><td>0:8.4p1-150300.3.22.1</td><td>70af9e8139db7c82</td><td>openssh-0:8.4p1-150300.3.22.1.x86_64</td></tr></tbody></table><h4><span class="label label-primary">tests the value of MACs setting in the /etc/ssh/sshd_config file</span>Â 
>        <span class="label label-default">oval:ssg-test_sshd_use_approved_macs:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Var ref</th><th>Value</th><th>Value</th></tr></thead><tbody><tr><td>oval:ssg-var_sshd_config_macs:var:1</td><td>hmac-sha2-512</td><td>hmac-sha2-256</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_sshd_use_approved_macs_ordered_stig" id="rule-detail-id34451"><div class="keywords sr-only">Use Only FIPS 140-2 Validated MACsxccdf_org.ssgproject.content_rule_sshd_use_approved_macs_ordered_stig mediumCCE-83280-8 </div><div class="panel-heading"><h3 class="panel-title">Use Only FIPS 140-2 Validated MACs</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_sshd_use_approved_macs_ordered_stig</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-sshd_use_approved_macs_ordered_stig:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:07+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
>            <abbr title="https://ncp.nist.gov/cce: CCE-83280-8">CCE-83280-8</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
>            <a href="https://public.cyber.mil/stigs/cci/">CCI-000068</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000803</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000877</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001453</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-003123</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000125-GPOS-00065</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000250-GPOS-00093</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000394-GPOS-00174</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">SLES-15-010270</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-234826r744126_rule</a></p></td></tr><tr><td>Description</td><td><div class="description">Limit the MACs to those hash algorithms which are FIPS-approved.
>The following line in <code>/etc/ssh/sshd_config</code>
>demonstrates use of FIPS-approved MACs:
><pre>MACs hmac-sha2-512,hmac-sha2-256</pre>
>This rule ensures that there are configured MACs mentioned
>above (or their subset), keeping the given order of algorithms.</div></td></tr><tr><td>Rationale</td><td><div class="rationale">DoD Information Systems are required to use FIPS-approved cryptographic hash
>functions. The only SSHv2 hash algorithms meeting this requirement is SHA2.</div></td></tr><tr><td>Warnings</td><td><div class="panel panel-warning"><div class="panel-heading"><span class="label label-warning">warning</span>Â 
>                                The system needs to be rebooted for these changes to take effect.</div></div><div class="panel panel-warning"><div class="panel-heading"><span class="label label-warning">warning</span>Â 
>                                System Crypto Modules must be provided by a vendor that undergoes
>FIPS-140 certifications.
>FIPS-140 is applicable to all Federal agencies that use
>cryptographic-based security systems to protect sensitive information
>in computer and telecommunication systems (including voice systems) as
>defined in Section 5131 of the Information Technology Management Reform
>Act of 1996, Public Law 104-106. This standard shall be used in
>designing and implementing cryptographic modules that Federal
>departments and agencies operate or are operated for them under
>contract. See <b><a href="https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.140-2.pdf">https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.140-2.pdf</a></b>
>To meet this, the system has to have cryptographic software provided by
>a vendor that has undergone this certification. This means providing
>documentation, test results, design information, and independent third
>party review by an accredited lab. While open source software is
>capable of meeting this, it does not meet FIPS-140 unless the vendor
>submits to this process.</div></div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">installed OS part of unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_rhel7_unix_family:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">installed OS part of unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_rhel7_unix_family:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhel7_unix_family:obj:1</abbr></strong> of type
>                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">redhat-release-client is version 7</span>Â 
>        <span class="label label-default">oval:ssg-test_rhel7_client:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhel7_client:obj:1</abbr></strong> of type
>                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>redhat-release-client</td></tr></tbody></table><h4><span class="label label-primary">redhat-release-client is version 7</span>Â 
>        <span class="label label-default">oval:ssg-test_rhel7_client:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhel7_client:obj:1</abbr></strong> of type
>                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>redhat-release-client</td></tr></tbody></table><h4><span class="label label-primary">redhat-release-workstation is version 7</span>Â 
>        <span class="label label-default">oval:ssg-test_rhel7_workstation:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhel7_workstation:obj:1</abbr></strong> of type
>                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>redhat-release-workstation</td></tr></tbody></table><h4><span class="label label-primary">redhat-release-workstation is version 7</span>Â 
>        <span class="label label-default">oval:ssg-test_rhel7_workstation:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhel7_workstation:obj:1</abbr></strong> of type
>                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>redhat-release-workstation</td></tr></tbody></table><h4><span class="label label-primary">redhat-release-server is version 7</span>Â 
>        <span class="label label-default">oval:ssg-test_rhel7_server:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhel7_server:obj:1</abbr></strong> of type
>                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>redhat-release-server</td></tr></tbody></table><h4><span class="label label-primary">redhat-release-server is version 7</span>Â 
>        <span class="label label-default">oval:ssg-test_rhel7_server:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhel7_server:obj:1</abbr></strong> of type
>                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>redhat-release-server</td></tr></tbody></table><h4><span class="label label-primary">redhat-release-computenode is version 7</span>Â 
>        <span class="label label-default">oval:ssg-test_rhel7_computenode:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhel7_computenode:obj:1</abbr></strong> of type
>                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>redhat-release-computenode</td></tr></tbody></table><h4><span class="label label-primary">redhat-release-computenode is version 7</span>Â 
>        <span class="label label-default">oval:ssg-test_rhel7_computenode:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhel7_computenode:obj:1</abbr></strong> of type
>                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>redhat-release-computenode</td></tr></tbody></table><h4><span class="label label-primary">redhat-release-virtualization-host RPM package is installed</span>Â 
>        <span class="label label-default">oval:ssg-test_rhvh4_version:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhvh4_version:obj:1</abbr></strong> of type
>                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>redhat-release-virtualization-host</td></tr></tbody></table><h4><span class="label label-primary">redhat-release-virtualization-host RPM package is installed</span>Â 
>        <span class="label label-default">oval:ssg-test_rhvh4_version:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhvh4_version:obj:1</abbr></strong> of type
>                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>redhat-release-virtualization-host</td></tr></tbody></table><h4><span class="label label-primary">RHEVH base RHEL is version 7</span>Â 
>        <span class="label label-default">oval:ssg-test_rhevh_rhel7_version:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhevh_rhel7_version:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/redhat-release</td><td>^Red Hat Enterprise Linux release (\d)\.\d+$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">RHEVH base RHEL is version 7</span>Â 
>        <span class="label label-default">oval:ssg-test_rhevh_rhel7_version:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhevh_rhel7_version:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/redhat-release</td><td>^Red Hat Enterprise Linux release (\d)\.\d+$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">installed OS part of unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_rhel7_unix_family:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">installed OS part of unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_rhel7_unix_family:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhel7_unix_family:obj:1</abbr></strong> of type
>                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">redhat-release-client is version 7</span>Â 
>        <span class="label label-default">oval:ssg-test_rhel7_client:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhel7_client:obj:1</abbr></strong> of type
>                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>redhat-release-client</td></tr></tbody></table><h4><span class="label label-primary">redhat-release-client is version 7</span>Â 
>        <span class="label label-default">oval:ssg-test_rhel7_client:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhel7_client:obj:1</abbr></strong> of type
>                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>redhat-release-client</td></tr></tbody></table><h4><span class="label label-primary">redhat-release-workstation is version 7</span>Â 
>        <span class="label label-default">oval:ssg-test_rhel7_workstation:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhel7_workstation:obj:1</abbr></strong> of type
>                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>redhat-release-workstation</td></tr></tbody></table><h4><span class="label label-primary">redhat-release-workstation is version 7</span>Â 
>        <span class="label label-default">oval:ssg-test_rhel7_workstation:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhel7_workstation:obj:1</abbr></strong> of type
>                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>redhat-release-workstation</td></tr></tbody></table><h4><span class="label label-primary">redhat-release-server is version 7</span>Â 
>        <span class="label label-default">oval:ssg-test_rhel7_server:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhel7_server:obj:1</abbr></strong> of type
>                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>redhat-release-server</td></tr></tbody></table><h4><span class="label label-primary">redhat-release-server is version 7</span>Â 
>        <span class="label label-default">oval:ssg-test_rhel7_server:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhel7_server:obj:1</abbr></strong> of type
>                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>redhat-release-server</td></tr></tbody></table><h4><span class="label label-primary">redhat-release-computenode is version 7</span>Â 
>        <span class="label label-default">oval:ssg-test_rhel7_computenode:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhel7_computenode:obj:1</abbr></strong> of type
>                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>redhat-release-computenode</td></tr></tbody></table><h4><span class="label label-primary">redhat-release-computenode is version 7</span>Â 
>        <span class="label label-default">oval:ssg-test_rhel7_computenode:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhel7_computenode:obj:1</abbr></strong> of type
>                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>redhat-release-computenode</td></tr></tbody></table><h4><span class="label label-primary">redhat-release-virtualization-host RPM package is installed</span>Â 
>        <span class="label label-default">oval:ssg-test_rhvh4_version:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhvh4_version:obj:1</abbr></strong> of type
>                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>redhat-release-virtualization-host</td></tr></tbody></table><h4><span class="label label-primary">redhat-release-virtualization-host RPM package is installed</span>Â 
>        <span class="label label-default">oval:ssg-test_rhvh4_version:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhvh4_version:obj:1</abbr></strong> of type
>                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>redhat-release-virtualization-host</td></tr></tbody></table><h4><span class="label label-primary">RHEVH base RHEL is version 7</span>Â 
>        <span class="label label-default">oval:ssg-test_rhevh_rhel7_version:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhevh_rhel7_version:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/redhat-release</td><td>^Red Hat Enterprise Linux release (\d)\.\d+$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">RHEVH base RHEL is version 7</span>Â 
>        <span class="label label-default">oval:ssg-test_rhevh_rhel7_version:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhevh_rhel7_version:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/redhat-release</td><td>^Red Hat Enterprise Linux release (\d)\.\d+$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">installed OS part of unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_rhel8_unix_family:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">installed OS part of unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_rhel8_unix_family:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhel8_unix_family:obj:1</abbr></strong> of type
>                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">redhat-release is version 8</span>Â 
>        <span class="label label-default">oval:ssg-test_rhel8:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhel8:obj:1</abbr></strong> of type
>                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>redhat-release</td></tr></tbody></table><h4><span class="label label-primary">redhat-release is version 8</span>Â 
>        <span class="label label-default">oval:ssg-test_rhel8:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhel8:obj:1</abbr></strong> of type
>                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>redhat-release</td></tr></tbody></table><h4><span class="label label-primary">redhat-release-virtualization-host RPM package is installed</span>Â 
>        <span class="label label-default">oval:ssg-test_rhvh4_version:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhvh4_version:obj:1</abbr></strong> of type
>                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>redhat-release-virtualization-host</td></tr></tbody></table><h4><span class="label label-primary">redhat-release-virtualization-host RPM package is installed</span>Â 
>        <span class="label label-default">oval:ssg-test_rhvh4_version:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhvh4_version:obj:1</abbr></strong> of type
>                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>redhat-release-virtualization-host</td></tr></tbody></table><h4><span class="label label-primary">RHEVH base RHEL is version 8</span>Â 
>        <span class="label label-default">oval:ssg-test_rhevh_rhel8_version:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhevh_rhel8_version:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/redhat-release</td><td>^Red Hat Enterprise Linux release (\d)\.\d+$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">RHEVH base RHEL is version 8</span>Â 
>        <span class="label label-default">oval:ssg-test_rhevh_rhel8_version:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhevh_rhel8_version:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/redhat-release</td><td>^Red Hat Enterprise Linux release (\d)\.\d+$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">installed OS part of unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_rhel8_unix_family:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">installed OS part of unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_rhel8_unix_family:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhel8_unix_family:obj:1</abbr></strong> of type
>                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">redhat-release is version 8</span>Â 
>        <span class="label label-default">oval:ssg-test_rhel8:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhel8:obj:1</abbr></strong> of type
>                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>redhat-release</td></tr></tbody></table><h4><span class="label label-primary">redhat-release is version 8</span>Â 
>        <span class="label label-default">oval:ssg-test_rhel8:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhel8:obj:1</abbr></strong> of type
>                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>redhat-release</td></tr></tbody></table><h4><span class="label label-primary">redhat-release-virtualization-host RPM package is installed</span>Â 
>        <span class="label label-default">oval:ssg-test_rhvh4_version:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhvh4_version:obj:1</abbr></strong> of type
>                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>redhat-release-virtualization-host</td></tr></tbody></table><h4><span class="label label-primary">redhat-release-virtualization-host RPM package is installed</span>Â 
>        <span class="label label-default">oval:ssg-test_rhvh4_version:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhvh4_version:obj:1</abbr></strong> of type
>                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>redhat-release-virtualization-host</td></tr></tbody></table><h4><span class="label label-primary">RHEVH base RHEL is version 8</span>Â 
>        <span class="label label-default">oval:ssg-test_rhevh_rhel8_version:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhevh_rhel8_version:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/redhat-release</td><td>^Red Hat Enterprise Linux release (\d)\.\d+$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">RHEVH base RHEL is version 8</span>Â 
>        <span class="label label-default">oval:ssg-test_rhevh_rhel8_version:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhevh_rhel8_version:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/redhat-release</td><td>^Red Hat Enterprise Linux release (\d)\.\d+$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">os-release is rhcos</span>Â 
>        <span class="label label-default">oval:ssg-test_rhcos:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/os-release</td><td>ID="sles"</td></tr></tbody></table><h4><span class="label label-primary">os-release is rhcos</span>Â 
>        <span class="label label-default">oval:ssg-test_rhcos:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhcos:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/os-release</td><td>^ID="(\w+)"$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">rhcoreos is version 4</span>Â 
>        <span class="label label-default">oval:ssg-test_rhcos4:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhcos4:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/os-release</td><td>^VERSION_ID="(\d)\.\d+"$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">rhcoreos is version 4</span>Â 
>        <span class="label label-default">oval:ssg-test_rhcos4:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhcos4:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/os-release</td><td>^VERSION_ID="(\d)\.\d+"$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">os-release is rhcos</span>Â 
>        <span class="label label-default">oval:ssg-test_rhcos:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/os-release</td><td>ID="sles"</td></tr></tbody></table><h4><span class="label label-primary">os-release is rhcos</span>Â 
>        <span class="label label-default">oval:ssg-test_rhcos:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhcos:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/os-release</td><td>^ID="(\w+)"$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">rhcoreos is version 4</span>Â 
>        <span class="label label-default">oval:ssg-test_rhcos4:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhcos4:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/os-release</td><td>^VERSION_ID="(\d)\.\d+"$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">rhcoreos is version 4</span>Â 
>        <span class="label label-default">oval:ssg-test_rhcos4:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhcos4:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/os-release</td><td>^VERSION_ID="(\d)\.\d+"$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_unix_family:obj:1</abbr></strong> of type
>                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_unix_family:obj:1</abbr></strong> of type
>                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">oraclelinux-release is version 7</span>Â 
>        <span class="label label-default">oval:ssg-test_ol7_system:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_ol7_system:obj:1</abbr></strong> of type
>                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>oraclelinux-release</td></tr></tbody></table><h4><span class="label label-primary">oraclelinux-release is version 7</span>Â 
>        <span class="label label-default">oval:ssg-test_ol7_system:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_ol7_system:obj:1</abbr></strong> of type
>                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>oraclelinux-release</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_unix_family:obj:1</abbr></strong> of type
>                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_unix_family:obj:1</abbr></strong> of type
>                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">oraclelinux-release is version 7</span>Â 
>        <span class="label label-default">oval:ssg-test_ol7_system:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_ol7_system:obj:1</abbr></strong> of type
>                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>oraclelinux-release</td></tr></tbody></table><h4><span class="label label-primary">oraclelinux-release is version 7</span>Â 
>        <span class="label label-default">oval:ssg-test_ol7_system:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_ol7_system:obj:1</abbr></strong> of type
>                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>oraclelinux-release</td></tr></tbody></table><h4><span class="label label-primary">installed OS part of unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_sle12_unix_family:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">installed OS part of unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_sle12_unix_family:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_sle12_unix_family:obj:1</abbr></strong> of type
>                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">sled-release is version 6</span>Â 
>        <span class="label label-default">oval:ssg-test_sle12_desktop:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_sle12_desktop:obj:1</abbr></strong> of type
>                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>sled-release</td></tr></tbody></table><h4><span class="label label-primary">sled-release is version 6</span>Â 
>        <span class="label label-default">oval:ssg-test_sle12_desktop:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_sle12_desktop:obj:1</abbr></strong> of type
>                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>sled-release</td></tr></tbody></table><h4><span class="label label-primary">sles-release is version 6</span>Â 
>        <span class="label label-default">oval:ssg-test_sle12_server:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th><th>Arch</th><th>Epoch</th><th>Release</th><th>Version</th><th>Evr</th><th>Signature keyid</th><th>Extended name</th></tr></thead><tbody><tr><td>sles-release</td><td>x86_64</td><td>(none)</td><td>150500.43.4</td><td>15.5</td><td>0:15.5-150500.43.4</td><td>70af9e8139db7c82</td><td>sles-release-0:15.5-150500.43.4.x86_64</td></tr></tbody></table><h4><span class="label label-primary">sles-release is version 6</span>Â 
>        <span class="label label-default">oval:ssg-test_sle12_server:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_sle12_server:obj:1</abbr></strong> of type
>                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>sles-release</td></tr></tbody></table><h4><span class="label label-primary">SLES_SAP-release is version 12</span>Â 
>        <span class="label label-default">oval:ssg-test_sles_12_for_sap:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_sles_12_for_sap:obj:1</abbr></strong> of type
>                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>SLES_SAP-release</td></tr></tbody></table><h4><span class="label label-primary">SLES_SAP-release is version 12</span>Â 
>        <span class="label label-default">oval:ssg-test_sles_12_for_sap:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_sles_12_for_sap:obj:1</abbr></strong> of type
>                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>SLES_SAP-release</td></tr></tbody></table><h4><span class="label label-primary">installed OS part of unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_sle12_unix_family:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">installed OS part of unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_sle12_unix_family:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_sle12_unix_family:obj:1</abbr></strong> of type
>                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">sled-release is version 6</span>Â 
>        <span class="label label-default">oval:ssg-test_sle12_desktop:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_sle12_desktop:obj:1</abbr></strong> of type
>                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>sled-release</td></tr></tbody></table><h4><span class="label label-primary">sled-release is version 6</span>Â 
>        <span class="label label-default">oval:ssg-test_sle12_desktop:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_sle12_desktop:obj:1</abbr></strong> of type
>                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>sled-release</td></tr></tbody></table><h4><span class="label label-primary">sles-release is version 6</span>Â 
>        <span class="label label-default">oval:ssg-test_sle12_server:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th><th>Arch</th><th>Epoch</th><th>Release</th><th>Version</th><th>Evr</th><th>Signature keyid</th><th>Extended name</th></tr></thead><tbody><tr><td>sles-release</td><td>x86_64</td><td>(none)</td><td>150500.43.4</td><td>15.5</td><td>0:15.5-150500.43.4</td><td>70af9e8139db7c82</td><td>sles-release-0:15.5-150500.43.4.x86_64</td></tr></tbody></table><h4><span class="label label-primary">sles-release is version 6</span>Â 
>        <span class="label label-default">oval:ssg-test_sle12_server:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_sle12_server:obj:1</abbr></strong> of type
>                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>sles-release</td></tr></tbody></table><h4><span class="label label-primary">SLES_SAP-release is version 12</span>Â 
>        <span class="label label-default">oval:ssg-test_sles_12_for_sap:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_sles_12_for_sap:obj:1</abbr></strong> of type
>                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>SLES_SAP-release</td></tr></tbody></table><h4><span class="label label-primary">SLES_SAP-release is version 12</span>Â 
>        <span class="label label-default">oval:ssg-test_sles_12_for_sap:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_sles_12_for_sap:obj:1</abbr></strong> of type
>                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>SLES_SAP-release</td></tr></tbody></table><h4><span class="label label-primary">installed OS part of unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_sle15_unix_family:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">installed OS part of unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_sle15_unix_family:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">sled-release is version 15</span>Â 
>        <span class="label label-default">oval:ssg-test_sle15_desktop:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_sle15_desktop:obj:1</abbr></strong> of type
>                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>sled-release</td></tr></tbody></table><h4><span class="label label-primary">sled-release is version 15</span>Â 
>        <span class="label label-default">oval:ssg-test_sle15_desktop:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_sle15_desktop:obj:1</abbr></strong> of type
>                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>sled-release</td></tr></tbody></table><h4><span class="label label-primary">sles-release is version 15</span>Â 
>        <span class="label label-default">oval:ssg-test_sle15_server:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th><th>Arch</th><th>Epoch</th><th>Release</th><th>Version</th><th>Evr</th><th>Signature keyid</th><th>Extended name</th></tr></thead><tbody><tr><td>sles-release</td><td>x86_64</td><td>(none)</td><td>150500.43.4</td><td>15.5</td><td>0:15.5-150500.43.4</td><td>70af9e8139db7c82</td><td>sles-release-0:15.5-150500.43.4.x86_64</td></tr></tbody></table><h4><span class="label label-primary">sles-release is version 15</span>Â 
>        <span class="label label-default">oval:ssg-test_sle15_server:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th><th>Arch</th><th>Epoch</th><th>Release</th><th>Version</th><th>Evr</th><th>Signature keyid</th><th>Extended name</th></tr></thead><tbody><tr><td>sles-release</td><td>x86_64</td><td>(none)</td><td>150500.43.4</td><td>15.5</td><td>0:15.5-150500.43.4</td><td>70af9e8139db7c82</td><td>sles-release-0:15.5-150500.43.4.x86_64</td></tr></tbody></table><h4><span class="label label-primary">SLES_SAP-release is version 15</span>Â 
>        <span class="label label-default">oval:ssg-test_sles_15_for_sap:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_sles_15_for_sap:obj:1</abbr></strong> of type
>                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>SLES_SAP-release</td></tr></tbody></table><h4><span class="label label-primary">SLES_SAP-release is version 15</span>Â 
>        <span class="label label-default">oval:ssg-test_sles_15_for_sap:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_sles_15_for_sap:obj:1</abbr></strong> of type
>                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>SLES_SAP-release</td></tr></tbody></table><h4><span class="label label-primary">SUMA is version 4</span>Â 
>        <span class="label label-default">oval:ssg-test_suma_4:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_suma_4:obj:1</abbr></strong> of type
>                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>SUSE-Manager-Server-release</td></tr></tbody></table><h4><span class="label label-primary">SUMA is version 4</span>Â 
>        <span class="label label-default">oval:ssg-test_suma_4:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_suma_4:obj:1</abbr></strong> of type
>                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>SUSE-Manager-Server-release</td></tr></tbody></table><h4><span class="label label-primary">SLE HPC release is version 15</span>Â 
>        <span class="label label-default">oval:ssg-test_sle_hpc:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_sle_hpc:obj:1</abbr></strong> of type
>                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>SLE_HPC-release</td></tr></tbody></table><h4><span class="label label-primary">SLE HPC release is version 15</span>Â 
>        <span class="label label-default">oval:ssg-test_sle_hpc:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_sle_hpc:obj:1</abbr></strong> of type
>                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>SLE_HPC-release</td></tr></tbody></table><h4><span class="label label-primary">installed OS part of unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_sle15_unix_family:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">installed OS part of unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_sle15_unix_family:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">sled-release is version 15</span>Â 
>        <span class="label label-default">oval:ssg-test_sle15_desktop:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_sle15_desktop:obj:1</abbr></strong> of type
>                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>sled-release</td></tr></tbody></table><h4><span class="label label-primary">sled-release is version 15</span>Â 
>        <span class="label label-default">oval:ssg-test_sle15_desktop:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_sle15_desktop:obj:1</abbr></strong> of type
>                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>sled-release</td></tr></tbody></table><h4><span class="label label-primary">sles-release is version 15</span>Â 
>        <span class="label label-default">oval:ssg-test_sle15_server:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th><th>Arch</th><th>Epoch</th><th>Release</th><th>Version</th><th>Evr</th><th>Signature keyid</th><th>Extended name</th></tr></thead><tbody><tr><td>sles-release</td><td>x86_64</td><td>(none)</td><td>150500.43.4</td><td>15.5</td><td>0:15.5-150500.43.4</td><td>70af9e8139db7c82</td><td>sles-release-0:15.5-150500.43.4.x86_64</td></tr></tbody></table><h4><span class="label label-primary">sles-release is version 15</span>Â 
>        <span class="label label-default">oval:ssg-test_sle15_server:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th><th>Arch</th><th>Epoch</th><th>Release</th><th>Version</th><th>Evr</th><th>Signature keyid</th><th>Extended name</th></tr></thead><tbody><tr><td>sles-release</td><td>x86_64</td><td>(none)</td><td>150500.43.4</td><td>15.5</td><td>0:15.5-150500.43.4</td><td>70af9e8139db7c82</td><td>sles-release-0:15.5-150500.43.4.x86_64</td></tr></tbody></table><h4><span class="label label-primary">SLES_SAP-release is version 15</span>Â 
>        <span class="label label-default">oval:ssg-test_sles_15_for_sap:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_sles_15_for_sap:obj:1</abbr></strong> of type
>                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>SLES_SAP-release</td></tr></tbody></table><h4><span class="label label-primary">SLES_SAP-release is version 15</span>Â 
>        <span class="label label-default">oval:ssg-test_sles_15_for_sap:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_sles_15_for_sap:obj:1</abbr></strong> of type
>                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>SLES_SAP-release</td></tr></tbody></table><h4><span class="label label-primary">SUMA is version 4</span>Â 
>        <span class="label label-default">oval:ssg-test_suma_4:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_suma_4:obj:1</abbr></strong> of type
>                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>SUSE-Manager-Server-release</td></tr></tbody></table><h4><span class="label label-primary">SUMA is version 4</span>Â 
>        <span class="label label-default">oval:ssg-test_suma_4:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_suma_4:obj:1</abbr></strong> of type
>                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>SUSE-Manager-Server-release</td></tr></tbody></table><h4><span class="label label-primary">SLE HPC release is version 15</span>Â 
>        <span class="label label-default">oval:ssg-test_sle_hpc:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_sle_hpc:obj:1</abbr></strong> of type
>                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>SLE_HPC-release</td></tr></tbody></table><h4><span class="label label-primary">SLE HPC release is version 15</span>Â 
>        <span class="label label-default">oval:ssg-test_sle_hpc:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_sle_hpc:obj:1</abbr></strong> of type
>                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>SLE_HPC-release</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_unix_family:obj:1</abbr></strong> of type
>                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_unix_family:obj:1</abbr></strong> of type
>                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">/etc/lsb-release exists</span>Â 
>        <span class="label label-default">oval:ssg-test_lsb:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="check /etc/lsb-release file">oval:ssg-obj_lsb:obj:1</abbr></strong> of type
>                <strong>file_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th></tr></thead><tbody><tr><td>/etc/lsb-release</td></tr></tbody></table><h4><span class="label label-primary">/etc/lsb-release exists</span>Â 
>        <span class="label label-default">oval:ssg-test_lsb:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="check /etc/lsb-release file">oval:ssg-obj_lsb:obj:1</abbr></strong> of type
>                <strong>file_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th></tr></thead><tbody><tr><td>/etc/lsb-release</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu</span>Â 
>        <span class="label label-default">oval:ssg-test_ubuntu:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu">oval:ssg-obj_ubuntu:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_ID=Ubuntu$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu</span>Â 
>        <span class="label label-default">oval:ssg-test_ubuntu:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu">oval:ssg-obj_ubuntu:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_ID=Ubuntu$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_unix_family:obj:1</abbr></strong> of type
>                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_unix_family:obj:1</abbr></strong> of type
>                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">/etc/lsb-release exists</span>Â 
>        <span class="label label-default">oval:ssg-test_lsb:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="check /etc/lsb-release file">oval:ssg-obj_lsb:obj:1</abbr></strong> of type
>                <strong>file_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th></tr></thead><tbody><tr><td>/etc/lsb-release</td></tr></tbody></table><h4><span class="label label-primary">/etc/lsb-release exists</span>Â 
>        <span class="label label-default">oval:ssg-test_lsb:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="check /etc/lsb-release file">oval:ssg-obj_lsb:obj:1</abbr></strong> of type
>                <strong>file_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th></tr></thead><tbody><tr><td>/etc/lsb-release</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu</span>Â 
>        <span class="label label-default">oval:ssg-test_ubuntu:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu">oval:ssg-obj_ubuntu:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_ID=Ubuntu$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu</span>Â 
>        <span class="label label-default">oval:ssg-test_ubuntu:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu">oval:ssg-obj_ubuntu:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_ID=Ubuntu$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu version</span>Â 
>        <span class="label label-default">oval:ssg-test_ubuntu_xenial:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu version">oval:ssg-obj_ubuntu_xenial:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_CODENAME=xenial$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu version</span>Â 
>        <span class="label label-default">oval:ssg-test_ubuntu_xenial:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu version">oval:ssg-obj_ubuntu_xenial:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_CODENAME=xenial$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_unix_family:obj:1</abbr></strong> of type
>                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_unix_family:obj:1</abbr></strong> of type
>                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">/etc/lsb-release exists</span>Â 
>        <span class="label label-default">oval:ssg-test_lsb:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="check /etc/lsb-release file">oval:ssg-obj_lsb:obj:1</abbr></strong> of type
>                <strong>file_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th></tr></thead><tbody><tr><td>/etc/lsb-release</td></tr></tbody></table><h4><span class="label label-primary">/etc/lsb-release exists</span>Â 
>        <span class="label label-default">oval:ssg-test_lsb:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="check /etc/lsb-release file">oval:ssg-obj_lsb:obj:1</abbr></strong> of type
>                <strong>file_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th></tr></thead><tbody><tr><td>/etc/lsb-release</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu</span>Â 
>        <span class="label label-default">oval:ssg-test_ubuntu:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu">oval:ssg-obj_ubuntu:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_ID=Ubuntu$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu</span>Â 
>        <span class="label label-default">oval:ssg-test_ubuntu:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu">oval:ssg-obj_ubuntu:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_ID=Ubuntu$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_unix_family:obj:1</abbr></strong> of type
>                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_unix_family:obj:1</abbr></strong> of type
>                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">/etc/lsb-release exists</span>Â 
>        <span class="label label-default">oval:ssg-test_lsb:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="check /etc/lsb-release file">oval:ssg-obj_lsb:obj:1</abbr></strong> of type
>                <strong>file_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th></tr></thead><tbody><tr><td>/etc/lsb-release</td></tr></tbody></table><h4><span class="label label-primary">/etc/lsb-release exists</span>Â 
>        <span class="label label-default">oval:ssg-test_lsb:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="check /etc/lsb-release file">oval:ssg-obj_lsb:obj:1</abbr></strong> of type
>                <strong>file_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th></tr></thead><tbody><tr><td>/etc/lsb-release</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu</span>Â 
>        <span class="label label-default">oval:ssg-test_ubuntu:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu">oval:ssg-obj_ubuntu:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_ID=Ubuntu$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu</span>Â 
>        <span class="label label-default">oval:ssg-test_ubuntu:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu">oval:ssg-obj_ubuntu:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_ID=Ubuntu$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu version</span>Â 
>        <span class="label label-default">oval:ssg-test_ubuntu_xenial:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu version">oval:ssg-obj_ubuntu_xenial:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_CODENAME=xenial$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu version</span>Â 
>        <span class="label label-default">oval:ssg-test_ubuntu_xenial:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu version">oval:ssg-obj_ubuntu_xenial:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_CODENAME=xenial$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_unix_family:obj:1</abbr></strong> of type
>                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_unix_family:obj:1</abbr></strong> of type
>                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">/etc/lsb-release exists</span>Â 
>        <span class="label label-default">oval:ssg-test_lsb:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="check /etc/lsb-release file">oval:ssg-obj_lsb:obj:1</abbr></strong> of type
>                <strong>file_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th></tr></thead><tbody><tr><td>/etc/lsb-release</td></tr></tbody></table><h4><span class="label label-primary">/etc/lsb-release exists</span>Â 
>        <span class="label label-default">oval:ssg-test_lsb:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="check /etc/lsb-release file">oval:ssg-obj_lsb:obj:1</abbr></strong> of type
>                <strong>file_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th></tr></thead><tbody><tr><td>/etc/lsb-release</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu</span>Â 
>        <span class="label label-default">oval:ssg-test_ubuntu:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu">oval:ssg-obj_ubuntu:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_ID=Ubuntu$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu</span>Â 
>        <span class="label label-default">oval:ssg-test_ubuntu:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu">oval:ssg-obj_ubuntu:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_ID=Ubuntu$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_unix_family:obj:1</abbr></strong> of type
>                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_unix_family:obj:1</abbr></strong> of type
>                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">/etc/lsb-release exists</span>Â 
>        <span class="label label-default">oval:ssg-test_lsb:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="check /etc/lsb-release file">oval:ssg-obj_lsb:obj:1</abbr></strong> of type
>                <strong>file_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th></tr></thead><tbody><tr><td>/etc/lsb-release</td></tr></tbody></table><h4><span class="label label-primary">/etc/lsb-release exists</span>Â 
>        <span class="label label-default">oval:ssg-test_lsb:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="check /etc/lsb-release file">oval:ssg-obj_lsb:obj:1</abbr></strong> of type
>                <strong>file_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th></tr></thead><tbody><tr><td>/etc/lsb-release</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu</span>Â 
>        <span class="label label-default">oval:ssg-test_ubuntu:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu">oval:ssg-obj_ubuntu:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_ID=Ubuntu$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu</span>Â 
>        <span class="label label-default">oval:ssg-test_ubuntu:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu">oval:ssg-obj_ubuntu:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_ID=Ubuntu$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu version</span>Â 
>        <span class="label label-default">oval:ssg-test_ubuntu_bionic:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu version">oval:ssg-obj_ubuntu_bionic:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_CODENAME=bionic$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu version</span>Â 
>        <span class="label label-default">oval:ssg-test_ubuntu_bionic:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu version">oval:ssg-obj_ubuntu_bionic:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_CODENAME=bionic$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_unix_family:obj:1</abbr></strong> of type
>                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_unix_family:obj:1</abbr></strong> of type
>                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">/etc/lsb-release exists</span>Â 
>        <span class="label label-default">oval:ssg-test_lsb:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="check /etc/lsb-release file">oval:ssg-obj_lsb:obj:1</abbr></strong> of type
>                <strong>file_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th></tr></thead><tbody><tr><td>/etc/lsb-release</td></tr></tbody></table><h4><span class="label label-primary">/etc/lsb-release exists</span>Â 
>        <span class="label label-default">oval:ssg-test_lsb:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="check /etc/lsb-release file">oval:ssg-obj_lsb:obj:1</abbr></strong> of type
>                <strong>file_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th></tr></thead><tbody><tr><td>/etc/lsb-release</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu</span>Â 
>        <span class="label label-default">oval:ssg-test_ubuntu:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu">oval:ssg-obj_ubuntu:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_ID=Ubuntu$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu</span>Â 
>        <span class="label label-default">oval:ssg-test_ubuntu:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu">oval:ssg-obj_ubuntu:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_ID=Ubuntu$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_unix_family:obj:1</abbr></strong> of type
>                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_unix_family:obj:1</abbr></strong> of type
>                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">/etc/lsb-release exists</span>Â 
>        <span class="label label-default">oval:ssg-test_lsb:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="check /etc/lsb-release file">oval:ssg-obj_lsb:obj:1</abbr></strong> of type
>                <strong>file_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th></tr></thead><tbody><tr><td>/etc/lsb-release</td></tr></tbody></table><h4><span class="label label-primary">/etc/lsb-release exists</span>Â 
>        <span class="label label-default">oval:ssg-test_lsb:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="check /etc/lsb-release file">oval:ssg-obj_lsb:obj:1</abbr></strong> of type
>                <strong>file_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th></tr></thead><tbody><tr><td>/etc/lsb-release</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu</span>Â 
>        <span class="label label-default">oval:ssg-test_ubuntu:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu">oval:ssg-obj_ubuntu:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_ID=Ubuntu$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu</span>Â 
>        <span class="label label-default">oval:ssg-test_ubuntu:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu">oval:ssg-obj_ubuntu:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_ID=Ubuntu$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu version</span>Â 
>        <span class="label label-default">oval:ssg-test_ubuntu_bionic:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu version">oval:ssg-obj_ubuntu_bionic:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_CODENAME=bionic$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu version</span>Â 
>        <span class="label label-default">oval:ssg-test_ubuntu_bionic:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu version">oval:ssg-obj_ubuntu_bionic:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_CODENAME=bionic$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_unix_family:obj:1</abbr></strong> of type
>                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_unix_family:obj:1</abbr></strong> of type
>                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">/etc/lsb-release exists</span>Â 
>        <span class="label label-default">oval:ssg-test_lsb:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="check /etc/lsb-release file">oval:ssg-obj_lsb:obj:1</abbr></strong> of type
>                <strong>file_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th></tr></thead><tbody><tr><td>/etc/lsb-release</td></tr></tbody></table><h4><span class="label label-primary">/etc/lsb-release exists</span>Â 
>        <span class="label label-default">oval:ssg-test_lsb:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="check /etc/lsb-release file">oval:ssg-obj_lsb:obj:1</abbr></strong> of type
>                <strong>file_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th></tr></thead><tbody><tr><td>/etc/lsb-release</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu</span>Â 
>        <span class="label label-default">oval:ssg-test_ubuntu:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu">oval:ssg-obj_ubuntu:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_ID=Ubuntu$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu</span>Â 
>        <span class="label label-default">oval:ssg-test_ubuntu:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu">oval:ssg-obj_ubuntu:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_ID=Ubuntu$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_unix_family:obj:1</abbr></strong> of type
>                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_unix_family:obj:1</abbr></strong> of type
>                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">/etc/lsb-release exists</span>Â 
>        <span class="label label-default">oval:ssg-test_lsb:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="check /etc/lsb-release file">oval:ssg-obj_lsb:obj:1</abbr></strong> of type
>                <strong>file_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th></tr></thead><tbody><tr><td>/etc/lsb-release</td></tr></tbody></table><h4><span class="label label-primary">/etc/lsb-release exists</span>Â 
>        <span class="label label-default">oval:ssg-test_lsb:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="check /etc/lsb-release file">oval:ssg-obj_lsb:obj:1</abbr></strong> of type
>                <strong>file_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th></tr></thead><tbody><tr><td>/etc/lsb-release</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu</span>Â 
>        <span class="label label-default">oval:ssg-test_ubuntu:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu">oval:ssg-obj_ubuntu:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_ID=Ubuntu$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu</span>Â 
>        <span class="label label-default">oval:ssg-test_ubuntu:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu">oval:ssg-obj_ubuntu:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_ID=Ubuntu$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu version</span>Â 
>        <span class="label label-default">oval:ssg-test_ubuntu_focal:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu version">oval:ssg-obj_ubuntu_focal:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_CODENAME=focal$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu version</span>Â 
>        <span class="label label-default">oval:ssg-test_ubuntu_focal:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu version">oval:ssg-obj_ubuntu_focal:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_CODENAME=focal$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_unix_family:obj:1</abbr></strong> of type
>                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_unix_family:obj:1</abbr></strong> of type
>                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">/etc/lsb-release exists</span>Â 
>        <span class="label label-default">oval:ssg-test_lsb:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="check /etc/lsb-release file">oval:ssg-obj_lsb:obj:1</abbr></strong> of type
>                <strong>file_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th></tr></thead><tbody><tr><td>/etc/lsb-release</td></tr></tbody></table><h4><span class="label label-primary">/etc/lsb-release exists</span>Â 
>        <span class="label label-default">oval:ssg-test_lsb:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="check /etc/lsb-release file">oval:ssg-obj_lsb:obj:1</abbr></strong> of type
>                <strong>file_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th></tr></thead><tbody><tr><td>/etc/lsb-release</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu</span>Â 
>        <span class="label label-default">oval:ssg-test_ubuntu:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu">oval:ssg-obj_ubuntu:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_ID=Ubuntu$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu</span>Â 
>        <span class="label label-default">oval:ssg-test_ubuntu:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu">oval:ssg-obj_ubuntu:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_ID=Ubuntu$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_unix_family:obj:1</abbr></strong> of type
>                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
>        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_unix_family:obj:1</abbr></strong> of type
>                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">/etc/lsb-release exists</span>Â 
>        <span class="label label-default">oval:ssg-test_lsb:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="check /etc/lsb-release file">oval:ssg-obj_lsb:obj:1</abbr></strong> of type
>                <strong>file_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th></tr></thead><tbody><tr><td>/etc/lsb-release</td></tr></tbody></table><h4><span class="label label-primary">/etc/lsb-release exists</span>Â 
>        <span class="label label-default">oval:ssg-test_lsb:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="check /etc/lsb-release file">oval:ssg-obj_lsb:obj:1</abbr></strong> of type
>                <strong>file_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th></tr></thead><tbody><tr><td>/etc/lsb-release</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu</span>Â 
>        <span class="label label-default">oval:ssg-test_ubuntu:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu">oval:ssg-obj_ubuntu:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_ID=Ubuntu$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu</span>Â 
>        <span class="label label-default">oval:ssg-test_ubuntu:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu">oval:ssg-obj_ubuntu:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_ID=Ubuntu$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu version</span>Â 
>        <span class="label label-default">oval:ssg-test_ubuntu_focal:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu version">oval:ssg-obj_ubuntu_focal:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_CODENAME=focal$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu version</span>Â 
>        <span class="label label-default">oval:ssg-test_ubuntu_focal:tst:1</span>Â 
>        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu version">oval:ssg-obj_ubuntu_focal:obj:1</abbr></strong> of type
>                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_CODENAME=focal$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Verify if Profile set Value sshd_required as not required</span>Â 
>        <span class="label label-default">oval:ssg-test_sshd_not_required:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Var ref</th><th>Value</th></tr></thead><tbody><tr><td>oval:ssg-sshd_required:var:1</td><td>0</td></tr></tbody></table><h4><span class="label label-primary">Verify if Value of sshd_required is the default</span>Â 
>        <span class="label label-default">oval:ssg-test_sshd_requirement_unset:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Var ref</th><th>Value</th></tr></thead><tbody><tr><td>oval:ssg-sshd_required:var:1</td><td>0</td></tr></tbody></table><h4><span class="label label-primary">package openssh-server is removed</span>Â 
>        <span class="label label-default">oval:ssg-test_package_openssh-server_removed:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th><th>Arch</th><th>Epoch</th><th>Release</th><th>Version</th><th>Evr</th><th>Signature keyid</th><th>Extended name</th></tr></thead><tbody><tr><td>openssh-server</td><td>x86_64</td><td>(none)</td><td>150300.3.22.1</td><td>8.4p1</td><td>0:8.4p1-150300.3.22.1</td><td>70af9e8139db7c82</td><td>openssh-server-0:8.4p1-150300.3.22.1.x86_64</td></tr></tbody></table><h4><span class="label label-primary">Verify if Profile set Value sshd_required as required</span>Â 
>        <span class="label label-default">oval:ssg-test_sshd_required:tst:1</span>Â 
>        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Var ref</th><th>Value</th></tr></thead><tbody><tr><td>oval:ssg-sshd_required:var:1</td><td>0</td></tr></tbody></table><h4><span class="label label-primary">Verify if Value of sshd_required is the default</span>Â 
>        <span class="label label-default">oval:ssg-test_sshd_requirement_unset:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Var ref</th><th>Value</th></tr></thead><tbody><tr><td>oval:ssg-sshd_required:var:1</td><td>0</td></tr></tbody></table><h4><span class="label label-primary">package openssh-server is installed</span>Â 
>        <span class="label label-default">oval:ssg-test_package_openssh-server_installed:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th><th>Arch</th><th>Epoch</th><th>Release</th><th>Version</th><th>Evr</th><th>Signature keyid</th><th>Extended name</th></tr></thead><tbody><tr><td>openssh-server</td><td>x86_64</td><td>(none)</td><td>150300.3.22.1</td><td>8.4p1</td><td>0:8.4p1-150300.3.22.1</td><td>70af9e8139db7c82</td><td>openssh-server-0:8.4p1-150300.3.22.1.x86_64</td></tr></tbody></table><h4><span class="label label-primary">tests the value of MACs setting in the /etc/ssh/sshd_config file</span>Â 
>        <span class="label label-default">oval:ssg-test_sshd_use_approved_macs_ordered_stig:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/ssh/sshd_config</td><td>MACs hmac-sha2-512,hmac-sha2-256
></td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_file_permissions_sshd_config" id="rule-detail-id34452"><div class="keywords sr-only">Verify Permissions on SSH Server config filexccdf_org.ssgproject.content_rule_file_permissions_sshd_config mediumCCE-91306-1 </div><div class="panel-heading"><h3 class="panel-title">Verify Permissions on SSH Server config file</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_file_permissions_sshd_config</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-file_permissions_sshd_config:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:07+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
>            <abbr title="https://ncp.nist.gov/cce: CCE-91306-1">CCE-91306-1</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
>            <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">18</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.isaca.org/resources/cobit">APO01.06</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.02</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.iso.org/standard/54534.html">A.10.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.6.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.5</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-003-8 R5.1.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-003-8 R5.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-004-6 R2.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R2.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R2.2</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R2.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.1.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.1.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-17(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(1)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.DS-5</a>, <a href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">2.2.6</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a>, <a href="https://www.cisecurity.org/benchmark/suse_linux/">5.2.1</a></p></td></tr><tr><td>Description</td><td><div class="description">
>To properly set the permissions of <code>/etc/ssh/sshd_config</code>, run the command:
><pre>$ sudo chmod 0600 /etc/ssh/sshd_config</pre></div></td></tr><tr><td>Rationale</td><td><div class="rationale">Service configuration files enable or disable features of their respective
>services that if configured incorrectly can lead to insecure and vulnerable
>configurations. Therefore, service configuration files should be owned by the
>correct group to prevent unauthorized changes.</div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">Testing mode of /etc/ssh/sshd_config</span>Â 
>        <span class="label label-default">oval:ssg-test_file_permissions_sshd_config_0:tst:1</span>Â 
>        <span class="label label-success">true</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="/etc/ssh/sshd_config">oval:ssg-object_file_permissions_sshd_config_0:obj:1</abbr></strong> of type
>                <strong>file_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Filter</th><th>Filter</th></tr></thead><tbody><tr><td>/etc/ssh/sshd_config</td><td>oval:ssg-exclude_symlinks__sshd_config:ste:1</td><td>oval:ssg-state_file_permissions_sshd_config_0_mode_0600or_stricter_:ste:1</td></tr></tbody></table></div></div></div></div></div><a href="#result-details" class="btn btn-info noprint">Scroll back to the first rule</a></div><div id="rear-matter"><div class="row top-spacer-10"><div class="col-md-12 well well-lg"><div class="rear-matter">Red Hat and Red Hat Enterprise Linux are either registered
>trademarks or trademarks of Red Hat, Inc. in the United States and other
>countries. All other names are registered trademarks or trademarks of their
>respective companies.</div></div></div></div></div></div><footer id="footer"><div class="container"><p class="muted credit">
>                Generated using <a href="http://open-scap.org">OpenSCAP</a> 1.3.6</p></div></footer></body></html>

<!DOCTYPE html><html lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width, initial-scale=1"><title>xccdf_org.open-scap_testresult_xccdf_org.ssgproject.content_profile_pcs-hardening | OpenSCAP Evaluation Report</title><style>
/*!
 * Bootstrap v3.3.7 (http://getbootstrap.com)
 * Copyright 2011-2016 Twitter, Inc.
 * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE)
 */

/*!
 * Generated using the Bootstrap Customizer (https://getbootstrap.com/customize/?id=8160adef040364fa8f688f6065765caf)
 * Config saved to config.json and https://gist.github.com/8160adef040364fa8f688f6065765caf
 *//*!
 * Bootstrap v3.3.7 (http://getbootstrap.com)
 * Copyright 2011-2016 Twitter, Inc.
 * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE)
 *//*! normalize.css v3.0.3 | MIT License | github.com/necolas/normalize.css */html{font-family:sans-serif;-ms-text-size-adjust:100%;-webkit-text-size-adjust:100%}body{margin:0}article,aside,details,figcaption,figure,footer,header,hgroup,main,menu,nav,section,summary{display:block}audio,canvas,progress,video{display:inline-block;vertical-align:baseline}audio:not([controls]){display:none;height:0}[hidden],template{display:none}a{background-color:transparent}a:active,a:hover{outline:0}abbr[title]{border-bottom:1px dotted}b,strong{font-weight:bold}dfn{font-style:italic}h1{font-size:2em;margin:0.67em 0}mark{background:#ff0;color:#000}small{font-size:80%}sub,sup{font-size:75%;line-height:0;position:relative;vertical-align:baseline}sup{top:-0.5em}sub{bottom:-0.25em}img{border:0}svg:not(:root){overflow:hidden}figure{margin:1em 40px}hr{-webkit-box-sizing:content-box;-moz-box-sizing:content-box;box-sizing:content-box;height:0}pre{overflow:auto}code,kbd,pre,samp{font-family:monospace, monospace;font-size:1em}button,input,optgroup,select,textarea{color:inherit;font:inherit;margin:0}button{overflow:visible}button,select{text-transform:none}button,html input[type="button"],input[type="reset"],input[type="submit"]{-webkit-appearance:button;cursor:pointer}button[disabled],html input[disabled]{cursor:default}button::-moz-focus-inner,input::-moz-focus-inner{border:0;padding:0}input{line-height:normal}input[type="checkbox"],input[type="radio"]{-webkit-box-sizing:border-box;-moz-box-sizing:border-box;box-sizing:border-box;padding:0}input[type="number"]::-webkit-inner-spin-button,input[type="number"]::-webkit-outer-spin-button{height:auto}input[type="search"]{-webkit-appearance:textfield;-webkit-box-sizing:content-box;-moz-box-sizing:content-box;box-sizing:content-box}input[type="search"]::-webkit-search-cancel-button,input[type="search"]::-webkit-search-decoration{-webkit-appearance:none}fieldset{border:1px solid #c0c0c0;margin:0 2px;padding:0.35em 0.625em 0.75em}legend{border:0;padding:0}textarea{overflow:auto}optgroup{font-weight:bold}table{border-collapse:collapse;border-spacing:0}td,th{padding:0}/*! Source: https://github.com/h5bp/html5-boilerplate/blob/master/src/css/main.css */@media print{*,*:before,*:after{background:transparent !important;color:#000 !important;-webkit-box-shadow:none !important;box-shadow:none !important;text-shadow:none !important}a,a:visited{text-decoration:underline}a[href^="#"]:after,a[href^="javascript:"]:after{content:""}pre,blockquote{border:1px solid #999;page-break-inside:avoid}thead{display:table-header-group}tr,img{page-break-inside:avoid}img{max-width:100% !important}p,h2,h3{orphans:3;widows:3}h2,h3{page-break-after:avoid}.navbar{display:none}.btn>.caret,.dropup>.btn>.caret{border-top-color:#000 !important}.label{border:1px solid #000}.table{border-collapse:collapse !important}.table td,.table th{background-color:#fff !important}.table-bordered th,.table-bordered td{border:1px solid #ddd !important}}*{-webkit-box-sizing:border-box;-moz-box-sizing:border-box;box-sizing:border-box}*:before,*:after{-webkit-box-sizing:border-box;-moz-box-sizing:border-box;box-sizing:border-box}html{font-size:10px;-webkit-tap-highlight-color:rgba(0,0,0,0)}body{font-family:"Helvetica Neue",Helvetica,Arial,sans-serif;font-size:14px;line-height:1.42857143;color:#333;background-color:#fff}input,button,select,textarea{font-family:inherit;font-size:inherit;line-height:inherit}a{color:#428bca;text-decoration:none}a:hover,a:focus{color:#2a6496;text-decoration:underline}a:focus{outline:5px auto -webkit-focus-ring-color;outline-offset:-2px}figure{margin:0}img{vertical-align:middle}.img-responsive{display:block;max-width:100%;height:auto}.img-rounded{border-radius:6px}.img-thumbnail{padding:4px;line-height:1.42857143;background-color:#fff;border:1px solid #ddd;border-radius:4px;-webkit-transition:all .2s ease-in-out;-o-transition:all .2s ease-in-out;transition:all .2s ease-in-out;display:inline-block;max-width:100%;height:auto}.img-circle{border-radius:50%}hr{margin-top:20px;margin-bottom:20px;border:0;border-top:1px solid #eee}.sr-only{position:absolute;width:1px;height:1px;margin:-1px;padding:0;overflow:hidden;clip:rect(0, 0, 0, 0);border:0}.sr-only-focusable:active,.sr-only-focusable:focus{position:static;width:auto;height:auto;margin:0;overflow:visible;clip:auto}[role="button"]{cursor:pointer}h1,h2,h3,h4,h5,h6,.h1,.h2,.h3,.h4,.h5,.h6{font-family:inherit;font-weight:500;line-height:1.1;color:inherit}h1 small,h2 small,h3 small,h4 small,h5 small,h6 small,.h1 small,.h2 small,.h3 small,.h4 small,.h5 small,.h6 small,h1 .small,h2 .small,h3 .small,h4 .small,h5 .small,h6 .small,.h1 .small,.h2 .small,.h3 .small,.h4 .small,.h5 .small,.h6 .small{font-weight:normal;line-height:1;color:#777}h1,.h1,h2,.h2,h3,.h3{margin-top:20px;margin-bottom:10px}h1 small,.h1 small,h2 small,.h2 small,h3 small,.h3 small,h1 .small,.h1 .small,h2 .small,.h2 .small,h3 .small,.h3 .small{font-size:65%}h4,.h4,h5,.h5,h6,.h6{margin-top:10px;margin-bottom:10px}h4 small,.h4 small,h5 small,.h5 small,h6 small,.h6 small,h4 .small,.h4 .small,h5 .small,.h5 .small,h6 .small,.h6 .small{font-size:75%}h1,.h1{font-size:36px}h2,.h2{font-size:30px}h3,.h3{font-size:24px}h4,.h4{font-size:18px}h5,.h5{font-size:14px}h6,.h6{font-size:12px}p{margin:0 0 10px}.lead{margin-bottom:20px;font-size:16px;font-weight:300;line-height:1.4}@media (min-width:768px){.lead{font-size:21px}}small,.small{font-size:85%}mark,.mark{background-color:#fcf8e3;padding:.2em}.text-left{text-align:left}.text-right{text-align:right}.text-center{text-align:center}.text-justify{text-align:justify}.text-nowrap{white-space:nowrap}.text-lowercase{text-transform:lowercase}.text-uppercase{text-transform:uppercase}.text-capitalize{text-transform:capitalize}.text-muted{color:#777}.text-primary{color:#428bca}a.text-primary:hover,a.text-primary:focus{color:#3071a9}.text-success{color:#3c763d}a.text-success:hover,a.text-success:focus{color:#2b542c}.text-info{color:#31708f}a.text-info:hover,a.text-info:focus{color:#245269}.text-warning{color:#8a6d3b}a.text-warning:hover,a.text-warning:focus{color:#66512c}.text-danger{color:#a94442}a.text-danger:hover,a.text-danger:focus{color:#843534}.bg-primary{color:#fff;background-color:#428bca}a.bg-primary:hover,a.bg-primary:focus{background-color:#3071a9}.bg-success{background-color:#dff0d8}a.bg-success:hover,a.bg-success:focus{background-color:#c1e2b3}.bg-info{background-color:#d9edf7}a.bg-info:hover,a.bg-info:focus{background-color:#afd9ee}.bg-warning{background-color:#fcf8e3}a.bg-warning:hover,a.bg-warning:focus{background-color:#f7ecb5}.bg-danger{background-color:#f2dede}a.bg-danger:hover,a.bg-danger:focus{background-color:#e4b9b9}.page-header{padding-bottom:9px;margin:40px 0 20px;border-bottom:1px solid #eee}ul,ol{margin-top:0;margin-bottom:10px}ul ul,ol ul,ul ol,ol ol{margin-bottom:0}.list-unstyled{padding-left:0;list-style:none}.list-inline{padding-left:0;list-style:none;margin-left:-5px}.list-inline>li{display:inline-block;padding-left:5px;padding-right:5px}dl{margin-top:0;margin-bottom:20px}dt,dd{line-height:1.42857143}dt{font-weight:bold}dd{margin-left:0}@media (min-width:768px){.dl-horizontal dt{float:left;width:160px;clear:left;text-align:right;overflow:hidden;text-overflow:ellipsis;white-space:nowrap}.dl-horizontal dd{margin-left:180px}}abbr[title],abbr[data-original-title]{cursor:help;border-bottom:1px dotted #777}.initialism{font-size:90%;text-transform:uppercase}blockquote{padding:10px 20px;margin:0 0 20px;font-size:17.5px;border-left:5px solid #eee}blockquote p:last-child,blockquote ul:last-child,blockquote ol:last-child{margin-bottom:0}blockquote footer,blockquote small,blockquote .small{display:block;font-size:80%;line-height:1.42857143;color:#777}blockquote footer:before,blockquote small:before,blockquote .small:before{content:'\2014 \00A0'}.blockquote-reverse,blockquote.pull-right{padding-right:15px;padding-left:0;border-right:5px solid #eee;border-left:0;text-align:right}.blockquote-reverse footer:before,blockquote.pull-right footer:before,.blockquote-reverse small:before,blockquote.pull-right small:before,.blockquote-reverse .small:before,blockquote.pull-right .small:before{content:''}.blockquote-reverse footer:after,blockquote.pull-right footer:after,.blockquote-reverse small:after,blockquote.pull-right small:after,.blockquote-reverse .small:after,blockquote.pull-right .small:after{content:'\00A0 \2014'}address{margin-bottom:20px;font-style:normal;line-height:1.42857143}code,kbd,pre,samp{font-family:Menlo,Monaco,Consolas,"Courier New",monospace}code{padding:2px 4px;font-size:90%;color:#c7254e;background-color:#f9f2f4;border-radius:4px}kbd{padding:2px 4px;font-size:90%;color:#fff;background-color:#333;border-radius:3px;-webkit-box-shadow:inset 0 -1px 0 rgba(0,0,0,0.25);box-shadow:inset 0 -1px 0 rgba(0,0,0,0.25)}kbd kbd{padding:0;font-size:100%;font-weight:bold;-webkit-box-shadow:none;box-shadow:none}pre{display:block;padding:9.5px;margin:0 0 10px;font-size:13px;line-height:1.42857143;word-break:break-all;word-wrap:break-word;color:#333;background-color:#f5f5f5;border:1px solid #ccc;border-radius:4px}pre code{padding:0;font-size:inherit;color:inherit;white-space:pre-wrap;background-color:transparent;border-radius:0}.pre-scrollable{max-height:340px;overflow-y:scroll}.container{margin-right:auto;margin-left:auto;padding-left:15px;padding-right:15px}@media (min-width:768px){.container{width:750px}}@media (min-width:992px){.container{width:970px}}@media (min-width:1200px){.container{width:1170px}}.container-fluid{margin-right:auto;margin-left:auto;padding-left:15px;padding-right:15px}.row{margin-left:-15px;margin-right:-15px}.col-xs-1, .col-sm-1, .col-md-1, .col-lg-1, .col-xs-2, .col-sm-2, .col-md-2, .col-lg-2, .col-xs-3, .col-sm-3, .col-md-3, .col-lg-3, .col-xs-4, .col-sm-4, .col-md-4, .col-lg-4, .col-xs-5, .col-sm-5, .col-md-5, .col-lg-5, .col-xs-6, .col-sm-6, .col-md-6, .col-lg-6, .col-xs-7, .col-sm-7, .col-md-7, .col-lg-7, .col-xs-8, .col-sm-8, .col-md-8, .col-lg-8, .col-xs-9, .col-sm-9, .col-md-9, .col-lg-9, .col-xs-10, .col-sm-10, .col-md-10, .col-lg-10, .col-xs-11, .col-sm-11, .col-md-11, .col-lg-11, .col-xs-12, .col-sm-12, .col-md-12, .col-lg-12{position:relative;min-height:1px;padding-left:15px;padding-right:15px}.col-xs-1, .col-xs-2, .col-xs-3, .col-xs-4, .col-xs-5, .col-xs-6, .col-xs-7, .col-xs-8, .col-xs-9, .col-xs-10, .col-xs-11, .col-xs-12{float:left}.col-xs-12{width:100%}.col-xs-11{width:91.66666667%}.col-xs-10{width:83.33333333%}.col-xs-9{width:75%}.col-xs-8{width:66.66666667%}.col-xs-7{width:58.33333333%}.col-xs-6{width:50%}.col-xs-5{width:41.66666667%}.col-xs-4{width:33.33333333%}.col-xs-3{width:25%}.col-xs-2{width:16.66666667%}.col-xs-1{width:8.33333333%}.col-xs-pull-12{right:100%}.col-xs-pull-11{right:91.66666667%}.col-xs-pull-10{right:83.33333333%}.col-xs-pull-9{right:75%}.col-xs-pull-8{right:66.66666667%}.col-xs-pull-7{right:58.33333333%}.col-xs-pull-6{right:50%}.col-xs-pull-5{right:41.66666667%}.col-xs-pull-4{right:33.33333333%}.col-xs-pull-3{right:25%}.col-xs-pull-2{right:16.66666667%}.col-xs-pull-1{right:8.33333333%}.col-xs-pull-0{right:auto}.col-xs-push-12{left:100%}.col-xs-push-11{left:91.66666667%}.col-xs-push-10{left:83.33333333%}.col-xs-push-9{left:75%}.col-xs-push-8{left:66.66666667%}.col-xs-push-7{left:58.33333333%}.col-xs-push-6{left:50%}.col-xs-push-5{left:41.66666667%}.col-xs-push-4{left:33.33333333%}.col-xs-push-3{left:25%}.col-xs-push-2{left:16.66666667%}.col-xs-push-1{left:8.33333333%}.col-xs-push-0{left:auto}.col-xs-offset-12{margin-left:100%}.col-xs-offset-11{margin-left:91.66666667%}.col-xs-offset-10{margin-left:83.33333333%}.col-xs-offset-9{margin-left:75%}.col-xs-offset-8{margin-left:66.66666667%}.col-xs-offset-7{margin-left:58.33333333%}.col-xs-offset-6{margin-left:50%}.col-xs-offset-5{margin-left:41.66666667%}.col-xs-offset-4{margin-left:33.33333333%}.col-xs-offset-3{margin-left:25%}.col-xs-offset-2{margin-left:16.66666667%}.col-xs-offset-1{margin-left:8.33333333%}.col-xs-offset-0{margin-left:0}@media (min-width:768px){.col-sm-1, .col-sm-2, .col-sm-3, .col-sm-4, .col-sm-5, .col-sm-6, .col-sm-7, .col-sm-8, .col-sm-9, .col-sm-10, .col-sm-11, .col-sm-12{float:left}.col-sm-12{width:100%}.col-sm-11{width:91.66666667%}.col-sm-10{width:83.33333333%}.col-sm-9{width:75%}.col-sm-8{width:66.66666667%}.col-sm-7{width:58.33333333%}.col-sm-6{width:50%}.col-sm-5{width:41.66666667%}.col-sm-4{width:33.33333333%}.col-sm-3{width:25%}.col-sm-2{width:16.66666667%}.col-sm-1{width:8.33333333%}.col-sm-pull-12{right:100%}.col-sm-pull-11{right:91.66666667%}.col-sm-pull-10{right:83.33333333%}.col-sm-pull-9{right:75%}.col-sm-pull-8{right:66.66666667%}.col-sm-pull-7{right:58.33333333%}.col-sm-pull-6{right:50%}.col-sm-pull-5{right:41.66666667%}.col-sm-pull-4{right:33.33333333%}.col-sm-pull-3{right:25%}.col-sm-pull-2{right:16.66666667%}.col-sm-pull-1{right:8.33333333%}.col-sm-pull-0{right:auto}.col-sm-push-12{left:100%}.col-sm-push-11{left:91.66666667%}.col-sm-push-10{left:83.33333333%}.col-sm-push-9{left:75%}.col-sm-push-8{left:66.66666667%}.col-sm-push-7{left:58.33333333%}.col-sm-push-6{left:50%}.col-sm-push-5{left:41.66666667%}.col-sm-push-4{left:33.33333333%}.col-sm-push-3{left:25%}.col-sm-push-2{left:16.66666667%}.col-sm-push-1{left:8.33333333%}.col-sm-push-0{left:auto}.col-sm-offset-12{margin-left:100%}.col-sm-offset-11{margin-left:91.66666667%}.col-sm-offset-10{margin-left:83.33333333%}.col-sm-offset-9{margin-left:75%}.col-sm-offset-8{margin-left:66.66666667%}.col-sm-offset-7{margin-left:58.33333333%}.col-sm-offset-6{margin-left:50%}.col-sm-offset-5{margin-left:41.66666667%}.col-sm-offset-4{margin-left:33.33333333%}.col-sm-offset-3{margin-left:25%}.col-sm-offset-2{margin-left:16.66666667%}.col-sm-offset-1{margin-left:8.33333333%}.col-sm-offset-0{margin-left:0}}@media (min-width:992px){.col-md-1, .col-md-2, .col-md-3, .col-md-4, .col-md-5, .col-md-6, .col-md-7, .col-md-8, .col-md-9, .col-md-10, .col-md-11, .col-md-12{float:left}.col-md-12{width:100%}.col-md-11{width:91.66666667%}.col-md-10{width:83.33333333%}.col-md-9{width:75%}.col-md-8{width:66.66666667%}.col-md-7{width:58.33333333%}.col-md-6{width:50%}.col-md-5{width:41.66666667%}.col-md-4{width:33.33333333%}.col-md-3{width:25%}.col-md-2{width:16.66666667%}.col-md-1{width:8.33333333%}.col-md-pull-12{right:100%}.col-md-pull-11{right:91.66666667%}.col-md-pull-10{right:83.33333333%}.col-md-pull-9{right:75%}.col-md-pull-8{right:66.66666667%}.col-md-pull-7{right:58.33333333%}.col-md-pull-6{right:50%}.col-md-pull-5{right:41.66666667%}.col-md-pull-4{right:33.33333333%}.col-md-pull-3{right:25%}.col-md-pull-2{right:16.66666667%}.col-md-pull-1{right:8.33333333%}.col-md-pull-0{right:auto}.col-md-push-12{left:100%}.col-md-push-11{left:91.66666667%}.col-md-push-10{left:83.33333333%}.col-md-push-9{left:75%}.col-md-push-8{left:66.66666667%}.col-md-push-7{left:58.33333333%}.col-md-push-6{left:50%}.col-md-push-5{left:41.66666667%}.col-md-push-4{left:33.33333333%}.col-md-push-3{left:25%}.col-md-push-2{left:16.66666667%}.col-md-push-1{left:8.33333333%}.col-md-push-0{left:auto}.col-md-offset-12{margin-left:100%}.col-md-offset-11{margin-left:91.66666667%}.col-md-offset-10{margin-left:83.33333333%}.col-md-offset-9{margin-left:75%}.col-md-offset-8{margin-left:66.66666667%}.col-md-offset-7{margin-left:58.33333333%}.col-md-offset-6{margin-left:50%}.col-md-offset-5{margin-left:41.66666667%}.col-md-offset-4{margin-left:33.33333333%}.col-md-offset-3{margin-left:25%}.col-md-offset-2{margin-left:16.66666667%}.col-md-offset-1{margin-left:8.33333333%}.col-md-offset-0{margin-left:0}}@media (min-width:1200px){.col-lg-1, .col-lg-2, .col-lg-3, .col-lg-4, .col-lg-5, .col-lg-6, .col-lg-7, .col-lg-8, .col-lg-9, .col-lg-10, .col-lg-11, .col-lg-12{float:left}.col-lg-12{width:100%}.col-lg-11{width:91.66666667%}.col-lg-10{width:83.33333333%}.col-lg-9{width:75%}.col-lg-8{width:66.66666667%}.col-lg-7{width:58.33333333%}.col-lg-6{width:50%}.col-lg-5{width:41.66666667%}.col-lg-4{width:33.33333333%}.col-lg-3{width:25%}.col-lg-2{width:16.66666667%}.col-lg-1{width:8.33333333%}.col-lg-pull-12{right:100%}.col-lg-pull-11{right:91.66666667%}.col-lg-pull-10{right:83.33333333%}.col-lg-pull-9{right:75%}.col-lg-pull-8{right:66.66666667%}.col-lg-pull-7{right:58.33333333%}.col-lg-pull-6{right:50%}.col-lg-pull-5{right:41.66666667%}.col-lg-pull-4{right:33.33333333%}.col-lg-pull-3{right:25%}.col-lg-pull-2{right:16.66666667%}.col-lg-pull-1{right:8.33333333%}.col-lg-pull-0{right:auto}.col-lg-push-12{left:100%}.col-lg-push-11{left:91.66666667%}.col-lg-push-10{left:83.33333333%}.col-lg-push-9{left:75%}.col-lg-push-8{left:66.66666667%}.col-lg-push-7{left:58.33333333%}.col-lg-push-6{left:50%}.col-lg-push-5{left:41.66666667%}.col-lg-push-4{left:33.33333333%}.col-lg-push-3{left:25%}.col-lg-push-2{left:16.66666667%}.col-lg-push-1{left:8.33333333%}.col-lg-push-0{left:auto}.col-lg-offset-12{margin-left:100%}.col-lg-offset-11{margin-left:91.66666667%}.col-lg-offset-10{margin-left:83.33333333%}.col-lg-offset-9{margin-left:75%}.col-lg-offset-8{margin-left:66.66666667%}.col-lg-offset-7{margin-left:58.33333333%}.col-lg-offset-6{margin-left:50%}.col-lg-offset-5{margin-left:41.66666667%}.col-lg-offset-4{margin-left:33.33333333%}.col-lg-offset-3{margin-left:25%}.col-lg-offset-2{margin-left:16.66666667%}.col-lg-offset-1{margin-left:8.33333333%}.col-lg-offset-0{margin-left:0}}table{background-color:transparent}caption{padding-top:8px;padding-bottom:8px;color:#777;text-align:left}th{text-align:left}.table{width:100%;max-width:100%;margin-bottom:20px}.table>thead>tr>th,.table>tbody>tr>th,.table>tfoot>tr>th,.table>thead>tr>td,.table>tbody>tr>td,.table>tfoot>tr>td{padding:8px;line-height:1.42857143;vertical-align:top;border-top:1px solid #ddd}.table>thead>tr>th{vertical-align:bottom;border-bottom:2px solid #ddd}.table>caption+thead>tr:first-child>th,.table>colgroup+thead>tr:first-child>th,.table>thead:first-child>tr:first-child>th,.table>caption+thead>tr:first-child>td,.table>colgroup+thead>tr:first-child>td,.table>thead:first-child>tr:first-child>td{border-top:0}.table>tbody+tbody{border-top:2px solid #ddd}.table .table{background-color:#fff}.table-condensed>thead>tr>th,.table-condensed>tbody>tr>th,.table-condensed>tfoot>tr>th,.table-condensed>thead>tr>td,.table-condensed>tbody>tr>td,.table-condensed>tfoot>tr>td{padding:5px}.table-bordered{border:1px solid #ddd}.table-bordered>thead>tr>th,.table-bordered>tbody>tr>th,.table-bordered>tfoot>tr>th,.table-bordered>thead>tr>td,.table-bordered>tbody>tr>td,.table-bordered>tfoot>tr>td{border:1px solid #ddd}.table-bordered>thead>tr>th,.table-bordered>thead>tr>td{border-bottom-width:2px}.table-striped>tbody>tr:nth-of-type(odd){background-color:#f9f9f9}.table-hover>tbody>tr:hover{background-color:#f5f5f5}table col[class*="col-"]{position:static;float:none;display:table-column}table td[class*="col-"],table th[class*="col-"]{position:static;float:none;display:table-cell}.table>thead>tr>td.active,.table>tbody>tr>td.active,.table>tfoot>tr>td.active,.table>thead>tr>th.active,.table>tbody>tr>th.active,.table>tfoot>tr>th.active,.table>thead>tr.active>td,.table>tbody>tr.active>td,.table>tfoot>tr.active>td,.table>thead>tr.active>th,.table>tbody>tr.active>th,.table>tfoot>tr.active>th{background-color:#f5f5f5}.table-hover>tbody>tr>td.active:hover,.table-hover>tbody>tr>th.active:hover,.table-hover>tbody>tr.active:hover>td,.table-hover>tbody>tr:hover>.active,.table-hover>tbody>tr.active:hover>th{background-color:#e8e8e8}.table>thead>tr>td.success,.table>tbody>tr>td.success,.table>tfoot>tr>td.success,.table>thead>tr>th.success,.table>tbody>tr>th.success,.table>tfoot>tr>th.success,.table>thead>tr.success>td,.table>tbody>tr.success>td,.table>tfoot>tr.success>td,.table>thead>tr.success>th,.table>tbody>tr.success>th,.table>tfoot>tr.success>th{background-color:#dff0d8}.table-hover>tbody>tr>td.success:hover,.table-hover>tbody>tr>th.success:hover,.table-hover>tbody>tr.success:hover>td,.table-hover>tbody>tr:hover>.success,.table-hover>tbody>tr.success:hover>th{background-color:#d0e9c6}.table>thead>tr>td.info,.table>tbody>tr>td.info,.table>tfoot>tr>td.info,.table>thead>tr>th.info,.table>tbody>tr>th.info,.table>tfoot>tr>th.info,.table>thead>tr.info>td,.table>tbody>tr.info>td,.table>tfoot>tr.info>td,.table>thead>tr.info>th,.table>tbody>tr.info>th,.table>tfoot>tr.info>th{background-color:#d9edf7}.table-hover>tbody>tr>td.info:hover,.table-hover>tbody>tr>th.info:hover,.table-hover>tbody>tr.info:hover>td,.table-hover>tbody>tr:hover>.info,.table-hover>tbody>tr.info:hover>th{background-color:#c4e3f3}.table>thead>tr>td.warning,.table>tbody>tr>td.warning,.table>tfoot>tr>td.warning,.table>thead>tr>th.warning,.table>tbody>tr>th.warning,.table>tfoot>tr>th.warning,.table>thead>tr.warning>td,.table>tbody>tr.warning>td,.table>tfoot>tr.warning>td,.table>thead>tr.warning>th,.table>tbody>tr.warning>th,.table>tfoot>tr.warning>th{background-color:#fcf8e3}.table-hover>tbody>tr>td.warning:hover,.table-hover>tbody>tr>th.warning:hover,.table-hover>tbody>tr.warning:hover>td,.table-hover>tbody>tr:hover>.warning,.table-hover>tbody>tr.warning:hover>th{background-color:#faf2cc}.table>thead>tr>td.danger,.table>tbody>tr>td.danger,.table>tfoot>tr>td.danger,.table>thead>tr>th.danger,.table>tbody>tr>th.danger,.table>tfoot>tr>th.danger,.table>thead>tr.danger>td,.table>tbody>tr.danger>td,.table>tfoot>tr.danger>td,.table>thead>tr.danger>th,.table>tbody>tr.danger>th,.table>tfoot>tr.danger>th{background-color:#f2dede}.table-hover>tbody>tr>td.danger:hover,.table-hover>tbody>tr>th.danger:hover,.table-hover>tbody>tr.danger:hover>td,.table-hover>tbody>tr:hover>.danger,.table-hover>tbody>tr.danger:hover>th{background-color:#ebcccc}.table-responsive{overflow-x:auto;min-height:0.01%}@media screen and (max-width:767px){.table-responsive{width:100%;margin-bottom:15px;overflow-y:hidden;-ms-overflow-style:-ms-autohiding-scrollbar;border:1px solid #ddd}.table-responsive>.table{margin-bottom:0}.table-responsive>.table>thead>tr>th,.table-responsive>.table>tbody>tr>th,.table-responsive>.table>tfoot>tr>th,.table-responsive>.table>thead>tr>td,.table-responsive>.table>tbody>tr>td,.table-responsive>.table>tfoot>tr>td{white-space:nowrap}.table-responsive>.table-bordered{border:0}.table-responsive>.table-bordered>thead>tr>th:first-child,.table-responsive>.table-bordered>tbody>tr>th:first-child,.table-responsive>.table-bordered>tfoot>tr>th:first-child,.table-responsive>.table-bordered>thead>tr>td:first-child,.table-responsive>.table-bordered>tbody>tr>td:first-child,.table-responsive>.table-bordered>tfoot>tr>td:first-child{border-left:0}.table-responsive>.table-bordered>thead>tr>th:last-child,.table-responsive>.table-bordered>tbody>tr>th:last-child,.table-responsive>.table-bordered>tfoot>tr>th:last-child,.table-responsive>.table-bordered>thead>tr>td:last-child,.table-responsive>.table-bordered>tbody>tr>td:last-child,.table-responsive>.table-bordered>tfoot>tr>td:last-child{border-right:0}.table-responsive>.table-bordered>tbody>tr:last-child>th,.table-responsive>.table-bordered>tfoot>tr:last-child>th,.table-responsive>.table-bordered>tbody>tr:last-child>td,.table-responsive>.table-bordered>tfoot>tr:last-child>td{border-bottom:0}}fieldset{padding:0;margin:0;border:0;min-width:0}legend{display:block;width:100%;padding:0;margin-bottom:20px;font-size:21px;line-height:inherit;color:#333;border:0;border-bottom:1px solid #e5e5e5}label{display:inline-block;max-width:100%;margin-bottom:5px;font-weight:bold}input[type="search"]{-webkit-box-sizing:border-box;-moz-box-sizing:border-box;box-sizing:border-box}input[type="radio"],input[type="checkbox"]{margin:4px 0 0;margin-top:1px \9;line-height:normal}input[type="file"]{display:block}input[type="range"]{display:block;width:100%}select[multiple],select[size]{height:auto}input[type="file"]:focus,input[type="radio"]:focus,input[type="checkbox"]:focus{outline:5px auto -webkit-focus-ring-color;outline-offset:-2px}output{display:block;padding-top:7px;font-size:14px;line-height:1.42857143;color:#555}.form-control{display:block;width:100%;height:34px;padding:6px 12px;font-size:14px;line-height:1.42857143;color:#555;background-color:#fff;background-image:none;border:1px solid #ccc;border-radius:4px;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,0.075);box-shadow:inset 0 1px 1px rgba(0,0,0,0.075);-webkit-transition:border-color ease-in-out .15s, -webkit-box-shadow ease-in-out .15s;-o-transition:border-color ease-in-out .15s, box-shadow ease-in-out .15s;transition:border-color ease-in-out .15s, box-shadow ease-in-out .15s}.form-control:focus{border-color:#66afe9;outline:0;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,.075), 0 0 8px rgba(102, 175, 233, 0.6);box-shadow:inset 0 1px 1px rgba(0,0,0,.075), 0 0 8px rgba(102, 175, 233, 0.6)}.form-control::-moz-placeholder{color:#777;opacity:1}.form-control:-ms-input-placeholder{color:#777}.form-control::-webkit-input-placeholder{color:#777}.form-control::-ms-expand{border:0;background-color:transparent}.form-control[disabled],.form-control[readonly],fieldset[disabled] .form-control{background-color:#eee;opacity:1}.form-control[disabled],fieldset[disabled] .form-control{cursor:not-allowed}textarea.form-control{height:auto}input[type="search"]{-webkit-appearance:none}@media screen and (-webkit-min-device-pixel-ratio:0){input[type="date"].form-control,input[type="time"].form-control,input[type="datetime-local"].form-control,input[type="month"].form-control{line-height:34px}input[type="date"].input-sm,input[type="time"].input-sm,input[type="datetime-local"].input-sm,input[type="month"].input-sm,.input-group-sm input[type="date"],.input-group-sm input[type="time"],.input-group-sm input[type="datetime-local"],.input-group-sm input[type="month"]{line-height:30px}input[type="date"].input-lg,input[type="time"].input-lg,input[type="datetime-local"].input-lg,input[type="month"].input-lg,.input-group-lg input[type="date"],.input-group-lg input[type="time"],.input-group-lg input[type="datetime-local"],.input-group-lg input[type="month"]{line-height:46px}}.form-group{margin-bottom:15px}.radio,.checkbox{position:relative;display:block;margin-top:10px;margin-bottom:10px}.radio label,.checkbox label{min-height:20px;padding-left:20px;margin-bottom:0;font-weight:normal;cursor:pointer}.radio input[type="radio"],.radio-inline input[type="radio"],.checkbox input[type="checkbox"],.checkbox-inline input[type="checkbox"]{position:absolute;margin-left:-20px;margin-top:4px \9}.radio+.radio,.checkbox+.checkbox{margin-top:-5px}.radio-inline,.checkbox-inline{position:relative;display:inline-block;padding-left:20px;margin-bottom:0;vertical-align:middle;font-weight:normal;cursor:pointer}.radio-inline+.radio-inline,.checkbox-inline+.checkbox-inline{margin-top:0;margin-left:10px}input[type="radio"][disabled],input[type="checkbox"][disabled],input[type="radio"].disabled,input[type="checkbox"].disabled,fieldset[disabled] input[type="radio"],fieldset[disabled] input[type="checkbox"]{cursor:not-allowed}.radio-inline.disabled,.checkbox-inline.disabled,fieldset[disabled] .radio-inline,fieldset[disabled] .checkbox-inline{cursor:not-allowed}.radio.disabled label,.checkbox.disabled label,fieldset[disabled] .radio label,fieldset[disabled] .checkbox label{cursor:not-allowed}.form-control-static{padding-top:7px;padding-bottom:7px;margin-bottom:0;min-height:34px}.form-control-static.input-lg,.form-control-static.input-sm{padding-left:0;padding-right:0}.input-sm{height:30px;padding:5px 10px;font-size:12px;line-height:1.5;border-radius:3px}select.input-sm{height:30px;line-height:30px}textarea.input-sm,select[multiple].input-sm{height:auto}.form-group-sm .form-control{height:30px;padding:5px 10px;font-size:12px;line-height:1.5;border-radius:3px}.form-group-sm select.form-control{height:30px;line-height:30px}.form-group-sm textarea.form-control,.form-group-sm select[multiple].form-control{height:auto}.form-group-sm .form-control-static{height:30px;min-height:32px;padding:6px 10px;font-size:12px;line-height:1.5}.input-lg{height:46px;padding:10px 16px;font-size:18px;line-height:1.33;border-radius:6px}select.input-lg{height:46px;line-height:46px}textarea.input-lg,select[multiple].input-lg{height:auto}.form-group-lg .form-control{height:46px;padding:10px 16px;font-size:18px;line-height:1.33;border-radius:6px}.form-group-lg select.form-control{height:46px;line-height:46px}.form-group-lg textarea.form-control,.form-group-lg select[multiple].form-control{height:auto}.form-group-lg .form-control-static{height:46px;min-height:38px;padding:11px 16px;font-size:18px;line-height:1.33}.has-feedback{position:relative}.has-feedback .form-control{padding-right:42.5px}.form-control-feedback{position:absolute;top:0;right:0;z-index:2;display:block;width:34px;height:34px;line-height:34px;text-align:center;pointer-events:none}.input-lg+.form-control-feedback,.input-group-lg+.form-control-feedback,.form-group-lg .form-control+.form-control-feedback{width:46px;height:46px;line-height:46px}.input-sm+.form-control-feedback,.input-group-sm+.form-control-feedback,.form-group-sm .form-control+.form-control-feedback{width:30px;height:30px;line-height:30px}.has-success .help-block,.has-success .control-label,.has-success .radio,.has-success .checkbox,.has-success .radio-inline,.has-success .checkbox-inline,.has-success.radio label,.has-success.checkbox label,.has-success.radio-inline label,.has-success.checkbox-inline label{color:#3c763d}.has-success .form-control{border-color:#3c763d;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,0.075);box-shadow:inset 0 1px 1px rgba(0,0,0,0.075)}.has-success .form-control:focus{border-color:#2b542c;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,0.075),0 0 6px #67b168;box-shadow:inset 0 1px 1px rgba(0,0,0,0.075),0 0 6px #67b168}.has-success .input-group-addon{color:#3c763d;border-color:#3c763d;background-color:#dff0d8}.has-success .form-control-feedback{color:#3c763d}.has-warning .help-block,.has-warning .control-label,.has-warning .radio,.has-warning .checkbox,.has-warning .radio-inline,.has-warning .checkbox-inline,.has-warning.radio label,.has-warning.checkbox label,.has-warning.radio-inline label,.has-warning.checkbox-inline label{color:#8a6d3b}.has-warning .form-control{border-color:#8a6d3b;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,0.075);box-shadow:inset 0 1px 1px rgba(0,0,0,0.075)}.has-warning .form-control:focus{border-color:#66512c;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,0.075),0 0 6px #c0a16b;box-shadow:inset 0 1px 1px rgba(0,0,0,0.075),0 0 6px #c0a16b}.has-warning .input-group-addon{color:#8a6d3b;border-color:#8a6d3b;background-color:#fcf8e3}.has-warning .form-control-feedback{color:#8a6d3b}.has-error .help-block,.has-error .control-label,.has-error .radio,.has-error .checkbox,.has-error .radio-inline,.has-error .checkbox-inline,.has-error.radio label,.has-error.checkbox label,.has-error.radio-inline label,.has-error.checkbox-inline label{color:#a94442}.has-error .form-control{border-color:#a94442;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,0.075);box-shadow:inset 0 1px 1px rgba(0,0,0,0.075)}.has-error .form-control:focus{border-color:#843534;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,0.075),0 0 6px #ce8483;box-shadow:inset 0 1px 1px rgba(0,0,0,0.075),0 0 6px #ce8483}.has-error .input-group-addon{color:#a94442;border-color:#a94442;background-color:#f2dede}.has-error .form-control-feedback{color:#a94442}.has-feedback label~.form-control-feedback{top:25px}.has-feedback label.sr-only~.form-control-feedback{top:0}.help-block{display:block;margin-top:5px;margin-bottom:10px;color:#737373}@media (min-width:768px){.form-inline .form-group{display:inline-block;margin-bottom:0;vertical-align:middle}.form-inline .form-control{display:inline-block;width:auto;vertical-align:middle}.form-inline .form-control-static{display:inline-block}.form-inline .input-group{display:inline-table;vertical-align:middle}.form-inline .input-group .input-group-addon,.form-inline .input-group .input-group-btn,.form-inline .input-group .form-control{width:auto}.form-inline .input-group>.form-control{width:100%}.form-inline .control-label{margin-bottom:0;vertical-align:middle}.form-inline .radio,.form-inline .checkbox{display:inline-block;margin-top:0;margin-bottom:0;vertical-align:middle}.form-inline .radio label,.form-inline .checkbox label{padding-left:0}.form-inline .radio input[type="radio"],.form-inline .checkbox input[type="checkbox"]{position:relative;margin-left:0}.form-inline .has-feedback .form-control-feedback{top:0}}.form-horizontal .radio,.form-horizontal .checkbox,.form-horizontal .radio-inline,.form-horizontal .checkbox-inline{margin-top:0;margin-bottom:0;padding-top:7px}.form-horizontal .radio,.form-horizontal .checkbox{min-height:27px}.form-horizontal .form-group{margin-left:-15px;margin-right:-15px}@media (min-width:768px){.form-horizontal .control-label{text-align:right;margin-bottom:0;padding-top:7px}}.form-horizontal .has-feedback .form-control-feedback{right:15px}@media (min-width:768px){.form-horizontal .form-group-lg .control-label{padding-top:11px;font-size:18px}}@media (min-width:768px){.form-horizontal .form-group-sm .control-label{padding-top:6px;font-size:12px}}.btn{display:inline-block;margin-bottom:0;font-weight:normal;text-align:center;vertical-align:middle;-ms-touch-action:manipulation;touch-action:manipulation;cursor:pointer;background-image:none;border:1px solid transparent;white-space:nowrap;padding:6px 12px;font-size:14px;line-height:1.42857143;border-radius:4px;-webkit-user-select:none;-moz-user-select:none;-ms-user-select:none;user-select:none}.btn:focus,.btn:active:focus,.btn.active:focus,.btn.focus,.btn:active.focus,.btn.active.focus{outline:5px auto -webkit-focus-ring-color;outline-offset:-2px}.btn:hover,.btn:focus,.btn.focus{color:#333;text-decoration:none}.btn:active,.btn.active{outline:0;background-image:none;-webkit-box-shadow:inset 0 3px 5px rgba(0,0,0,0.125);box-shadow:inset 0 3px 5px rgba(0,0,0,0.125)}.btn.disabled,.btn[disabled],fieldset[disabled] .btn{cursor:not-allowed;opacity:.65;filter:alpha(opacity=65);-webkit-box-shadow:none;box-shadow:none}a.btn.disabled,fieldset[disabled] a.btn{pointer-events:none}.btn-default{color:#333;background-color:#fff;border-color:#ccc}.btn-default:focus,.btn-default.focus{color:#333;background-color:#e6e6e6;border-color:#8c8c8c}.btn-default:hover{color:#333;background-color:#e6e6e6;border-color:#adadad}.btn-default:active,.btn-default.active,.open>.dropdown-toggle.btn-default{color:#333;background-color:#e6e6e6;border-color:#adadad}.btn-default:active:hover,.btn-default.active:hover,.open>.dropdown-toggle.btn-default:hover,.btn-default:active:focus,.btn-default.active:focus,.open>.dropdown-toggle.btn-default:focus,.btn-default:active.focus,.btn-default.active.focus,.open>.dropdown-toggle.btn-default.focus{color:#333;background-color:#d4d4d4;border-color:#8c8c8c}.btn-default:active,.btn-default.active,.open>.dropdown-toggle.btn-default{background-image:none}.btn-default.disabled:hover,.btn-default[disabled]:hover,fieldset[disabled] .btn-default:hover,.btn-default.disabled:focus,.btn-default[disabled]:focus,fieldset[disabled] .btn-default:focus,.btn-default.disabled.focus,.btn-default[disabled].focus,fieldset[disabled] .btn-default.focus{background-color:#fff;border-color:#ccc}.btn-default .badge{color:#fff;background-color:#333}.btn-primary{color:#fff;background-color:#428bca;border-color:#357ebd}.btn-primary:focus,.btn-primary.focus{color:#fff;background-color:#3071a9;border-color:#193c5a}.btn-primary:hover{color:#fff;background-color:#3071a9;border-color:#285e8e}.btn-primary:active,.btn-primary.active,.open>.dropdown-toggle.btn-primary{color:#fff;background-color:#3071a9;border-color:#285e8e}.btn-primary:active:hover,.btn-primary.active:hover,.open>.dropdown-toggle.btn-primary:hover,.btn-primary:active:focus,.btn-primary.active:focus,.open>.dropdown-toggle.btn-primary:focus,.btn-primary:active.focus,.btn-primary.active.focus,.open>.dropdown-toggle.btn-primary.focus{color:#fff;background-color:#285e8e;border-color:#193c5a}.btn-primary:active,.btn-primary.active,.open>.dropdown-toggle.btn-primary{background-image:none}.btn-primary.disabled:hover,.btn-primary[disabled]:hover,fieldset[disabled] .btn-primary:hover,.btn-primary.disabled:focus,.btn-primary[disabled]:focus,fieldset[disabled] .btn-primary:focus,.btn-primary.disabled.focus,.btn-primary[disabled].focus,fieldset[disabled] .btn-primary.focus{background-color:#428bca;border-color:#357ebd}.btn-primary .badge{color:#428bca;background-color:#fff}.btn-success{color:#fff;background-color:#5cb85c;border-color:#4cae4c}.btn-success:focus,.btn-success.focus{color:#fff;background-color:#449d44;border-color:#255625}.btn-success:hover{color:#fff;background-color:#449d44;border-color:#398439}.btn-success:active,.btn-success.active,.open>.dropdown-toggle.btn-success{color:#fff;background-color:#449d44;border-color:#398439}.btn-success:active:hover,.btn-success.active:hover,.open>.dropdown-toggle.btn-success:hover,.btn-success:active:focus,.btn-success.active:focus,.open>.dropdown-toggle.btn-success:focus,.btn-success:active.focus,.btn-success.active.focus,.open>.dropdown-toggle.btn-success.focus{color:#fff;background-color:#398439;border-color:#255625}.btn-success:active,.btn-success.active,.open>.dropdown-toggle.btn-success{background-image:none}.btn-success.disabled:hover,.btn-success[disabled]:hover,fieldset[disabled] .btn-success:hover,.btn-success.disabled:focus,.btn-success[disabled]:focus,fieldset[disabled] .btn-success:focus,.btn-success.disabled.focus,.btn-success[disabled].focus,fieldset[disabled] .btn-success.focus{background-color:#5cb85c;border-color:#4cae4c}.btn-success .badge{color:#5cb85c;background-color:#fff}.btn-info{color:#fff;background-color:#5bc0de;border-color:#46b8da}.btn-info:focus,.btn-info.focus{color:#fff;background-color:#31b0d5;border-color:#1b6d85}.btn-info:hover{color:#fff;background-color:#31b0d5;border-color:#269abc}.btn-info:active,.btn-info.active,.open>.dropdown-toggle.btn-info{color:#fff;background-color:#31b0d5;border-color:#269abc}.btn-info:active:hover,.btn-info.active:hover,.open>.dropdown-toggle.btn-info:hover,.btn-info:active:focus,.btn-info.active:focus,.open>.dropdown-toggle.btn-info:focus,.btn-info:active.focus,.btn-info.active.focus,.open>.dropdown-toggle.btn-info.focus{color:#fff;background-color:#269abc;border-color:#1b6d85}.btn-info:active,.btn-info.active,.open>.dropdown-toggle.btn-info{background-image:none}.btn-info.disabled:hover,.btn-info[disabled]:hover,fieldset[disabled] .btn-info:hover,.btn-info.disabled:focus,.btn-info[disabled]:focus,fieldset[disabled] .btn-info:focus,.btn-info.disabled.focus,.btn-info[disabled].focus,fieldset[disabled] .btn-info.focus{background-color:#5bc0de;border-color:#46b8da}.btn-info .badge{color:#5bc0de;background-color:#fff}.btn-warning{color:#fff;background-color:#f0ad4e;border-color:#eea236}.btn-warning:focus,.btn-warning.focus{color:#fff;background-color:#ec971f;border-color:#985f0d}.btn-warning:hover{color:#fff;background-color:#ec971f;border-color:#d58512}.btn-warning:active,.btn-warning.active,.open>.dropdown-toggle.btn-warning{color:#fff;background-color:#ec971f;border-color:#d58512}.btn-warning:active:hover,.btn-warning.active:hover,.open>.dropdown-toggle.btn-warning:hover,.btn-warning:active:focus,.btn-warning.active:focus,.open>.dropdown-toggle.btn-warning:focus,.btn-warning:active.focus,.btn-warning.active.focus,.open>.dropdown-toggle.btn-warning.focus{color:#fff;background-color:#d58512;border-color:#985f0d}.btn-warning:active,.btn-warning.active,.open>.dropdown-toggle.btn-warning{background-image:none}.btn-warning.disabled:hover,.btn-warning[disabled]:hover,fieldset[disabled] .btn-warning:hover,.btn-warning.disabled:focus,.btn-warning[disabled]:focus,fieldset[disabled] .btn-warning:focus,.btn-warning.disabled.focus,.btn-warning[disabled].focus,fieldset[disabled] .btn-warning.focus{background-color:#f0ad4e;border-color:#eea236}.btn-warning .badge{color:#f0ad4e;background-color:#fff}.btn-danger{color:#fff;background-color:#d9534f;border-color:#d43f3a}.btn-danger:focus,.btn-danger.focus{color:#fff;background-color:#c9302c;border-color:#761c19}.btn-danger:hover{color:#fff;background-color:#c9302c;border-color:#ac2925}.btn-danger:active,.btn-danger.active,.open>.dropdown-toggle.btn-danger{color:#fff;background-color:#c9302c;border-color:#ac2925}.btn-danger:active:hover,.btn-danger.active:hover,.open>.dropdown-toggle.btn-danger:hover,.btn-danger:active:focus,.btn-danger.active:focus,.open>.dropdown-toggle.btn-danger:focus,.btn-danger:active.focus,.btn-danger.active.focus,.open>.dropdown-toggle.btn-danger.focus{color:#fff;background-color:#ac2925;border-color:#761c19}.btn-danger:active,.btn-danger.active,.open>.dropdown-toggle.btn-danger{background-image:none}.btn-danger.disabled:hover,.btn-danger[disabled]:hover,fieldset[disabled] .btn-danger:hover,.btn-danger.disabled:focus,.btn-danger[disabled]:focus,fieldset[disabled] .btn-danger:focus,.btn-danger.disabled.focus,.btn-danger[disabled].focus,fieldset[disabled] .btn-danger.focus{background-color:#d9534f;border-color:#d43f3a}.btn-danger .badge{color:#d9534f;background-color:#fff}.btn-link{color:#428bca;font-weight:normal;border-radius:0}.btn-link,.btn-link:active,.btn-link.active,.btn-link[disabled],fieldset[disabled] .btn-link{background-color:transparent;-webkit-box-shadow:none;box-shadow:none}.btn-link,.btn-link:hover,.btn-link:focus,.btn-link:active{border-color:transparent}.btn-link:hover,.btn-link:focus{color:#2a6496;text-decoration:underline;background-color:transparent}.btn-link[disabled]:hover,fieldset[disabled] .btn-link:hover,.btn-link[disabled]:focus,fieldset[disabled] .btn-link:focus{color:#777;text-decoration:none}.btn-lg,.btn-group-lg>.btn{padding:10px 16px;font-size:18px;line-height:1.33;border-radius:6px}.btn-sm,.btn-group-sm>.btn{padding:5px 10px;font-size:12px;line-height:1.5;border-radius:3px}.btn-xs,.btn-group-xs>.btn{padding:1px 5px;font-size:12px;line-height:1.5;border-radius:3px}.btn-block{display:block;width:100%}.btn-block+.btn-block{margin-top:5px}input[type="submit"].btn-block,input[type="reset"].btn-block,input[type="button"].btn-block{width:100%}.fade{opacity:0;-webkit-transition:opacity .15s linear;-o-transition:opacity .15s linear;transition:opacity .15s linear}.fade.in{opacity:1}.collapse{display:none}.collapse.in{display:block}tr.collapse.in{display:table-row}tbody.collapse.in{display:table-row-group}.collapsing{position:relative;height:0;overflow:hidden;-webkit-transition-property:height, visibility;-o-transition-property:height, visibility;transition-property:height, visibility;-webkit-transition-duration:.35s;-o-transition-duration:.35s;transition-duration:.35s;-webkit-transition-timing-function:ease;-o-transition-timing-function:ease;transition-timing-function:ease}.btn-group,.btn-group-vertical{position:relative;display:inline-block;vertical-align:middle}.btn-group>.btn,.btn-group-vertical>.btn{position:relative;float:left}.btn-group>.btn:hover,.btn-group-vertical>.btn:hover,.btn-group>.btn:focus,.btn-group-vertical>.btn:focus,.btn-group>.btn:active,.btn-group-vertical>.btn:active,.btn-group>.btn.active,.btn-group-vertical>.btn.active{z-index:2}.btn-group .btn+.btn,.btn-group .btn+.btn-group,.btn-group .btn-group+.btn,.btn-group .btn-group+.btn-group{margin-left:-1px}.btn-toolbar{margin-left:-5px}.btn-toolbar .btn,.btn-toolbar .btn-group,.btn-toolbar .input-group{float:left}.btn-toolbar>.btn,.btn-toolbar>.btn-group,.btn-toolbar>.input-group{margin-left:5px}.btn-group>.btn:not(:first-child):not(:last-child):not(.dropdown-toggle){border-radius:0}.btn-group>.btn:first-child{margin-left:0}.btn-group>.btn:first-child:not(:last-child):not(.dropdown-toggle){border-bottom-right-radius:0;border-top-right-radius:0}.btn-group>.btn:last-child:not(:first-child),.btn-group>.dropdown-toggle:not(:first-child){border-bottom-left-radius:0;border-top-left-radius:0}.btn-group>.btn-group{float:left}.btn-group>.btn-group:not(:first-child):not(:last-child)>.btn{border-radius:0}.btn-group>.btn-group:first-child:not(:last-child)>.btn:last-child,.btn-group>.btn-group:first-child:not(:last-child)>.dropdown-toggle{border-bottom-right-radius:0;border-top-right-radius:0}.btn-group>.btn-group:last-child:not(:first-child)>.btn:first-child{border-bottom-left-radius:0;border-top-left-radius:0}.btn-group .dropdown-toggle:active,.btn-group.open .dropdown-toggle{outline:0}.btn-group>.btn+.dropdown-toggle{padding-left:8px;padding-right:8px}.btn-group>.btn-lg+.dropdown-toggle{padding-left:12px;padding-right:12px}.btn-group.open .dropdown-toggle{-webkit-box-shadow:inset 0 3px 5px rgba(0,0,0,0.125);box-shadow:inset 0 3px 5px rgba(0,0,0,0.125)}.btn-group.open .dropdown-toggle.btn-link{-webkit-box-shadow:none;box-shadow:none}.btn .caret{margin-left:0}.btn-lg .caret{border-width:5px 5px 0;border-bottom-width:0}.dropup .btn-lg .caret{border-width:0 5px 5px}.btn-group-vertical>.btn,.btn-group-vertical>.btn-group,.btn-group-vertical>.btn-group>.btn{display:block;float:none;width:100%;max-width:100%}.btn-group-vertical>.btn-group>.btn{float:none}.btn-group-vertical>.btn+.btn,.btn-group-vertical>.btn+.btn-group,.btn-group-vertical>.btn-group+.btn,.btn-group-vertical>.btn-group+.btn-group{margin-top:-1px;margin-left:0}.btn-group-vertical>.btn:not(:first-child):not(:last-child){border-radius:0}.btn-group-vertical>.btn:first-child:not(:last-child){border-top-right-radius:4px;border-top-left-radius:4px;border-bottom-right-radius:0;border-bottom-left-radius:0}.btn-group-vertical>.btn:last-child:not(:first-child){border-top-right-radius:0;border-top-left-radius:0;border-bottom-right-radius:4px;border-bottom-left-radius:4px}.btn-group-vertical>.btn-group:not(:first-child):not(:last-child)>.btn{border-radius:0}.btn-group-vertical>.btn-group:first-child:not(:last-child)>.btn:last-child,.btn-group-vertical>.btn-group:first-child:not(:last-child)>.dropdown-toggle{border-bottom-right-radius:0;border-bottom-left-radius:0}.btn-group-vertical>.btn-group:last-child:not(:first-child)>.btn:first-child{border-top-right-radius:0;border-top-left-radius:0}.btn-group-justified{display:table;width:100%;table-layout:fixed;border-collapse:separate}.btn-group-justified>.btn,.btn-group-justified>.btn-group{float:none;display:table-cell;width:1%}.btn-group-justified>.btn-group .btn{width:100%}.btn-group-justified>.btn-group .dropdown-menu{left:auto}[data-toggle="buttons"]>.btn input[type="radio"],[data-toggle="buttons"]>.btn-group>.btn input[type="radio"],[data-toggle="buttons"]>.btn input[type="checkbox"],[data-toggle="buttons"]>.btn-group>.btn input[type="checkbox"]{position:absolute;clip:rect(0, 0, 0, 0);pointer-events:none}.input-group{position:relative;display:table;border-collapse:separate}.input-group[class*="col-"]{float:none;padding-left:0;padding-right:0}.input-group .form-control{position:relative;z-index:2;float:left;width:100%;margin-bottom:0}.input-group .form-control:focus{z-index:3}.input-group-lg>.form-control,.input-group-lg>.input-group-addon,.input-group-lg>.input-group-btn>.btn{height:46px;padding:10px 16px;font-size:18px;line-height:1.33;border-radius:6px}select.input-group-lg>.form-control,select.input-group-lg>.input-group-addon,select.input-group-lg>.input-group-btn>.btn{height:46px;line-height:46px}textarea.input-group-lg>.form-control,textarea.input-group-lg>.input-group-addon,textarea.input-group-lg>.input-group-btn>.btn,select[multiple].input-group-lg>.form-control,select[multiple].input-group-lg>.input-group-addon,select[multiple].input-group-lg>.input-group-btn>.btn{height:auto}.input-group-sm>.form-control,.input-group-sm>.input-group-addon,.input-group-sm>.input-group-btn>.btn{height:30px;padding:5px 10px;font-size:12px;line-height:1.5;border-radius:3px}select.input-group-sm>.form-control,select.input-group-sm>.input-group-addon,select.input-group-sm>.input-group-btn>.btn{height:30px;line-height:30px}textarea.input-group-sm>.form-control,textarea.input-group-sm>.input-group-addon,textarea.input-group-sm>.input-group-btn>.btn,select[multiple].input-group-sm>.form-control,select[multiple].input-group-sm>.input-group-addon,select[multiple].input-group-sm>.input-group-btn>.btn{height:auto}.input-group-addon,.input-group-btn,.input-group .form-control{display:table-cell}.input-group-addon:not(:first-child):not(:last-child),.input-group-btn:not(:first-child):not(:last-child),.input-group .form-control:not(:first-child):not(:last-child){border-radius:0}.input-group-addon,.input-group-btn{width:1%;white-space:nowrap;vertical-align:middle}.input-group-addon{padding:6px 12px;font-size:14px;font-weight:normal;line-height:1;color:#555;text-align:center;background-color:#eee;border:1px solid #ccc;border-radius:4px}.input-group-addon.input-sm{padding:5px 10px;font-size:12px;border-radius:3px}.input-group-addon.input-lg{padding:10px 16px;font-size:18px;border-radius:6px}.input-group-addon input[type="radio"],.input-group-addon input[type="checkbox"]{margin-top:0}.input-group .form-control:first-child,.input-group-addon:first-child,.input-group-btn:first-child>.btn,.input-group-btn:first-child>.btn-group>.btn,.input-group-btn:first-child>.dropdown-toggle,.input-group-btn:last-child>.btn:not(:last-child):not(.dropdown-toggle),.input-group-btn:last-child>.btn-group:not(:last-child)>.btn{border-bottom-right-radius:0;border-top-right-radius:0}.input-group-addon:first-child{border-right:0}.input-group .form-control:last-child,.input-group-addon:last-child,.input-group-btn:last-child>.btn,.input-group-btn:last-child>.btn-group>.btn,.input-group-btn:last-child>.dropdown-toggle,.input-group-btn:first-child>.btn:not(:first-child),.input-group-btn:first-child>.btn-group:not(:first-child)>.btn{border-bottom-left-radius:0;border-top-left-radius:0}.input-group-addon:last-child{border-left:0}.input-group-btn{position:relative;font-size:0;white-space:nowrap}.input-group-btn>.btn{position:relative}.input-group-btn>.btn+.btn{margin-left:-1px}.input-group-btn>.btn:hover,.input-group-btn>.btn:focus,.input-group-btn>.btn:active{z-index:2}.input-group-btn:first-child>.btn,.input-group-btn:first-child>.btn-group{margin-right:-1px}.input-group-btn:last-child>.btn,.input-group-btn:last-child>.btn-group{z-index:2;margin-left:-1px}.nav{margin-bottom:0;padding-left:0;list-style:none}.nav>li{position:relative;display:block}.nav>li>a{position:relative;display:block;padding:10px 15px}.nav>li>a:hover,.nav>li>a:focus{text-decoration:none;background-color:#eee}.nav>li.disabled>a{color:#777}.nav>li.disabled>a:hover,.nav>li.disabled>a:focus{color:#777;text-decoration:none;background-color:transparent;cursor:not-allowed}.nav .open>a,.nav .open>a:hover,.nav .open>a:focus{background-color:#eee;border-color:#428bca}.nav .nav-divider{height:1px;margin:9px 0;overflow:hidden;background-color:#e5e5e5}.nav>li>a>img{max-width:none}.nav-tabs{border-bottom:1px solid #ddd}.nav-tabs>li{float:left;margin-bottom:-1px}.nav-tabs>li>a{margin-right:2px;line-height:1.42857143;border:1px solid transparent;border-radius:4px 4px 0 0}.nav-tabs>li>a:hover{border-color:#eee #eee #ddd}.nav-tabs>li.active>a,.nav-tabs>li.active>a:hover,.nav-tabs>li.active>a:focus{color:#555;background-color:#fff;border:1px solid #ddd;border-bottom-color:transparent;cursor:default}.nav-tabs.nav-justified{width:100%;border-bottom:0}.nav-tabs.nav-justified>li{float:none}.nav-tabs.nav-justified>li>a{text-align:center;margin-bottom:5px}.nav-tabs.nav-justified>.dropdown .dropdown-menu{top:auto;left:auto}@media (min-width:768px){.nav-tabs.nav-justified>li{display:table-cell;width:1%}.nav-tabs.nav-justified>li>a{margin-bottom:0}}.nav-tabs.nav-justified>li>a{margin-right:0;border-radius:4px}.nav-tabs.nav-justified>.active>a,.nav-tabs.nav-justified>.active>a:hover,.nav-tabs.nav-justified>.active>a:focus{border:1px solid #ddd}@media (min-width:768px){.nav-tabs.nav-justified>li>a{border-bottom:1px solid #ddd;border-radius:4px 4px 0 0}.nav-tabs.nav-justified>.active>a,.nav-tabs.nav-justified>.active>a:hover,.nav-tabs.nav-justified>.active>a:focus{border-bottom-color:#fff}}.nav-pills>li{float:left}.nav-pills>li>a{border-radius:4px}.nav-pills>li+li{margin-left:2px}.nav-pills>li.active>a,.nav-pills>li.active>a:hover,.nav-pills>li.active>a:focus{color:#fff;background-color:#428bca}.nav-stacked>li{float:none}.nav-stacked>li+li{margin-top:2px;margin-left:0}.nav-justified{width:100%}.nav-justified>li{float:none}.nav-justified>li>a{text-align:center;margin-bottom:5px}.nav-justified>.dropdown .dropdown-menu{top:auto;left:auto}@media (min-width:768px){.nav-justified>li{display:table-cell;width:1%}.nav-justified>li>a{margin-bottom:0}}.nav-tabs-justified{border-bottom:0}.nav-tabs-justified>li>a{margin-right:0;border-radius:4px}.nav-tabs-justified>.active>a,.nav-tabs-justified>.active>a:hover,.nav-tabs-justified>.active>a:focus{border:1px solid #ddd}@media (min-width:768px){.nav-tabs-justified>li>a{border-bottom:1px solid #ddd;border-radius:4px 4px 0 0}.nav-tabs-justified>.active>a,.nav-tabs-justified>.active>a:hover,.nav-tabs-justified>.active>a:focus{border-bottom-color:#fff}}.tab-content>.tab-pane{display:none}.tab-content>.active{display:block}.nav-tabs .dropdown-menu{margin-top:-1px;border-top-right-radius:0;border-top-left-radius:0}.navbar{position:relative;min-height:50px;margin-bottom:20px;border:1px solid transparent}@media (min-width:768px){.navbar{border-radius:4px}}@media (min-width:768px){.navbar-header{float:left}}.navbar-collapse{overflow-x:visible;padding-right:15px;padding-left:15px;border-top:1px solid transparent;-webkit-box-shadow:inset 0 1px 0 rgba(255,255,255,0.1);box-shadow:inset 0 1px 0 rgba(255,255,255,0.1);-webkit-overflow-scrolling:touch}.navbar-collapse.in{overflow-y:auto}@media (min-width:768px){.navbar-collapse{width:auto;border-top:0;-webkit-box-shadow:none;box-shadow:none}.navbar-collapse.collapse{display:block !important;height:auto !important;padding-bottom:0;overflow:visible !important}.navbar-collapse.in{overflow-y:visible}.navbar-fixed-top .navbar-collapse,.navbar-static-top .navbar-collapse,.navbar-fixed-bottom .navbar-collapse{padding-left:0;padding-right:0}}.navbar-fixed-top .navbar-collapse,.navbar-fixed-bottom .navbar-collapse{max-height:340px}@media (max-device-width:480px) and (orientation:landscape){.navbar-fixed-top .navbar-collapse,.navbar-fixed-bottom .navbar-collapse{max-height:200px}}.container>.navbar-header,.container-fluid>.navbar-header,.container>.navbar-collapse,.container-fluid>.navbar-collapse{margin-right:-15px;margin-left:-15px}@media (min-width:768px){.container>.navbar-header,.container-fluid>.navbar-header,.container>.navbar-collapse,.container-fluid>.navbar-collapse{margin-right:0;margin-left:0}}.navbar-static-top{z-index:1000;border-width:0 0 1px}@media (min-width:768px){.navbar-static-top{border-radius:0}}.navbar-fixed-top,.navbar-fixed-bottom{position:fixed;right:0;left:0;z-index:1030}@media (min-width:768px){.navbar-fixed-top,.navbar-fixed-bottom{border-radius:0}}.navbar-fixed-top{top:0;border-width:0 0 1px}.navbar-fixed-bottom{bottom:0;margin-bottom:0;border-width:1px 0 0}.navbar-brand{float:left;padding:15px 15px;font-size:18px;line-height:20px;height:50px}.navbar-brand:hover,.navbar-brand:focus{text-decoration:none}.navbar-brand>img{display:block}@media (min-width:768px){.navbar>.container .navbar-brand,.navbar>.container-fluid .navbar-brand{margin-left:-15px}}.navbar-toggle{position:relative;float:right;margin-right:15px;padding:9px 10px;margin-top:8px;margin-bottom:8px;background-color:transparent;background-image:none;border:1px solid transparent;border-radius:4px}.navbar-toggle:focus{outline:0}.navbar-toggle .icon-bar{display:block;width:22px;height:2px;border-radius:1px}.navbar-toggle .icon-bar+.icon-bar{margin-top:4px}@media (min-width:768px){.navbar-toggle{display:none}}.navbar-nav{margin:7.5px -15px}.navbar-nav>li>a{padding-top:10px;padding-bottom:10px;line-height:20px}@media (max-width:767px){.navbar-nav .open .dropdown-menu{position:static;float:none;width:auto;margin-top:0;background-color:transparent;border:0;-webkit-box-shadow:none;box-shadow:none}.navbar-nav .open .dropdown-menu>li>a,.navbar-nav .open .dropdown-menu .dropdown-header{padding:5px 15px 5px 25px}.navbar-nav .open .dropdown-menu>li>a{line-height:20px}.navbar-nav .open .dropdown-menu>li>a:hover,.navbar-nav .open .dropdown-menu>li>a:focus{background-image:none}}@media (min-width:768px){.navbar-nav{float:left;margin:0}.navbar-nav>li{float:left}.navbar-nav>li>a{padding-top:15px;padding-bottom:15px}}.navbar-form{margin-left:-15px;margin-right:-15px;padding:10px 15px;border-top:1px solid transparent;border-bottom:1px solid transparent;-webkit-box-shadow:inset 0 1px 0 rgba(255,255,255,0.1),0 1px 0 rgba(255,255,255,0.1);box-shadow:inset 0 1px 0 rgba(255,255,255,0.1),0 1px 0 rgba(255,255,255,0.1);margin-top:8px;margin-bottom:8px}@media (min-width:768px){.navbar-form .form-group{display:inline-block;margin-bottom:0;vertical-align:middle}.navbar-form .form-control{display:inline-block;width:auto;vertical-align:middle}.navbar-form .form-control-static{display:inline-block}.navbar-form .input-group{display:inline-table;vertical-align:middle}.navbar-form .input-group .input-group-addon,.navbar-form .input-group .input-group-btn,.navbar-form .input-group .form-control{width:auto}.navbar-form .input-group>.form-control{width:100%}.navbar-form .control-label{margin-bottom:0;vertical-align:middle}.navbar-form .radio,.navbar-form .checkbox{display:inline-block;margin-top:0;margin-bottom:0;vertical-align:middle}.navbar-form .radio label,.navbar-form .checkbox label{padding-left:0}.navbar-form .radio input[type="radio"],.navbar-form .checkbox input[type="checkbox"]{position:relative;margin-left:0}.navbar-form .has-feedback .form-control-feedback{top:0}}@media (max-width:767px){.navbar-form .form-group{margin-bottom:5px}.navbar-form .form-group:last-child{margin-bottom:0}}@media (min-width:768px){.navbar-form{width:auto;border:0;margin-left:0;margin-right:0;padding-top:0;padding-bottom:0;-webkit-box-shadow:none;box-shadow:none}}.navbar-nav>li>.dropdown-menu{margin-top:0;border-top-right-radius:0;border-top-left-radius:0}.navbar-fixed-bottom .navbar-nav>li>.dropdown-menu{margin-bottom:0;border-top-right-radius:4px;border-top-left-radius:4px;border-bottom-right-radius:0;border-bottom-left-radius:0}.navbar-btn{margin-top:8px;margin-bottom:8px}.navbar-btn.btn-sm{margin-top:10px;margin-bottom:10px}.navbar-btn.btn-xs{margin-top:14px;margin-bottom:14px}.navbar-text{margin-top:15px;margin-bottom:15px}@media (min-width:768px){.navbar-text{float:left;margin-left:15px;margin-right:15px}}@media (min-width:768px){.navbar-left{float:left !important}.navbar-right{float:right !important;margin-right:-15px}.navbar-right~.navbar-right{margin-right:0}}.navbar-default{background-color:#f8f8f8;border-color:#e7e7e7}.navbar-default .navbar-brand{color:#777}.navbar-default .navbar-brand:hover,.navbar-default .navbar-brand:focus{color:#5e5e5e;background-color:transparent}.navbar-default .navbar-text{color:#777}.navbar-default .navbar-nav>li>a{color:#777}.navbar-default .navbar-nav>li>a:hover,.navbar-default .navbar-nav>li>a:focus{color:#333;background-color:transparent}.navbar-default .navbar-nav>.active>a,.navbar-default .navbar-nav>.active>a:hover,.navbar-default .navbar-nav>.active>a:focus{color:#555;background-color:#e7e7e7}.navbar-default .navbar-nav>.disabled>a,.navbar-default .navbar-nav>.disabled>a:hover,.navbar-default .navbar-nav>.disabled>a:focus{color:#ccc;background-color:transparent}.navbar-default .navbar-toggle{border-color:#ddd}.navbar-default .navbar-toggle:hover,.navbar-default .navbar-toggle:focus{background-color:#ddd}.navbar-default .navbar-toggle .icon-bar{background-color:#888}.navbar-default .navbar-collapse,.navbar-default .navbar-form{border-color:#e7e7e7}.navbar-default .navbar-nav>.open>a,.navbar-default .navbar-nav>.open>a:hover,.navbar-default .navbar-nav>.open>a:focus{background-color:#e7e7e7;color:#555}@media (max-width:767px){.navbar-default .navbar-nav .open .dropdown-menu>li>a{color:#777}.navbar-default .navbar-nav .open .dropdown-menu>li>a:hover,.navbar-default .navbar-nav .open .dropdown-menu>li>a:focus{color:#333;background-color:transparent}.navbar-default .navbar-nav .open .dropdown-menu>.active>a,.navbar-default .navbar-nav .open .dropdown-menu>.active>a:hover,.navbar-default .navbar-nav .open .dropdown-menu>.active>a:focus{color:#555;background-color:#e7e7e7}.navbar-default .navbar-nav .open .dropdown-menu>.disabled>a,.navbar-default .navbar-nav .open .dropdown-menu>.disabled>a:hover,.navbar-default .navbar-nav .open .dropdown-menu>.disabled>a:focus{color:#ccc;background-color:transparent}}.navbar-default .navbar-link{color:#777}.navbar-default .navbar-link:hover{color:#333}.navbar-default .btn-link{color:#777}.navbar-default .btn-link:hover,.navbar-default .btn-link:focus{color:#333}.navbar-default .btn-link[disabled]:hover,fieldset[disabled] .navbar-default .btn-link:hover,.navbar-default .btn-link[disabled]:focus,fieldset[disabled] .navbar-default .btn-link:focus{color:#ccc}.navbar-inverse{background-color:#222;border-color:#080808}.navbar-inverse .navbar-brand{color:#777}.navbar-inverse .navbar-brand:hover,.navbar-inverse .navbar-brand:focus{color:#fff;background-color:transparent}.navbar-inverse .navbar-text{color:#777}.navbar-inverse .navbar-nav>li>a{color:#777}.navbar-inverse .navbar-nav>li>a:hover,.navbar-inverse .navbar-nav>li>a:focus{color:#fff;background-color:transparent}.navbar-inverse .navbar-nav>.active>a,.navbar-inverse .navbar-nav>.active>a:hover,.navbar-inverse .navbar-nav>.active>a:focus{color:#fff;background-color:#080808}.navbar-inverse .navbar-nav>.disabled>a,.navbar-inverse .navbar-nav>.disabled>a:hover,.navbar-inverse .navbar-nav>.disabled>a:focus{color:#444;background-color:transparent}.navbar-inverse .navbar-toggle{border-color:#333}.navbar-inverse .navbar-toggle:hover,.navbar-inverse .navbar-toggle:focus{background-color:#333}.navbar-inverse .navbar-toggle .icon-bar{background-color:#fff}.navbar-inverse .navbar-collapse,.navbar-inverse .navbar-form{border-color:#101010}.navbar-inverse .navbar-nav>.open>a,.navbar-inverse .navbar-nav>.open>a:hover,.navbar-inverse .navbar-nav>.open>a:focus{background-color:#080808;color:#fff}@media (max-width:767px){.navbar-inverse .navbar-nav .open .dropdown-menu>.dropdown-header{border-color:#080808}.navbar-inverse .navbar-nav .open .dropdown-menu .divider{background-color:#080808}.navbar-inverse .navbar-nav .open .dropdown-menu>li>a{color:#777}.navbar-inverse .navbar-nav .open .dropdown-menu>li>a:hover,.navbar-inverse .navbar-nav .open .dropdown-menu>li>a:focus{color:#fff;background-color:transparent}.navbar-inverse .navbar-nav .open .dropdown-menu>.active>a,.navbar-inverse .navbar-nav .open .dropdown-menu>.active>a:hover,.navbar-inverse .navbar-nav .open .dropdown-menu>.active>a:focus{color:#fff;background-color:#080808}.navbar-inverse .navbar-nav .open .dropdown-menu>.disabled>a,.navbar-inverse .navbar-nav .open .dropdown-menu>.disabled>a:hover,.navbar-inverse .navbar-nav .open .dropdown-menu>.disabled>a:focus{color:#444;background-color:transparent}}.navbar-inverse .navbar-link{color:#777}.navbar-inverse .navbar-link:hover{color:#fff}.navbar-inverse .btn-link{color:#777}.navbar-inverse .btn-link:hover,.navbar-inverse .btn-link:focus{color:#fff}.navbar-inverse .btn-link[disabled]:hover,fieldset[disabled] .navbar-inverse .btn-link:hover,.navbar-inverse .btn-link[disabled]:focus,fieldset[disabled] .navbar-inverse .btn-link:focus{color:#444}.label{display:inline;padding:.2em .6em .3em;font-size:75%;font-weight:bold;line-height:1;color:#fff;text-align:center;white-space:nowrap;vertical-align:baseline;border-radius:.25em}a.label:hover,a.label:focus{color:#fff;text-decoration:none;cursor:pointer}.label:empty{display:none}.btn .label{position:relative;top:-1px}.label-default{background-color:#777}.label-default[href]:hover,.label-default[href]:focus{background-color:#5e5e5e}.label-primary{background-color:#428bca}.label-primary[href]:hover,.label-primary[href]:focus{background-color:#3071a9}.label-success{background-color:#5cb85c}.label-success[href]:hover,.label-success[href]:focus{background-color:#449d44}.label-info{background-color:#5bc0de}.label-info[href]:hover,.label-info[href]:focus{background-color:#31b0d5}.label-warning{background-color:#f0ad4e}.label-warning[href]:hover,.label-warning[href]:focus{background-color:#ec971f}.label-danger{background-color:#d9534f}.label-danger[href]:hover,.label-danger[href]:focus{background-color:#c9302c}.badge{display:inline-block;min-width:10px;padding:3px 7px;font-size:12px;font-weight:bold;color:#fff;line-height:1;vertical-align:middle;white-space:nowrap;text-align:center;background-color:#777;border-radius:10px}.badge:empty{display:none}.btn .badge{position:relative;top:-1px}.btn-xs .badge,.btn-group-xs>.btn .badge{top:0;padding:1px 5px}a.badge:hover,a.badge:focus{color:#fff;text-decoration:none;cursor:pointer}.list-group-item.active>.badge,.nav-pills>.active>a>.badge{color:#428bca;background-color:#fff}.list-group-item>.badge{float:right}.list-group-item>.badge+.badge{margin-right:5px}.nav-pills>li>a>.badge{margin-left:3px}.alert{padding:15px;margin-bottom:20px;border:1px solid transparent;border-radius:4px}.alert h4{margin-top:0;color:inherit}.alert .alert-link{font-weight:bold}.alert>p,.alert>ul{margin-bottom:0}.alert>p+p{margin-top:5px}.alert-dismissable,.alert-dismissible{padding-right:35px}.alert-dismissable .close,.alert-dismissible .close{position:relative;top:-2px;right:-21px;color:inherit}.alert-success{background-color:#dff0d8;border-color:#d6e9c6;color:#3c763d}.alert-success hr{border-top-color:#c9e2b3}.alert-success .alert-link{color:#2b542c}.alert-info{background-color:#d9edf7;border-color:#bce8f1;color:#31708f}.alert-info hr{border-top-color:#a6e1ec}.alert-info .alert-link{color:#245269}.alert-warning{background-color:#fcf8e3;border-color:#faebcc;color:#8a6d3b}.alert-warning hr{border-top-color:#f7e1b5}.alert-warning .alert-link{color:#66512c}.alert-danger{background-color:#f2dede;border-color:#ebccd1;color:#a94442}.alert-danger hr{border-top-color:#e4b9c0}.alert-danger .alert-link{color:#843534}@-webkit-keyframes progress-bar-stripes{from{background-position:40px 0}to{background-position:0 0}}@-o-keyframes progress-bar-stripes{from{background-position:40px 0}to{background-position:0 0}}@keyframes progress-bar-stripes{from{background-position:40px 0}to{background-position:0 0}}.progress{overflow:hidden;height:20px;margin-bottom:20px;background-color:#f5f5f5;border-radius:4px;-webkit-box-shadow:inset 0 1px 2px rgba(0,0,0,0.1);box-shadow:inset 0 1px 2px rgba(0,0,0,0.1)}.progress-bar{float:left;width:0%;height:100%;font-size:12px;line-height:20px;color:#fff;text-align:center;background-color:#428bca;-webkit-box-shadow:inset 0 -1px 0 rgba(0,0,0,0.15);box-shadow:inset 0 -1px 0 rgba(0,0,0,0.15);-webkit-transition:width .6s ease;-o-transition:width .6s ease;transition:width .6s ease}.progress-striped .progress-bar,.progress-bar-striped{background-image:-webkit-linear-gradient(45deg, rgba(255,255,255,0.15) 25%, transparent 25%, transparent 50%, rgba(255,255,255,0.15) 50%, rgba(255,255,255,0.15) 75%, transparent 75%, transparent);background-image:-o-linear-gradient(45deg, rgba(255,255,255,0.15) 25%, transparent 25%, transparent 50%, rgba(255,255,255,0.15) 50%, rgba(255,255,255,0.15) 75%, transparent 75%, transparent);background-image:linear-gradient(45deg, rgba(255,255,255,0.15) 25%, transparent 25%, transparent 50%, rgba(255,255,255,0.15) 50%, rgba(255,255,255,0.15) 75%, transparent 75%, transparent);-webkit-background-size:40px 40px;background-size:40px 40px}.progress.active .progress-bar,.progress-bar.active{-webkit-animation:progress-bar-stripes 2s linear infinite;-o-animation:progress-bar-stripes 2s linear infinite;animation:progress-bar-stripes 2s linear infinite}.progress-bar-success{background-color:#5cb85c}.progress-striped .progress-bar-success{background-image:-webkit-linear-gradient(45deg, rgba(255,255,255,0.15) 25%, transparent 25%, transparent 50%, rgba(255,255,255,0.15) 50%, rgba(255,255,255,0.15) 75%, transparent 75%, transparent);background-image:-o-linear-gradient(45deg, rgba(255,255,255,0.15) 25%, transparent 25%, transparent 50%, rgba(255,255,255,0.15) 50%, rgba(255,255,255,0.15) 75%, transparent 75%, transparent);background-image:linear-gradient(45deg, rgba(255,255,255,0.15) 25%, transparent 25%, transparent 50%, rgba(255,255,255,0.15) 50%, rgba(255,255,255,0.15) 75%, transparent 75%, transparent)}.progress-bar-info{background-color:#5bc0de}.progress-striped .progress-bar-info{background-image:-webkit-linear-gradient(45deg, rgba(255,255,255,0.15) 25%, transparent 25%, transparent 50%, rgba(255,255,255,0.15) 50%, rgba(255,255,255,0.15) 75%, transparent 75%, transparent);background-image:-o-linear-gradient(45deg, rgba(255,255,255,0.15) 25%, transparent 25%, transparent 50%, rgba(255,255,255,0.15) 50%, rgba(255,255,255,0.15) 75%, transparent 75%, transparent);background-image:linear-gradient(45deg, rgba(255,255,255,0.15) 25%, transparent 25%, transparent 50%, rgba(255,255,255,0.15) 50%, rgba(255,255,255,0.15) 75%, transparent 75%, transparent)}.progress-bar-warning{background-color:#f0ad4e}.progress-striped .progress-bar-warning{background-image:-webkit-linear-gradient(45deg, rgba(255,255,255,0.15) 25%, transparent 25%, transparent 50%, rgba(255,255,255,0.15) 50%, rgba(255,255,255,0.15) 75%, transparent 75%, transparent);background-image:-o-linear-gradient(45deg, rgba(255,255,255,0.15) 25%, transparent 25%, transparent 50%, rgba(255,255,255,0.15) 50%, rgba(255,255,255,0.15) 75%, transparent 75%, transparent);background-image:linear-gradient(45deg, rgba(255,255,255,0.15) 25%, transparent 25%, transparent 50%, rgba(255,255,255,0.15) 50%, rgba(255,255,255,0.15) 75%, transparent 75%, transparent)}.progress-bar-danger{background-color:#d9534f}.progress-striped .progress-bar-danger{background-image:-webkit-linear-gradient(45deg, rgba(255,255,255,0.15) 25%, transparent 25%, transparent 50%, rgba(255,255,255,0.15) 50%, rgba(255,255,255,0.15) 75%, transparent 75%, transparent);background-image:-o-linear-gradient(45deg, rgba(255,255,255,0.15) 25%, transparent 25%, transparent 50%, rgba(255,255,255,0.15) 50%, rgba(255,255,255,0.15) 75%, transparent 75%, transparent);background-image:linear-gradient(45deg, rgba(255,255,255,0.15) 25%, transparent 25%, transparent 50%, rgba(255,255,255,0.15) 50%, rgba(255,255,255,0.15) 75%, transparent 75%, transparent)}.panel{margin-bottom:20px;background-color:#fff;border:1px solid transparent;border-radius:4px;-webkit-box-shadow:0 1px 1px rgba(0,0,0,0.05);box-shadow:0 1px 1px rgba(0,0,0,0.05)}.panel-body{padding:15px}.panel-heading{padding:10px 15px;border-bottom:1px solid transparent;border-top-right-radius:3px;border-top-left-radius:3px}.panel-heading>.dropdown .dropdown-toggle{color:inherit}.panel-title{margin-top:0;margin-bottom:0;font-size:16px;color:inherit}.panel-title>a,.panel-title>small,.panel-title>.small,.panel-title>small>a,.panel-title>.small>a{color:inherit}.panel-footer{padding:10px 15px;background-color:#f5f5f5;border-top:1px solid #ddd;border-bottom-right-radius:3px;border-bottom-left-radius:3px}.panel>.list-group,.panel>.panel-collapse>.list-group{margin-bottom:0}.panel>.list-group .list-group-item,.panel>.panel-collapse>.list-group .list-group-item{border-width:1px 0;border-radius:0}.panel>.list-group:first-child .list-group-item:first-child,.panel>.panel-collapse>.list-group:first-child .list-group-item:first-child{border-top:0;border-top-right-radius:3px;border-top-left-radius:3px}.panel>.list-group:last-child .list-group-item:last-child,.panel>.panel-collapse>.list-group:last-child .list-group-item:last-child{border-bottom:0;border-bottom-right-radius:3px;border-bottom-left-radius:3px}.panel>.panel-heading+.panel-collapse>.list-group .list-group-item:first-child{border-top-right-radius:0;border-top-left-radius:0}.panel-heading+.list-group .list-group-item:first-child{border-top-width:0}.list-group+.panel-footer{border-top-width:0}.panel>.table,.panel>.table-responsive>.table,.panel>.panel-collapse>.table{margin-bottom:0}.panel>.table caption,.panel>.table-responsive>.table caption,.panel>.panel-collapse>.table caption{padding-left:15px;padding-right:15px}.panel>.table:first-child,.panel>.table-responsive:first-child>.table:first-child{border-top-right-radius:3px;border-top-left-radius:3px}.panel>.table:first-child>thead:first-child>tr:first-child,.panel>.table-responsive:first-child>.table:first-child>thead:first-child>tr:first-child,.panel>.table:first-child>tbody:first-child>tr:first-child,.panel>.table-responsive:first-child>.table:first-child>tbody:first-child>tr:first-child{border-top-left-radius:3px;border-top-right-radius:3px}.panel>.table:first-child>thead:first-child>tr:first-child td:first-child,.panel>.table-responsive:first-child>.table:first-child>thead:first-child>tr:first-child td:first-child,.panel>.table:first-child>tbody:first-child>tr:first-child td:first-child,.panel>.table-responsive:first-child>.table:first-child>tbody:first-child>tr:first-child td:first-child,.panel>.table:first-child>thead:first-child>tr:first-child th:first-child,.panel>.table-responsive:first-child>.table:first-child>thead:first-child>tr:first-child th:first-child,.panel>.table:first-child>tbody:first-child>tr:first-child th:first-child,.panel>.table-responsive:first-child>.table:first-child>tbody:first-child>tr:first-child th:first-child{border-top-left-radius:3px}.panel>.table:first-child>thead:first-child>tr:first-child td:last-child,.panel>.table-responsive:first-child>.table:first-child>thead:first-child>tr:first-child td:last-child,.panel>.table:first-child>tbody:first-child>tr:first-child td:last-child,.panel>.table-responsive:first-child>.table:first-child>tbody:first-child>tr:first-child td:last-child,.panel>.table:first-child>thead:first-child>tr:first-child th:last-child,.panel>.table-responsive:first-child>.table:first-child>thead:first-child>tr:first-child th:last-child,.panel>.table:first-child>tbody:first-child>tr:first-child th:last-child,.panel>.table-responsive:first-child>.table:first-child>tbody:first-child>tr:first-child th:last-child{border-top-right-radius:3px}.panel>.table:last-child,.panel>.table-responsive:last-child>.table:last-child{border-bottom-right-radius:3px;border-bottom-left-radius:3px}.panel>.table:last-child>tbody:last-child>tr:last-child,.panel>.table-responsive:last-child>.table:last-child>tbody:last-child>tr:last-child,.panel>.table:last-child>tfoot:last-child>tr:last-child,.panel>.table-responsive:last-child>.table:last-child>tfoot:last-child>tr:last-child{border-bottom-left-radius:3px;border-bottom-right-radius:3px}.panel>.table:last-child>tbody:last-child>tr:last-child td:first-child,.panel>.table-responsive:last-child>.table:last-child>tbody:last-child>tr:last-child td:first-child,.panel>.table:last-child>tfoot:last-child>tr:last-child td:first-child,.panel>.table-responsive:last-child>.table:last-child>tfoot:last-child>tr:last-child td:first-child,.panel>.table:last-child>tbody:last-child>tr:last-child th:first-child,.panel>.table-responsive:last-child>.table:last-child>tbody:last-child>tr:last-child th:first-child,.panel>.table:last-child>tfoot:last-child>tr:last-child th:first-child,.panel>.table-responsive:last-child>.table:last-child>tfoot:last-child>tr:last-child th:first-child{border-bottom-left-radius:3px}.panel>.table:last-child>tbody:last-child>tr:last-child td:last-child,.panel>.table-responsive:last-child>.table:last-child>tbody:last-child>tr:last-child td:last-child,.panel>.table:last-child>tfoot:last-child>tr:last-child td:last-child,.panel>.table-responsive:last-child>.table:last-child>tfoot:last-child>tr:last-child td:last-child,.panel>.table:last-child>tbody:last-child>tr:last-child th:last-child,.panel>.table-responsive:last-child>.table:last-child>tbody:last-child>tr:last-child th:last-child,.panel>.table:last-child>tfoot:last-child>tr:last-child th:last-child,.panel>.table-responsive:last-child>.table:last-child>tfoot:last-child>tr:last-child th:last-child{border-bottom-right-radius:3px}.panel>.panel-body+.table,.panel>.panel-body+.table-responsive,.panel>.table+.panel-body,.panel>.table-responsive+.panel-body{border-top:1px solid #ddd}.panel>.table>tbody:first-child>tr:first-child th,.panel>.table>tbody:first-child>tr:first-child td{border-top:0}.panel>.table-bordered,.panel>.table-responsive>.table-bordered{border:0}.panel>.table-bordered>thead>tr>th:first-child,.panel>.table-responsive>.table-bordered>thead>tr>th:first-child,.panel>.table-bordered>tbody>tr>th:first-child,.panel>.table-responsive>.table-bordered>tbody>tr>th:first-child,.panel>.table-bordered>tfoot>tr>th:first-child,.panel>.table-responsive>.table-bordered>tfoot>tr>th:first-child,.panel>.table-bordered>thead>tr>td:first-child,.panel>.table-responsive>.table-bordered>thead>tr>td:first-child,.panel>.table-bordered>tbody>tr>td:first-child,.panel>.table-responsive>.table-bordered>tbody>tr>td:first-child,.panel>.table-bordered>tfoot>tr>td:first-child,.panel>.table-responsive>.table-bordered>tfoot>tr>td:first-child{border-left:0}.panel>.table-bordered>thead>tr>th:last-child,.panel>.table-responsive>.table-bordered>thead>tr>th:last-child,.panel>.table-bordered>tbody>tr>th:last-child,.panel>.table-responsive>.table-bordered>tbody>tr>th:last-child,.panel>.table-bordered>tfoot>tr>th:last-child,.panel>.table-responsive>.table-bordered>tfoot>tr>th:last-child,.panel>.table-bordered>thead>tr>td:last-child,.panel>.table-responsive>.table-bordered>thead>tr>td:last-child,.panel>.table-bordered>tbody>tr>td:last-child,.panel>.table-responsive>.table-bordered>tbody>tr>td:last-child,.panel>.table-bordered>tfoot>tr>td:last-child,.panel>.table-responsive>.table-bordered>tfoot>tr>td:last-child{border-right:0}.panel>.table-bordered>thead>tr:first-child>td,.panel>.table-responsive>.table-bordered>thead>tr:first-child>td,.panel>.table-bordered>tbody>tr:first-child>td,.panel>.table-responsive>.table-bordered>tbody>tr:first-child>td,.panel>.table-bordered>thead>tr:first-child>th,.panel>.table-responsive>.table-bordered>thead>tr:first-child>th,.panel>.table-bordered>tbody>tr:first-child>th,.panel>.table-responsive>.table-bordered>tbody>tr:first-child>th{border-bottom:0}.panel>.table-bordered>tbody>tr:last-child>td,.panel>.table-responsive>.table-bordered>tbody>tr:last-child>td,.panel>.table-bordered>tfoot>tr:last-child>td,.panel>.table-responsive>.table-bordered>tfoot>tr:last-child>td,.panel>.table-bordered>tbody>tr:last-child>th,.panel>.table-responsive>.table-bordered>tbody>tr:last-child>th,.panel>.table-bordered>tfoot>tr:last-child>th,.panel>.table-responsive>.table-bordered>tfoot>tr:last-child>th{border-bottom:0}.panel>.table-responsive{border:0;margin-bottom:0}.panel-group{margin-bottom:20px}.panel-group .panel{margin-bottom:0;border-radius:4px}.panel-group .panel+.panel{margin-top:5px}.panel-group .panel-heading{border-bottom:0}.panel-group .panel-heading+.panel-collapse>.panel-body,.panel-group .panel-heading+.panel-collapse>.list-group{border-top:1px solid #ddd}.panel-group .panel-footer{border-top:0}.panel-group .panel-footer+.panel-collapse .panel-body{border-bottom:1px solid #ddd}.panel-default{border-color:#ddd}.panel-default>.panel-heading{color:#333;background-color:#f5f5f5;border-color:#ddd}.panel-default>.panel-heading+.panel-collapse>.panel-body{border-top-color:#ddd}.panel-default>.panel-heading .badge{color:#f5f5f5;background-color:#333}.panel-default>.panel-footer+.panel-collapse>.panel-body{border-bottom-color:#ddd}.panel-primary{border-color:#428bca}.panel-primary>.panel-heading{color:#fff;background-color:#428bca;border-color:#428bca}.panel-primary>.panel-heading+.panel-collapse>.panel-body{border-top-color:#428bca}.panel-primary>.panel-heading .badge{color:#428bca;background-color:#fff}.panel-primary>.panel-footer+.panel-collapse>.panel-body{border-bottom-color:#428bca}.panel-success{border-color:#d6e9c6}.panel-success>.panel-heading{color:#3c763d;background-color:#dff0d8;border-color:#d6e9c6}.panel-success>.panel-heading+.panel-collapse>.panel-body{border-top-color:#d6e9c6}.panel-success>.panel-heading .badge{color:#dff0d8;background-color:#3c763d}.panel-success>.panel-footer+.panel-collapse>.panel-body{border-bottom-color:#d6e9c6}.panel-info{border-color:#bce8f1}.panel-info>.panel-heading{color:#31708f;background-color:#d9edf7;border-color:#bce8f1}.panel-info>.panel-heading+.panel-collapse>.panel-body{border-top-color:#bce8f1}.panel-info>.panel-heading .badge{color:#d9edf7;background-color:#31708f}.panel-info>.panel-footer+.panel-collapse>.panel-body{border-bottom-color:#bce8f1}.panel-warning{border-color:#faebcc}.panel-warning>.panel-heading{color:#8a6d3b;background-color:#fcf8e3;border-color:#faebcc}.panel-warning>.panel-heading+.panel-collapse>.panel-body{border-top-color:#faebcc}.panel-warning>.panel-heading .badge{color:#fcf8e3;background-color:#8a6d3b}.panel-warning>.panel-footer+.panel-collapse>.panel-body{border-bottom-color:#faebcc}.panel-danger{border-color:#ebccd1}.panel-danger>.panel-heading{color:#a94442;background-color:#f2dede;border-color:#ebccd1}.panel-danger>.panel-heading+.panel-collapse>.panel-body{border-top-color:#ebccd1}.panel-danger>.panel-heading .badge{color:#f2dede;background-color:#a94442}.panel-danger>.panel-footer+.panel-collapse>.panel-body{border-bottom-color:#ebccd1}.modal-open{overflow:hidden}.modal{display:none;overflow:hidden;position:fixed;top:0;right:0;bottom:0;left:0;z-index:1050;-webkit-overflow-scrolling:touch;outline:0}.modal.fade .modal-dialog{-webkit-transform:translate(0, -25%);-ms-transform:translate(0, -25%);-o-transform:translate(0, -25%);transform:translate(0, -25%);-webkit-transition:-webkit-transform 0.3s ease-out;-o-transition:-o-transform 0.3s ease-out;transition:transform 0.3s ease-out}.modal.in .modal-dialog{-webkit-transform:translate(0, 0);-ms-transform:translate(0, 0);-o-transform:translate(0, 0);transform:translate(0, 0)}.modal-open .modal{overflow-x:hidden;overflow-y:auto}.modal-dialog{position:relative;width:auto;margin:10px}.modal-content{position:relative;background-color:#fff;border:1px solid #999;border:1px solid rgba(0,0,0,0.2);border-radius:6px;-webkit-box-shadow:0 3px 9px rgba(0,0,0,0.5);box-shadow:0 3px 9px rgba(0,0,0,0.5);-webkit-background-clip:padding-box;background-clip:padding-box;outline:0}.modal-backdrop{position:fixed;top:0;right:0;bottom:0;left:0;z-index:1040;background-color:#000}.modal-backdrop.fade{opacity:0;filter:alpha(opacity=0)}.modal-backdrop.in{opacity:.5;filter:alpha(opacity=50)}.modal-header{padding:15px;border-bottom:1px solid #e5e5e5}.modal-header .close{margin-top:-2px}.modal-title{margin:0;line-height:1.42857143}.modal-body{position:relative;padding:15px}.modal-footer{padding:15px;text-align:right;border-top:1px solid #e5e5e5}.modal-footer .btn+.btn{margin-left:5px;margin-bottom:0}.modal-footer .btn-group .btn+.btn{margin-left:-1px}.modal-footer .btn-block+.btn-block{margin-left:0}.modal-scrollbar-measure{position:absolute;top:-9999px;width:50px;height:50px;overflow:scroll}@media (min-width:768px){.modal-dialog{width:600px;margin:30px auto}.modal-content{-webkit-box-shadow:0 5px 15px rgba(0,0,0,0.5);box-shadow:0 5px 15px rgba(0,0,0,0.5)}.modal-sm{width:300px}}@media (min-width:992px){.modal-lg{width:900px}}.clearfix:before,.clearfix:after,.dl-horizontal dd:before,.dl-horizontal dd:after,.container:before,.container:after,.container-fluid:before,.container-fluid:after,.row:before,.row:after,.form-horizontal .form-group:before,.form-horizontal .form-group:after,.btn-toolbar:before,.btn-toolbar:after,.btn-group-vertical>.btn-group:before,.btn-group-vertical>.btn-group:after,.nav:before,.nav:after,.navbar:before,.navbar:after,.navbar-header:before,.navbar-header:after,.navbar-collapse:before,.navbar-collapse:after,.panel-body:before,.panel-body:after,.modal-header:before,.modal-header:after,.modal-footer:before,.modal-footer:after{content:" ";display:table}.clearfix:after,.dl-horizontal dd:after,.container:after,.container-fluid:after,.row:after,.form-horizontal .form-group:after,.btn-toolbar:after,.btn-group-vertical>.btn-group:after,.nav:after,.navbar:after,.navbar-header:after,.navbar-collapse:after,.panel-body:after,.modal-header:after,.modal-footer:after{clear:both}.center-block{display:block;margin-left:auto;margin-right:auto}.pull-right{float:right !important}.pull-left{float:left !important}.hide{display:none !important}.show{display:block !important}.invisible{visibility:hidden}.text-hide{font:0/0 a;color:transparent;text-shadow:none;background-color:transparent;border:0}.hidden{display:none !important}.affix{position:fixed}@-ms-viewport{width:device-width}.visible-xs,.visible-sm,.visible-md,.visible-lg{display:none !important}.visible-xs-block,.visible-xs-inline,.visible-xs-inline-block,.visible-sm-block,.visible-sm-inline,.visible-sm-inline-block,.visible-md-block,.visible-md-inline,.visible-md-inline-block,.visible-lg-block,.visible-lg-inline,.visible-lg-inline-block{display:none !important}@media (max-width:767px){.visible-xs{display:block !important}table.visible-xs{display:table !important}tr.visible-xs{display:table-row !important}th.visible-xs,td.visible-xs{display:table-cell !important}}@media (max-width:767px){.visible-xs-block{display:block !important}}@media (max-width:767px){.visible-xs-inline{display:inline !important}}@media (max-width:767px){.visible-xs-inline-block{display:inline-block !important}}@media (min-width:768px) and (max-width:991px){.visible-sm{display:block !important}table.visible-sm{display:table !important}tr.visible-sm{display:table-row !important}th.visible-sm,td.visible-sm{display:table-cell !important}}@media (min-width:768px) and (max-width:991px){.visible-sm-block{display:block !important}}@media (min-width:768px) and (max-width:991px){.visible-sm-inline{display:inline !important}}@media (min-width:768px) and (max-width:991px){.visible-sm-inline-block{display:inline-block !important}}@media (min-width:992px) and (max-width:1199px){.visible-md{display:block !important}table.visible-md{display:table !important}tr.visible-md{display:table-row !important}th.visible-md,td.visible-md{display:table-cell !important}}@media (min-width:992px) and (max-width:1199px){.visible-md-block{display:block !important}}@media (min-width:992px) and (max-width:1199px){.visible-md-inline{display:inline !important}}@media (min-width:992px) and (max-width:1199px){.visible-md-inline-block{display:inline-block !important}}@media (min-width:1200px){.visible-lg{display:block !important}table.visible-lg{display:table !important}tr.visible-lg{display:table-row !important}th.visible-lg,td.visible-lg{display:table-cell !important}}@media (min-width:1200px){.visible-lg-block{display:block !important}}@media (min-width:1200px){.visible-lg-inline{display:inline !important}}@media (min-width:1200px){.visible-lg-inline-block{display:inline-block !important}}@media (max-width:767px){.hidden-xs{display:none !important}}@media (min-width:768px) and (max-width:991px){.hidden-sm{display:none !important}}@media (min-width:992px) and (max-width:1199px){.hidden-md{display:none !important}}@media (min-width:1200px){.hidden-lg{display:none !important}}.visible-print{display:none !important}@media print{.visible-print{display:block !important}table.visible-print{display:table !important}tr.visible-print{display:table-row !important}th.visible-print,td.visible-print{display:table-cell !important}}.visible-print-block{display:none !important}@media print{.visible-print-block{display:block !important}}.visible-print-inline{display:none !important}@media print{.visible-print-inline{display:inline !important}}.visible-print-inline-block{display:none !important}@media print{.visible-print-inline-block{display:inline-block !important}}@media print{.hidden-print{display:none !important}}
table.treetable span.indenter{display:inline-block;margin:0;padding:0;text-align:right;user-select:none;-khtml-user-select:none;-moz-user-select:none;-o-user-select:none;-webkit-user-select:none;-webkit-box-sizing:content-box;-moz-box-sizing:content-box;box-sizing:content-box;width:19px}table.treetable span.indenter a{background-position:left center;background-repeat:no-repeat;display:inline-block;text-decoration:none;width:19px}table.treetable tr.collapsed span.indenter a{background-image:url(data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAACXBIWXMAAAsTAAALEwEAmpwYAAAKT2lDQ1BQaG90b3Nob3AgSUNDIHByb2ZpbGUAAHjanVNnVFPpFj333vRCS4iAlEtvUhUIIFJCi4AUkSYqIQkQSoghodkVUcERRUUEG8igiAOOjoCMFVEsDIoK2AfkIaKOg6OIisr74Xuja9a89+bN/rXXPues852zzwfACAyWSDNRNYAMqUIeEeCDx8TG4eQuQIEKJHAAEAizZCFz/SMBAPh+PDwrIsAHvgABeNMLCADATZvAMByH/w/qQplcAYCEAcB0kThLCIAUAEB6jkKmAEBGAYCdmCZTAKAEAGDLY2LjAFAtAGAnf+bTAICd+Jl7AQBblCEVAaCRACATZYhEAGg7AKzPVopFAFgwABRmS8Q5ANgtADBJV2ZIALC3AMDOEAuyAAgMADBRiIUpAAR7AGDIIyN4AISZABRG8lc88SuuEOcqAAB4mbI8uSQ5RYFbCC1xB1dXLh4ozkkXKxQ2YQJhmkAuwnmZGTKBNA/g88wAAKCRFRHgg/P9eM4Ors7ONo62Dl8t6r8G/yJiYuP+5c+rcEAAAOF0ftH+LC+zGoA7BoBt/qIl7gRoXgugdfeLZrIPQLUAoOnaV/Nw+H48PEWhkLnZ2eXk5NhKxEJbYcpXff5nwl/AV/1s+X48/Pf14L7iJIEyXYFHBPjgwsz0TKUcz5IJhGLc5o9H/LcL//wd0yLESWK5WCoU41EScY5EmozzMqUiiUKSKcUl0v9k4t8s+wM+3zUAsGo+AXuRLahdYwP2SycQWHTA4vcAAPK7b8HUKAgDgGiD4c93/+8//UegJQCAZkmScQAAXkQkLlTKsz/HCAAARKCBKrBBG/TBGCzABhzBBdzBC/xgNoRCJMTCQhBCCmSAHHJgKayCQiiGzbAdKmAv1EAdNMBRaIaTcA4uwlW4Dj1wD/phCJ7BKLyBCQRByAgTYSHaiAFiilgjjggXmYX4IcFIBBKLJCDJiBRRIkuRNUgxUopUIFVIHfI9cgI5h1xGupE7yAAygvyGvEcxlIGyUT3UDLVDuag3GoRGogvQZHQxmo8WoJvQcrQaPYw2oefQq2gP2o8+Q8cwwOgYBzPEbDAuxsNCsTgsCZNjy7EirAyrxhqwVqwDu4n1Y8+xdwQSgUXACTYEd0IgYR5BSFhMWE7YSKggHCQ0EdoJNwkDhFHCJyKTqEu0JroR+cQYYjIxh1hILCPWEo8TLxB7iEPENyQSiUMyJ7mQAkmxpFTSEtJG0m5SI+ksqZs0SBojk8naZGuyBzmULCAryIXkneTD5DPkG+Qh8lsKnWJAcaT4U+IoUspqShnlEOU05QZlmDJBVaOaUt2ooVQRNY9aQq2htlKvUYeoEzR1mjnNgxZJS6WtopXTGmgXaPdpr+h0uhHdlR5Ol9BX0svpR+iX6AP0dwwNhhWDx4hnKBmbGAcYZxl3GK+YTKYZ04sZx1QwNzHrmOeZD5lvVVgqtip8FZHKCpVKlSaVGyovVKmqpqreqgtV81XLVI+pXlN9rkZVM1PjqQnUlqtVqp1Q61MbU2epO6iHqmeob1Q/pH5Z/YkGWcNMw09DpFGgsV/jvMYgC2MZs3gsIWsNq4Z1gTXEJrHN2Xx2KruY/R27iz2qqaE5QzNKM1ezUvOUZj8H45hx+Jx0TgnnKKeX836K3hTvKeIpG6Y0TLkxZVxrqpaXllirSKtRq0frvTau7aedpr1Fu1n7gQ5Bx0onXCdHZ4/OBZ3nU9lT3acKpxZNPTr1ri6qa6UbobtEd79up+6Ynr5egJ5Mb6feeb3n+hx9L/1U/W36p/VHDFgGswwkBtsMzhg8xTVxbzwdL8fb8VFDXcNAQ6VhlWGX4YSRudE8o9VGjUYPjGnGXOMk423GbcajJgYmISZLTepN7ppSTbmmKaY7TDtMx83MzaLN1pk1mz0x1zLnm+eb15vft2BaeFostqi2uGVJsuRaplnutrxuhVo5WaVYVVpds0atna0l1rutu6cRp7lOk06rntZnw7Dxtsm2qbcZsOXYBtuutm22fWFnYhdnt8Wuw+6TvZN9un2N/T0HDYfZDqsdWh1+c7RyFDpWOt6azpzuP33F9JbpL2dYzxDP2DPjthPLKcRpnVOb00dnF2e5c4PziIuJS4LLLpc+Lpsbxt3IveRKdPVxXeF60vWdm7Obwu2o26/uNu5p7ofcn8w0nymeWTNz0MPIQ+BR5dE/C5+VMGvfrH5PQ0+BZ7XnIy9jL5FXrdewt6V3qvdh7xc+9j5yn+M+4zw33jLeWV/MN8C3yLfLT8Nvnl+F30N/I/9k/3r/0QCngCUBZwOJgUGBWwL7+Hp8Ib+OPzrbZfay2e1BjKC5QRVBj4KtguXBrSFoyOyQrSH355jOkc5pDoVQfujW0Adh5mGLw34MJ4WHhVeGP45wiFga0TGXNXfR3ENz30T6RJZE3ptnMU85ry1KNSo+qi5qPNo3ujS6P8YuZlnM1VidWElsSxw5LiquNm5svt/87fOH4p3iC+N7F5gvyF1weaHOwvSFpxapLhIsOpZATIhOOJTwQRAqqBaMJfITdyWOCnnCHcJnIi/RNtGI2ENcKh5O8kgqTXqS7JG8NXkkxTOlLOW5hCepkLxMDUzdmzqeFpp2IG0yPTq9MYOSkZBxQqohTZO2Z+pn5mZ2y6xlhbL+xW6Lty8elQfJa7OQrAVZLQq2QqboVFoo1yoHsmdlV2a/zYnKOZarnivN7cyzytuQN5zvn//tEsIS4ZK2pYZLVy0dWOa9rGo5sjxxedsK4xUFK4ZWBqw8uIq2Km3VT6vtV5eufr0mek1rgV7ByoLBtQFr6wtVCuWFfevc1+1dT1gvWd+1YfqGnRs+FYmKrhTbF5cVf9go3HjlG4dvyr+Z3JS0qavEuWTPZtJm6ebeLZ5bDpaql+aXDm4N2dq0Dd9WtO319kXbL5fNKNu7g7ZDuaO/PLi8ZafJzs07P1SkVPRU+lQ27tLdtWHX+G7R7ht7vPY07NXbW7z3/T7JvttVAVVN1WbVZftJ+7P3P66Jqun4lvttXa1ObXHtxwPSA/0HIw6217nU1R3SPVRSj9Yr60cOxx++/p3vdy0NNg1VjZzG4iNwRHnk6fcJ3/ceDTradox7rOEH0x92HWcdL2pCmvKaRptTmvtbYlu6T8w+0dbq3nr8R9sfD5w0PFl5SvNUyWna6YLTk2fyz4ydlZ19fi753GDborZ752PO32oPb++6EHTh0kX/i+c7vDvOXPK4dPKy2+UTV7hXmq86X23qdOo8/pPTT8e7nLuarrlca7nuer21e2b36RueN87d9L158Rb/1tWeOT3dvfN6b/fF9/XfFt1+cif9zsu72Xcn7q28T7xf9EDtQdlD3YfVP1v+3Njv3H9qwHeg89HcR/cGhYPP/pH1jw9DBY+Zj8uGDYbrnjg+OTniP3L96fynQ89kzyaeF/6i/suuFxYvfvjV69fO0ZjRoZfyl5O/bXyl/erA6xmv28bCxh6+yXgzMV70VvvtwXfcdx3vo98PT+R8IH8o/2j5sfVT0Kf7kxmTk/8EA5jz/GMzLdsAAAAgY0hSTQAAeiUAAICDAAD5/wAAgOkAAHUwAADqYAAAOpgAABdvkl/FRgAAAHlJREFUeNrcU1sNgDAQ6wgmcAM2MICGGlg1gJnNzWQcvwQGy1j4oUl/7tH0mpwzM7SgQyO+EZAUWh2MkkzSWhJwuRAlHYsJwEwyvs1gABDuzqoJcTw5qxaIJN0bgQRgIjnlmn1heSO5PE6Y2YXe+5Cr5+h++gs12AcAS6FS+7YOsj4AAAAASUVORK5CYII=)}table.treetable tr.expanded span.indenter a{background-image:url(data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAACXBIWXMAAAsTAAALEwEAmpwYAAAKT2lDQ1BQaG90b3Nob3AgSUNDIHByb2ZpbGUAAHjanVNnVFPpFj333vRCS4iAlEtvUhUIIFJCi4AUkSYqIQkQSoghodkVUcERRUUEG8igiAOOjoCMFVEsDIoK2AfkIaKOg6OIisr74Xuja9a89+bN/rXXPues852zzwfACAyWSDNRNYAMqUIeEeCDx8TG4eQuQIEKJHAAEAizZCFz/SMBAPh+PDwrIsAHvgABeNMLCADATZvAMByH/w/qQplcAYCEAcB0kThLCIAUAEB6jkKmAEBGAYCdmCZTAKAEAGDLY2LjAFAtAGAnf+bTAICd+Jl7AQBblCEVAaCRACATZYhEAGg7AKzPVopFAFgwABRmS8Q5ANgtADBJV2ZIALC3AMDOEAuyAAgMADBRiIUpAAR7AGDIIyN4AISZABRG8lc88SuuEOcqAAB4mbI8uSQ5RYFbCC1xB1dXLh4ozkkXKxQ2YQJhmkAuwnmZGTKBNA/g88wAAKCRFRHgg/P9eM4Ors7ONo62Dl8t6r8G/yJiYuP+5c+rcEAAAOF0ftH+LC+zGoA7BoBt/qIl7gRoXgugdfeLZrIPQLUAoOnaV/Nw+H48PEWhkLnZ2eXk5NhKxEJbYcpXff5nwl/AV/1s+X48/Pf14L7iJIEyXYFHBPjgwsz0TKUcz5IJhGLc5o9H/LcL//wd0yLESWK5WCoU41EScY5EmozzMqUiiUKSKcUl0v9k4t8s+wM+3zUAsGo+AXuRLahdYwP2SycQWHTA4vcAAPK7b8HUKAgDgGiD4c93/+8//UegJQCAZkmScQAAXkQkLlTKsz/HCAAARKCBKrBBG/TBGCzABhzBBdzBC/xgNoRCJMTCQhBCCmSAHHJgKayCQiiGzbAdKmAv1EAdNMBRaIaTcA4uwlW4Dj1wD/phCJ7BKLyBCQRByAgTYSHaiAFiilgjjggXmYX4IcFIBBKLJCDJiBRRIkuRNUgxUopUIFVIHfI9cgI5h1xGupE7yAAygvyGvEcxlIGyUT3UDLVDuag3GoRGogvQZHQxmo8WoJvQcrQaPYw2oefQq2gP2o8+Q8cwwOgYBzPEbDAuxsNCsTgsCZNjy7EirAyrxhqwVqwDu4n1Y8+xdwQSgUXACTYEd0IgYR5BSFhMWE7YSKggHCQ0EdoJNwkDhFHCJyKTqEu0JroR+cQYYjIxh1hILCPWEo8TLxB7iEPENyQSiUMyJ7mQAkmxpFTSEtJG0m5SI+ksqZs0SBojk8naZGuyBzmULCAryIXkneTD5DPkG+Qh8lsKnWJAcaT4U+IoUspqShnlEOU05QZlmDJBVaOaUt2ooVQRNY9aQq2htlKvUYeoEzR1mjnNgxZJS6WtopXTGmgXaPdpr+h0uhHdlR5Ol9BX0svpR+iX6AP0dwwNhhWDx4hnKBmbGAcYZxl3GK+YTKYZ04sZx1QwNzHrmOeZD5lvVVgqtip8FZHKCpVKlSaVGyovVKmqpqreqgtV81XLVI+pXlN9rkZVM1PjqQnUlqtVqp1Q61MbU2epO6iHqmeob1Q/pH5Z/YkGWcNMw09DpFGgsV/jvMYgC2MZs3gsIWsNq4Z1gTXEJrHN2Xx2KruY/R27iz2qqaE5QzNKM1ezUvOUZj8H45hx+Jx0TgnnKKeX836K3hTvKeIpG6Y0TLkxZVxrqpaXllirSKtRq0frvTau7aedpr1Fu1n7gQ5Bx0onXCdHZ4/OBZ3nU9lT3acKpxZNPTr1ri6qa6UbobtEd79up+6Ynr5egJ5Mb6feeb3n+hx9L/1U/W36p/VHDFgGswwkBtsMzhg8xTVxbzwdL8fb8VFDXcNAQ6VhlWGX4YSRudE8o9VGjUYPjGnGXOMk423GbcajJgYmISZLTepN7ppSTbmmKaY7TDtMx83MzaLN1pk1mz0x1zLnm+eb15vft2BaeFostqi2uGVJsuRaplnutrxuhVo5WaVYVVpds0atna0l1rutu6cRp7lOk06rntZnw7Dxtsm2qbcZsOXYBtuutm22fWFnYhdnt8Wuw+6TvZN9un2N/T0HDYfZDqsdWh1+c7RyFDpWOt6azpzuP33F9JbpL2dYzxDP2DPjthPLKcRpnVOb00dnF2e5c4PziIuJS4LLLpc+Lpsbxt3IveRKdPVxXeF60vWdm7Obwu2o26/uNu5p7ofcn8w0nymeWTNz0MPIQ+BR5dE/C5+VMGvfrH5PQ0+BZ7XnIy9jL5FXrdewt6V3qvdh7xc+9j5yn+M+4zw33jLeWV/MN8C3yLfLT8Nvnl+F30N/I/9k/3r/0QCngCUBZwOJgUGBWwL7+Hp8Ib+OPzrbZfay2e1BjKC5QRVBj4KtguXBrSFoyOyQrSH355jOkc5pDoVQfujW0Adh5mGLw34MJ4WHhVeGP45wiFga0TGXNXfR3ENz30T6RJZE3ptnMU85ry1KNSo+qi5qPNo3ujS6P8YuZlnM1VidWElsSxw5LiquNm5svt/87fOH4p3iC+N7F5gvyF1weaHOwvSFpxapLhIsOpZATIhOOJTwQRAqqBaMJfITdyWOCnnCHcJnIi/RNtGI2ENcKh5O8kgqTXqS7JG8NXkkxTOlLOW5hCepkLxMDUzdmzqeFpp2IG0yPTq9MYOSkZBxQqohTZO2Z+pn5mZ2y6xlhbL+xW6Lty8elQfJa7OQrAVZLQq2QqboVFoo1yoHsmdlV2a/zYnKOZarnivN7cyzytuQN5zvn//tEsIS4ZK2pYZLVy0dWOa9rGo5sjxxedsK4xUFK4ZWBqw8uIq2Km3VT6vtV5eufr0mek1rgV7ByoLBtQFr6wtVCuWFfevc1+1dT1gvWd+1YfqGnRs+FYmKrhTbF5cVf9go3HjlG4dvyr+Z3JS0qavEuWTPZtJm6ebeLZ5bDpaql+aXDm4N2dq0Dd9WtO319kXbL5fNKNu7g7ZDuaO/PLi8ZafJzs07P1SkVPRU+lQ27tLdtWHX+G7R7ht7vPY07NXbW7z3/T7JvttVAVVN1WbVZftJ+7P3P66Jqun4lvttXa1ObXHtxwPSA/0HIw6217nU1R3SPVRSj9Yr60cOxx++/p3vdy0NNg1VjZzG4iNwRHnk6fcJ3/ceDTradox7rOEH0x92HWcdL2pCmvKaRptTmvtbYlu6T8w+0dbq3nr8R9sfD5w0PFl5SvNUyWna6YLTk2fyz4ydlZ19fi753GDborZ752PO32oPb++6EHTh0kX/i+c7vDvOXPK4dPKy2+UTV7hXmq86X23qdOo8/pPTT8e7nLuarrlca7nuer21e2b36RueN87d9L158Rb/1tWeOT3dvfN6b/fF9/XfFt1+cif9zsu72Xcn7q28T7xf9EDtQdlD3YfVP1v+3Njv3H9qwHeg89HcR/cGhYPP/pH1jw9DBY+Zj8uGDYbrnjg+OTniP3L96fynQ89kzyaeF/6i/suuFxYvfvjV69fO0ZjRoZfyl5O/bXyl/erA6xmv28bCxh6+yXgzMV70VvvtwXfcdx3vo98PT+R8IH8o/2j5sfVT0Kf7kxmTk/8EA5jz/GMzLdsAAAAgY0hSTQAAeiUAAICDAAD5/wAAgOkAAHUwAADqYAAAOpgAABdvkl/FRgAAAHFJREFUeNpi/P//PwMlgImBQsA44C6gvhfa29v3MzAwOODRc6CystIRbxi0t7fjDJjKykpGYrwwi1hxnLHQ3t7+jIGBQRJJ6HllZaUUKYEYRYBPOB0gBShKwKGA////48VtbW3/8clTnBIH3gCKkzJgAGvBX0dDm0sCAAAAAElFTkSuQmCC)}table.treetable tr.branch{background-color:#f9f9f9}table.treetable tr.selected{background-color:#3875d7;color:#fff}table.treetable tr span.indenter a{outline:0}tr.rule-overview-needs-attention td a{color:#d9534f}td.rule-result div,span.rule-result{text-align:center;font-weight:bold;color:#fff;background:gray}td.rule-result-fail div,span.rule-result-fail{background:#d9534f}td.rule-result-error div,span.rule-result-error{background:#d9534f}td.rule-result-unknown div,span.rule-result-unknown{background:#f0ad4e}td.rule-result-pass div,span.rule-result-pass{background:#5cb85c}td.rule-result-fixed div,span.rule-result-fixed{background:#5cb85c}.js-only{display:none}.rule-result-filtered,.rule-result-filtered>*{display:none !important}.search-no-match,.search-no-match>*{display:none !important}.rule-detail-fail,.rule-detail-error,.rule-detail-unknown{border:2px solid #d9534f}#footer{text-align:center;margin-top:50px}pre{overflow:auto !important;word-wrap:normal !important;white-space:pre-wrap}div.check-system-details,div.remediation,div.description{width:0;min-width:100%;overflow-x:auto}div.profile-description{white-space:pre-wrap}div.modal-body{margin:50px;padding:0}div.horizontal-scroll{overflow-x:auto}div.top-spacer-10{margin-top:10px}@media print{.noprint{display:none}.label{border:0;padding:0}.container{width:100%}abbr[title]{border:0;text-decoration:none}div.progress{overflow:visible;height:auto}div.progress-bar{width:auto;float:none;width:auto !important;text-align:left}div.panel-body{padding:4px}}</style><script>
/*! jQuery v1.12.4 | (c) jQuery Foundation | jquery.org/license */
!function(a,b){"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a window with a document");return b(a)}:b(a)}("undefined"!=typeof window?window:this,function(a,b){var c=[],d=a.document,e=c.slice,f=c.concat,g=c.push,h=c.indexOf,i={},j=i.toString,k=i.hasOwnProperty,l={},m="1.12.4",n=function(a,b){return new n.fn.init(a,b)},o=/^[\s\uFEFF\xA0]+|[\s\uFEFF\xA0]+$/g,p=/^-ms-/,q=/-([\da-z])/gi,r=function(a,b){return b.toUpperCase()};n.fn=n.prototype={jquery:m,constructor:n,selector:"",length:0,toArray:function(){return e.call(this)},get:function(a){return null!=a?0>a?this[a+this.length]:this[a]:e.call(this)},pushStack:function(a){var b=n.merge(this.constructor(),a);return b.prevObject=this,b.context=this.context,b},each:function(a){return n.each(this,a)},map:function(a){return this.pushStack(n.map(this,function(b,c){return a.call(b,c,b)}))},slice:function(){return this.pushStack(e.apply(this,arguments))},first:function(){return this.eq(0)},last:function(){return this.eq(-1)},eq:function(a){var b=this.length,c=+a+(0>a?b:0);return this.pushStack(c>=0&&b>c?[this[c]]:[])},end:function(){return this.prevObject||this.constructor()},push:g,sort:c.sort,splice:c.splice},n.extend=n.fn.extend=function(){var a,b,c,d,e,f,g=arguments[0]||{},h=1,i=arguments.length,j=!1;for("boolean"==typeof g&&(j=g,g=arguments[h]||{},h++),"object"==typeof g||n.isFunction(g)||(g={}),h===i&&(g=this,h--);i>h;h++)if(null!=(e=arguments[h]))for(d in e)a=g[d],c=e[d],g!==c&&(j&&c&&(n.isPlainObject(c)||(b=n.isArray(c)))?(b?(b=!1,f=a&&n.isArray(a)?a:[]):f=a&&n.isPlainObject(a)?a:{},g[d]=n.extend(j,f,c)):void 0!==c&&(g[d]=c));return g},n.extend({expando:"jQuery"+(m+Math.random()).replace(/\D/g,""),isReady:!0,error:function(a){throw new Error(a)},noop:function(){},isFunction:function(a){return"function"===n.type(a)},isArray:Array.isArray||function(a){return"array"===n.type(a)},isWindow:function(a){return null!=a&&a==a.window},isNumeric:function(a){var b=a&&a.toString();return!n.isArray(a)&&b-parseFloat(b)+1>=0},isEmptyObject:function(a){var b;for(b in a)return!1;return!0},isPlainObject:function(a){var b;if(!a||"object"!==n.type(a)||a.nodeType||n.isWindow(a))return!1;try{if(a.constructor&&!k.call(a,"constructor")&&!k.call(a.constructor.prototype,"isPrototypeOf"))return!1}catch(c){return!1}if(!l.ownFirst)for(b in a)return k.call(a,b);for(b in a);return void 0===b||k.call(a,b)},type:function(a){return null==a?a+"":"object"==typeof a||"function"==typeof a?i[j.call(a)]||"object":typeof a},globalEval:function(b){b&&n.trim(b)&&(a.execScript||function(b){a.eval.call(a,b)})(b)},camelCase:function(a){return a.replace(p,"ms-").replace(q,r)},nodeName:function(a,b){return a.nodeName&&a.nodeName.toLowerCase()===b.toLowerCase()},each:function(a,b){var c,d=0;if(s(a)){for(c=a.length;c>d;d++)if(b.call(a[d],d,a[d])===!1)break}else for(d in a)if(b.call(a[d],d,a[d])===!1)break;return a},trim:function(a){return null==a?"":(a+"").replace(o,"")},makeArray:function(a,b){var c=b||[];return null!=a&&(s(Object(a))?n.merge(c,"string"==typeof a?[a]:a):g.call(c,a)),c},inArray:function(a,b,c){var d;if(b){if(h)return h.call(b,a,c);for(d=b.length,c=c?0>c?Math.max(0,d+c):c:0;d>c;c++)if(c in b&&b[c]===a)return c}return-1},merge:function(a,b){var c=+b.length,d=0,e=a.length;while(c>d)a[e++]=b[d++];if(c!==c)while(void 0!==b[d])a[e++]=b[d++];return a.length=e,a},grep:function(a,b,c){for(var d,e=[],f=0,g=a.length,h=!c;g>f;f++)d=!b(a[f],f),d!==h&&e.push(a[f]);return e},map:function(a,b,c){var d,e,g=0,h=[];if(s(a))for(d=a.length;d>g;g++)e=b(a[g],g,c),null!=e&&h.push(e);else for(g in a)e=b(a[g],g,c),null!=e&&h.push(e);return f.apply([],h)},guid:1,proxy:function(a,b){var c,d,f;return"string"==typeof b&&(f=a[b],b=a,a=f),n.isFunction(a)?(c=e.call(arguments,2),d=function(){return a.apply(b||this,c.concat(e.call(arguments)))},d.guid=a.guid=a.guid||n.guid++,d):void 0},now:function(){return+new Date},support:l}),"function"==typeof Symbol&&(n.fn[Symbol.iterator]=c[Symbol.iterator]),n.each("Boolean Number String Function Array Date RegExp Object Error Symbol".split(" "),function(a,b){i["[object "+b+"]"]=b.toLowerCase()});function s(a){var b=!!a&&"length"in a&&a.length,c=n.type(a);return"function"===c||n.isWindow(a)?!1:"array"===c||0===b||"number"==typeof b&&b>0&&b-1 in a}var t=function(a){var b,c,d,e,f,g,h,i,j,k,l,m,n,o,p,q,r,s,t,u="sizzle"+1*new Date,v=a.document,w=0,x=0,y=ga(),z=ga(),A=ga(),B=function(a,b){return a===b&&(l=!0),0},C=1<<31,D={}.hasOwnProperty,E=[],F=E.pop,G=E.push,H=E.push,I=E.slice,J=function(a,b){for(var c=0,d=a.length;d>c;c++)if(a[c]===b)return c;return-1},K="checked|selected|async|autofocus|autoplay|controls|defer|disabled|hidden|ismap|loop|multiple|open|readonly|required|scoped",L="[\\x20\\t\\r\\n\\f]",M="(?:\\\\.|[\\w-]|[^\\x00-\\xa0])+",N="\\["+L+"*("+M+")(?:"+L+"*([*^$|!~]?=)"+L+"*(?:'((?:\\\\.|[^\\\\'])*)'|\"((?:\\\\.|[^\\\\\"])*)\"|("+M+"))|)"+L+"*\\]",O=":("+M+")(?:\\((('((?:\\\\.|[^\\\\'])*)'|\"((?:\\\\.|[^\\\\\"])*)\")|((?:\\\\.|[^\\\\()[\\]]|"+N+")*)|.*)\\)|)",P=new RegExp(L+"+","g"),Q=new RegExp("^"+L+"+|((?:^|[^\\\\])(?:\\\\.)*)"+L+"+$","g"),R=new RegExp("^"+L+"*,"+L+"*"),S=new RegExp("^"+L+"*([>+~]|"+L+")"+L+"*"),T=new RegExp("="+L+"*([^\\]'\"]*?)"+L+"*\\]","g"),U=new RegExp(O),V=new RegExp("^"+M+"$"),W={ID:new RegExp("^#("+M+")"),CLASS:new RegExp("^\\.("+M+")"),TAG:new RegExp("^("+M+"|[*])"),ATTR:new RegExp("^"+N),PSEUDO:new RegExp("^"+O),CHILD:new RegExp("^:(only|first|last|nth|nth-last)-(child|of-type)(?:\\("+L+"*(even|odd|(([+-]|)(\\d*)n|)"+L+"*(?:([+-]|)"+L+"*(\\d+)|))"+L+"*\\)|)","i"),bool:new RegExp("^(?:"+K+")$","i"),needsContext:new RegExp("^"+L+"*[>+~]|:(even|odd|eq|gt|lt|nth|first|last)(?:\\("+L+"*((?:-\\d)?\\d*)"+L+"*\\)|)(?=[^-]|$)","i")},X=/^(?:input|select|textarea|button)$/i,Y=/^h\d$/i,Z=/^[^{]+\{\s*\[native \w/,$=/^(?:#([\w-]+)|(\w+)|\.([\w-]+))$/,_=/[+~]/,aa=/'|\\/g,ba=new RegExp("\\\\([\\da-f]{1,6}"+L+"?|("+L+")|.)","ig"),ca=function(a,b,c){var d="0x"+b-65536;return d!==d||c?b:0>d?String.fromCharCode(d+65536):String.fromCharCode(d>>10|55296,1023&d|56320)},da=function(){m()};try{H.apply(E=I.call(v.childNodes),v.childNodes),E[v.childNodes.length].nodeType}catch(ea){H={apply:E.length?function(a,b){G.apply(a,I.call(b))}:function(a,b){var c=a.length,d=0;while(a[c++]=b[d++]);a.length=c-1}}}function fa(a,b,d,e){var f,h,j,k,l,o,r,s,w=b&&b.ownerDocument,x=b?b.nodeType:9;if(d=d||[],"string"!=typeof a||!a||1!==x&&9!==x&&11!==x)return d;if(!e&&((b?b.ownerDocument||b:v)!==n&&m(b),b=b||n,p)){if(11!==x&&(o=$.exec(a)))if(f=o[1]){if(9===x){if(!(j=b.getElementById(f)))return d;if(j.id===f)return d.push(j),d}else if(w&&(j=w.getElementById(f))&&t(b,j)&&j.id===f)return d.push(j),d}else{if(o[2])return H.apply(d,b.getElementsByTagName(a)),d;if((f=o[3])&&c.getElementsByClassName&&b.getElementsByClassName)return H.apply(d,b.getElementsByClassName(f)),d}if(c.qsa&&!A[a+" "]&&(!q||!q.test(a))){if(1!==x)w=b,s=a;else if("object"!==b.nodeName.toLowerCase()){(k=b.getAttribute("id"))?k=k.replace(aa,"\\$&"):b.setAttribute("id",k=u),r=g(a),h=r.length,l=V.test(k)?"#"+k:"[id='"+k+"']";while(h--)r[h]=l+" "+qa(r[h]);s=r.join(","),w=_.test(a)&&oa(b.parentNode)||b}if(s)try{return H.apply(d,w.querySelectorAll(s)),d}catch(y){}finally{k===u&&b.removeAttribute("id")}}}return i(a.replace(Q,"$1"),b,d,e)}function ga(){var a=[];function b(c,e){return a.push(c+" ")>d.cacheLength&&delete b[a.shift()],b[c+" "]=e}return b}function ha(a){return a[u]=!0,a}function ia(a){var b=n.createElement("div");try{return!!a(b)}catch(c){return!1}finally{b.parentNode&&b.parentNode.removeChild(b),b=null}}function ja(a,b){var c=a.split("|"),e=c.length;while(e--)d.attrHandle[c[e]]=b}function ka(a,b){var c=b&&a,d=c&&1===a.nodeType&&1===b.nodeType&&(~b.sourceIndex||C)-(~a.sourceIndex||C);if(d)return d;if(c)while(c=c.nextSibling)if(c===b)return-1;return a?1:-1}function la(a){return function(b){var c=b.nodeName.toLowerCase();return"input"===c&&b.type===a}}function ma(a){return function(b){var c=b.nodeName.toLowerCase();return("input"===c||"button"===c)&&b.type===a}}function na(a){return ha(function(b){return b=+b,ha(function(c,d){var e,f=a([],c.length,b),g=f.length;while(g--)c[e=f[g]]&&(c[e]=!(d[e]=c[e]))})})}function oa(a){return a&&"undefined"!=typeof a.getElementsByTagName&&a}c=fa.support={},f=fa.isXML=function(a){var b=a&&(a.ownerDocument||a).documentElement;return b?"HTML"!==b.nodeName:!1},m=fa.setDocument=function(a){var b,e,g=a?a.ownerDocument||a:v;return g!==n&&9===g.nodeType&&g.documentElement?(n=g,o=n.documentElement,p=!f(n),(e=n.defaultView)&&e.top!==e&&(e.addEventListener?e.addEventListener("unload",da,!1):e.attachEvent&&e.attachEvent("onunload",da)),c.attributes=ia(function(a){return a.className="i",!a.getAttribute("className")}),c.getElementsByTagName=ia(function(a){return a.appendChild(n.createComment("")),!a.getElementsByTagName("*").length}),c.getElementsByClassName=Z.test(n.getElementsByClassName),c.getById=ia(function(a){return o.appendChild(a).id=u,!n.getElementsByName||!n.getElementsByName(u).length}),c.getById?(d.find.ID=function(a,b){if("undefined"!=typeof b.getElementById&&p){var c=b.getElementById(a);return c?[c]:[]}},d.filter.ID=function(a){var b=a.replace(ba,ca);return function(a){return a.getAttribute("id")===b}}):(delete d.find.ID,d.filter.ID=function(a){var b=a.replace(ba,ca);return function(a){var c="undefined"!=typeof a.getAttributeNode&&a.getAttributeNode("id");return c&&c.value===b}}),d.find.TAG=c.getElementsByTagName?function(a,b){return"undefined"!=typeof b.getElementsByTagName?b.getElementsByTagName(a):c.qsa?b.querySelectorAll(a):void 0}:function(a,b){var c,d=[],e=0,f=b.getElementsByTagName(a);if("*"===a){while(c=f[e++])1===c.nodeType&&d.push(c);return d}return f},d.find.CLASS=c.getElementsByClassName&&function(a,b){return"undefined"!=typeof b.getElementsByClassName&&p?b.getElementsByClassName(a):void 0},r=[],q=[],(c.qsa=Z.test(n.querySelectorAll))&&(ia(function(a){o.appendChild(a).innerHTML="<a id='"+u+"'></a><select id='"+u+"-\r\\' msallowcapture=''><option selected=''></option></select>",a.querySelectorAll("[msallowcapture^='']").length&&q.push("[*^$]="+L+"*(?:''|\"\")"),a.querySelectorAll("[selected]").length||q.push("\\["+L+"*(?:value|"+K+")"),a.querySelectorAll("[id~="+u+"-]").length||q.push("~="),a.querySelectorAll(":checked").length||q.push(":checked"),a.querySelectorAll("a#"+u+"+*").length||q.push(".#.+[+~]")}),ia(function(a){var b=n.createElement("input");b.setAttribute("type","hidden"),a.appendChild(b).setAttribute("name","D"),a.querySelectorAll("[name=d]").length&&q.push("name"+L+"*[*^$|!~]?="),a.querySelectorAll(":enabled").length||q.push(":enabled",":disabled"),a.querySelectorAll("*,:x"),q.push(",.*:")})),(c.matchesSelector=Z.test(s=o.matches||o.webkitMatchesSelector||o.mozMatchesSelector||o.oMatchesSelector||o.msMatchesSelector))&&ia(function(a){c.disconnectedMatch=s.call(a,"div"),s.call(a,"[s!='']:x"),r.push("!=",O)}),q=q.length&&new RegExp(q.join("|")),r=r.length&&new RegExp(r.join("|")),b=Z.test(o.compareDocumentPosition),t=b||Z.test(o.contains)?function(a,b){var c=9===a.nodeType?a.documentElement:a,d=b&&b.parentNode;return a===d||!(!d||1!==d.nodeType||!(c.contains?c.contains(d):a.compareDocumentPosition&&16&a.compareDocumentPosition(d)))}:function(a,b){if(b)while(b=b.parentNode)if(b===a)return!0;return!1},B=b?function(a,b){if(a===b)return l=!0,0;var d=!a.compareDocumentPosition-!b.compareDocumentPosition;return d?d:(d=(a.ownerDocument||a)===(b.ownerDocument||b)?a.compareDocumentPosition(b):1,1&d||!c.sortDetached&&b.compareDocumentPosition(a)===d?a===n||a.ownerDocument===v&&t(v,a)?-1:b===n||b.ownerDocument===v&&t(v,b)?1:k?J(k,a)-J(k,b):0:4&d?-1:1)}:function(a,b){if(a===b)return l=!0,0;var c,d=0,e=a.parentNode,f=b.parentNode,g=[a],h=[b];if(!e||!f)return a===n?-1:b===n?1:e?-1:f?1:k?J(k,a)-J(k,b):0;if(e===f)return ka(a,b);c=a;while(c=c.parentNode)g.unshift(c);c=b;while(c=c.parentNode)h.unshift(c);while(g[d]===h[d])d++;return d?ka(g[d],h[d]):g[d]===v?-1:h[d]===v?1:0},n):n},fa.matches=function(a,b){return fa(a,null,null,b)},fa.matchesSelector=function(a,b){if((a.ownerDocument||a)!==n&&m(a),b=b.replace(T,"='$1']"),c.matchesSelector&&p&&!A[b+" "]&&(!r||!r.test(b))&&(!q||!q.test(b)))try{var d=s.call(a,b);if(d||c.disconnectedMatch||a.document&&11!==a.document.nodeType)return d}catch(e){}return fa(b,n,null,[a]).length>0},fa.contains=function(a,b){return(a.ownerDocument||a)!==n&&m(a),t(a,b)},fa.attr=function(a,b){(a.ownerDocument||a)!==n&&m(a);var e=d.attrHandle[b.toLowerCase()],f=e&&D.call(d.attrHandle,b.toLowerCase())?e(a,b,!p):void 0;return void 0!==f?f:c.attributes||!p?a.getAttribute(b):(f=a.getAttributeNode(b))&&f.specified?f.value:null},fa.error=function(a){throw new Error("Syntax error, unrecognized expression: "+a)},fa.uniqueSort=function(a){var b,d=[],e=0,f=0;if(l=!c.detectDuplicates,k=!c.sortStable&&a.slice(0),a.sort(B),l){while(b=a[f++])b===a[f]&&(e=d.push(f));while(e--)a.splice(d[e],1)}return k=null,a},e=fa.getText=function(a){var b,c="",d=0,f=a.nodeType;if(f){if(1===f||9===f||11===f){if("string"==typeof a.textContent)return a.textContent;for(a=a.firstChild;a;a=a.nextSibling)c+=e(a)}else if(3===f||4===f)return a.nodeValue}else while(b=a[d++])c+=e(b);return c},d=fa.selectors={cacheLength:50,createPseudo:ha,match:W,attrHandle:{},find:{},relative:{">":{dir:"parentNode",first:!0}," ":{dir:"parentNode"},"+":{dir:"previousSibling",first:!0},"~":{dir:"previousSibling"}},preFilter:{ATTR:function(a){return a[1]=a[1].replace(ba,ca),a[3]=(a[3]||a[4]||a[5]||"").replace(ba,ca),"~="===a[2]&&(a[3]=" "+a[3]+" "),a.slice(0,4)},CHILD:function(a){return a[1]=a[1].toLowerCase(),"nth"===a[1].slice(0,3)?(a[3]||fa.error(a[0]),a[4]=+(a[4]?a[5]+(a[6]||1):2*("even"===a[3]||"odd"===a[3])),a[5]=+(a[7]+a[8]||"odd"===a[3])):a[3]&&fa.error(a[0]),a},PSEUDO:function(a){var b,c=!a[6]&&a[2];return W.CHILD.test(a[0])?null:(a[3]?a[2]=a[4]||a[5]||"":c&&U.test(c)&&(b=g(c,!0))&&(b=c.indexOf(")",c.length-b)-c.length)&&(a[0]=a[0].slice(0,b),a[2]=c.slice(0,b)),a.slice(0,3))}},filter:{TAG:function(a){var b=a.replace(ba,ca).toLowerCase();return"*"===a?function(){return!0}:function(a){return a.nodeName&&a.nodeName.toLowerCase()===b}},CLASS:function(a){var b=y[a+" "];return b||(b=new RegExp("(^|"+L+")"+a+"("+L+"|$)"))&&y(a,function(a){return b.test("string"==typeof a.className&&a.className||"undefined"!=typeof a.getAttribute&&a.getAttribute("class")||"")})},ATTR:function(a,b,c){return function(d){var e=fa.attr(d,a);return null==e?"!="===b:b?(e+="","="===b?e===c:"!="===b?e!==c:"^="===b?c&&0===e.indexOf(c):"*="===b?c&&e.indexOf(c)>-1:"$="===b?c&&e.slice(-c.length)===c:"~="===b?(" "+e.replace(P," ")+" ").indexOf(c)>-1:"|="===b?e===c||e.slice(0,c.length+1)===c+"-":!1):!0}},CHILD:function(a,b,c,d,e){var f="nth"!==a.slice(0,3),g="last"!==a.slice(-4),h="of-type"===b;return 1===d&&0===e?function(a){return!!a.parentNode}:function(b,c,i){var j,k,l,m,n,o,p=f!==g?"nextSibling":"previousSibling",q=b.parentNode,r=h&&b.nodeName.toLowerCase(),s=!i&&!h,t=!1;if(q){if(f){while(p){m=b;while(m=m[p])if(h?m.nodeName.toLowerCase()===r:1===m.nodeType)return!1;o=p="only"===a&&!o&&"nextSibling"}return!0}if(o=[g?q.firstChild:q.lastChild],g&&s){m=q,l=m[u]||(m[u]={}),k=l[m.uniqueID]||(l[m.uniqueID]={}),j=k[a]||[],n=j[0]===w&&j[1],t=n&&j[2],m=n&&q.childNodes[n];while(m=++n&&m&&m[p]||(t=n=0)||o.pop())if(1===m.nodeType&&++t&&m===b){k[a]=[w,n,t];break}}else if(s&&(m=b,l=m[u]||(m[u]={}),k=l[m.uniqueID]||(l[m.uniqueID]={}),j=k[a]||[],n=j[0]===w&&j[1],t=n),t===!1)while(m=++n&&m&&m[p]||(t=n=0)||o.pop())if((h?m.nodeName.toLowerCase()===r:1===m.nodeType)&&++t&&(s&&(l=m[u]||(m[u]={}),k=l[m.uniqueID]||(l[m.uniqueID]={}),k[a]=[w,t]),m===b))break;return t-=e,t===d||t%d===0&&t/d>=0}}},PSEUDO:function(a,b){var c,e=d.pseudos[a]||d.setFilters[a.toLowerCase()]||fa.error("unsupported pseudo: "+a);return e[u]?e(b):e.length>1?(c=[a,a,"",b],d.setFilters.hasOwnProperty(a.toLowerCase())?ha(function(a,c){var d,f=e(a,b),g=f.length;while(g--)d=J(a,f[g]),a[d]=!(c[d]=f[g])}):function(a){return e(a,0,c)}):e}},pseudos:{not:ha(function(a){var b=[],c=[],d=h(a.replace(Q,"$1"));return d[u]?ha(function(a,b,c,e){var f,g=d(a,null,e,[]),h=a.length;while(h--)(f=g[h])&&(a[h]=!(b[h]=f))}):function(a,e,f){return b[0]=a,d(b,null,f,c),b[0]=null,!c.pop()}}),has:ha(function(a){return function(b){return fa(a,b).length>0}}),contains:ha(function(a){return a=a.replace(ba,ca),function(b){return(b.textContent||b.innerText||e(b)).indexOf(a)>-1}}),lang:ha(function(a){return V.test(a||"")||fa.error("unsupported lang: "+a),a=a.replace(ba,ca).toLowerCase(),function(b){var c;do if(c=p?b.lang:b.getAttribute("xml:lang")||b.getAttribute("lang"))return c=c.toLowerCase(),c===a||0===c.indexOf(a+"-");while((b=b.parentNode)&&1===b.nodeType);return!1}}),target:function(b){var c=a.location&&a.location.hash;return c&&c.slice(1)===b.id},root:function(a){return a===o},focus:function(a){return a===n.activeElement&&(!n.hasFocus||n.hasFocus())&&!!(a.type||a.href||~a.tabIndex)},enabled:function(a){return a.disabled===!1},disabled:function(a){return a.disabled===!0},checked:function(a){var b=a.nodeName.toLowerCase();return"input"===b&&!!a.checked||"option"===b&&!!a.selected},selected:function(a){return a.parentNode&&a.parentNode.selectedIndex,a.selected===!0},empty:function(a){for(a=a.firstChild;a;a=a.nextSibling)if(a.nodeType<6)return!1;return!0},parent:function(a){return!d.pseudos.empty(a)},header:function(a){return Y.test(a.nodeName)},input:function(a){return X.test(a.nodeName)},button:function(a){var b=a.nodeName.toLowerCase();return"input"===b&&"button"===a.type||"button"===b},text:function(a){var b;return"input"===a.nodeName.toLowerCase()&&"text"===a.type&&(null==(b=a.getAttribute("type"))||"text"===b.toLowerCase())},first:na(function(){return[0]}),last:na(function(a,b){return[b-1]}),eq:na(function(a,b,c){return[0>c?c+b:c]}),even:na(function(a,b){for(var c=0;b>c;c+=2)a.push(c);return a}),odd:na(function(a,b){for(var c=1;b>c;c+=2)a.push(c);return a}),lt:na(function(a,b,c){for(var d=0>c?c+b:c;--d>=0;)a.push(d);return a}),gt:na(function(a,b,c){for(var d=0>c?c+b:c;++d<b;)a.push(d);return a})}},d.pseudos.nth=d.pseudos.eq;for(b in{radio:!0,checkbox:!0,file:!0,password:!0,image:!0})d.pseudos[b]=la(b);for(b in{submit:!0,reset:!0})d.pseudos[b]=ma(b);function pa(){}pa.prototype=d.filters=d.pseudos,d.setFilters=new pa,g=fa.tokenize=function(a,b){var c,e,f,g,h,i,j,k=z[a+" "];if(k)return b?0:k.slice(0);h=a,i=[],j=d.preFilter;while(h){c&&!(e=R.exec(h))||(e&&(h=h.slice(e[0].length)||h),i.push(f=[])),c=!1,(e=S.exec(h))&&(c=e.shift(),f.push({value:c,type:e[0].replace(Q," ")}),h=h.slice(c.length));for(g in d.filter)!(e=W[g].exec(h))||j[g]&&!(e=j[g](e))||(c=e.shift(),f.push({value:c,type:g,matches:e}),h=h.slice(c.length));if(!c)break}return b?h.length:h?fa.error(a):z(a,i).slice(0)};function qa(a){for(var b=0,c=a.length,d="";c>b;b++)d+=a[b].value;return d}function ra(a,b,c){var d=b.dir,e=c&&"parentNode"===d,f=x++;return b.first?function(b,c,f){while(b=b[d])if(1===b.nodeType||e)return a(b,c,f)}:function(b,c,g){var h,i,j,k=[w,f];if(g){while(b=b[d])if((1===b.nodeType||e)&&a(b,c,g))return!0}else while(b=b[d])if(1===b.nodeType||e){if(j=b[u]||(b[u]={}),i=j[b.uniqueID]||(j[b.uniqueID]={}),(h=i[d])&&h[0]===w&&h[1]===f)return k[2]=h[2];if(i[d]=k,k[2]=a(b,c,g))return!0}}}function sa(a){return a.length>1?function(b,c,d){var e=a.length;while(e--)if(!a[e](b,c,d))return!1;return!0}:a[0]}function ta(a,b,c){for(var d=0,e=b.length;e>d;d++)fa(a,b[d],c);return c}function ua(a,b,c,d,e){for(var f,g=[],h=0,i=a.length,j=null!=b;i>h;h++)(f=a[h])&&(c&&!c(f,d,e)||(g.push(f),j&&b.push(h)));return g}function va(a,b,c,d,e,f){return d&&!d[u]&&(d=va(d)),e&&!e[u]&&(e=va(e,f)),ha(function(f,g,h,i){var j,k,l,m=[],n=[],o=g.length,p=f||ta(b||"*",h.nodeType?[h]:h,[]),q=!a||!f&&b?p:ua(p,m,a,h,i),r=c?e||(f?a:o||d)?[]:g:q;if(c&&c(q,r,h,i),d){j=ua(r,n),d(j,[],h,i),k=j.length;while(k--)(l=j[k])&&(r[n[k]]=!(q[n[k]]=l))}if(f){if(e||a){if(e){j=[],k=r.length;while(k--)(l=r[k])&&j.push(q[k]=l);e(null,r=[],j,i)}k=r.length;while(k--)(l=r[k])&&(j=e?J(f,l):m[k])>-1&&(f[j]=!(g[j]=l))}}else r=ua(r===g?r.splice(o,r.length):r),e?e(null,g,r,i):H.apply(g,r)})}function wa(a){for(var b,c,e,f=a.length,g=d.relative[a[0].type],h=g||d.relative[" "],i=g?1:0,k=ra(function(a){return a===b},h,!0),l=ra(function(a){return J(b,a)>-1},h,!0),m=[function(a,c,d){var e=!g&&(d||c!==j)||((b=c).nodeType?k(a,c,d):l(a,c,d));return b=null,e}];f>i;i++)if(c=d.relative[a[i].type])m=[ra(sa(m),c)];else{if(c=d.filter[a[i].type].apply(null,a[i].matches),c[u]){for(e=++i;f>e;e++)if(d.relative[a[e].type])break;return va(i>1&&sa(m),i>1&&qa(a.slice(0,i-1).concat({value:" "===a[i-2].type?"*":""})).replace(Q,"$1"),c,e>i&&wa(a.slice(i,e)),f>e&&wa(a=a.slice(e)),f>e&&qa(a))}m.push(c)}return sa(m)}function xa(a,b){var c=b.length>0,e=a.length>0,f=function(f,g,h,i,k){var l,o,q,r=0,s="0",t=f&&[],u=[],v=j,x=f||e&&d.find.TAG("*",k),y=w+=null==v?1:Math.random()||.1,z=x.length;for(k&&(j=g===n||g||k);s!==z&&null!=(l=x[s]);s++){if(e&&l){o=0,g||l.ownerDocument===n||(m(l),h=!p);while(q=a[o++])if(q(l,g||n,h)){i.push(l);break}k&&(w=y)}c&&((l=!q&&l)&&r--,f&&t.push(l))}if(r+=s,c&&s!==r){o=0;while(q=b[o++])q(t,u,g,h);if(f){if(r>0)while(s--)t[s]||u[s]||(u[s]=F.call(i));u=ua(u)}H.apply(i,u),k&&!f&&u.length>0&&r+b.length>1&&fa.uniqueSort(i)}return k&&(w=y,j=v),t};return c?ha(f):f}return h=fa.compile=function(a,b){var c,d=[],e=[],f=A[a+" "];if(!f){b||(b=g(a)),c=b.length;while(c--)f=wa(b[c]),f[u]?d.push(f):e.push(f);f=A(a,xa(e,d)),f.selector=a}return f},i=fa.select=function(a,b,e,f){var i,j,k,l,m,n="function"==typeof a&&a,o=!f&&g(a=n.selector||a);if(e=e||[],1===o.length){if(j=o[0]=o[0].slice(0),j.length>2&&"ID"===(k=j[0]).type&&c.getById&&9===b.nodeType&&p&&d.relative[j[1].type]){if(b=(d.find.ID(k.matches[0].replace(ba,ca),b)||[])[0],!b)return e;n&&(b=b.parentNode),a=a.slice(j.shift().value.length)}i=W.needsContext.test(a)?0:j.length;while(i--){if(k=j[i],d.relative[l=k.type])break;if((m=d.find[l])&&(f=m(k.matches[0].replace(ba,ca),_.test(j[0].type)&&oa(b.parentNode)||b))){if(j.splice(i,1),a=f.length&&qa(j),!a)return H.apply(e,f),e;break}}}return(n||h(a,o))(f,b,!p,e,!b||_.test(a)&&oa(b.parentNode)||b),e},c.sortStable=u.split("").sort(B).join("")===u,c.detectDuplicates=!!l,m(),c.sortDetached=ia(function(a){return 1&a.compareDocumentPosition(n.createElement("div"))}),ia(function(a){return a.innerHTML="<a href='#'></a>","#"===a.firstChild.getAttribute("href")})||ja("type|href|height|width",function(a,b,c){return c?void 0:a.getAttribute(b,"type"===b.toLowerCase()?1:2)}),c.attributes&&ia(function(a){return a.innerHTML="<input/>",a.firstChild.setAttribute("value",""),""===a.firstChild.getAttribute("value")})||ja("value",function(a,b,c){return c||"input"!==a.nodeName.toLowerCase()?void 0:a.defaultValue}),ia(function(a){return null==a.getAttribute("disabled")})||ja(K,function(a,b,c){var d;return c?void 0:a[b]===!0?b.toLowerCase():(d=a.getAttributeNode(b))&&d.specified?d.value:null}),fa}(a);n.find=t,n.expr=t.selectors,n.expr[":"]=n.expr.pseudos,n.uniqueSort=n.unique=t.uniqueSort,n.text=t.getText,n.isXMLDoc=t.isXML,n.contains=t.contains;var u=function(a,b,c){var d=[],e=void 0!==c;while((a=a[b])&&9!==a.nodeType)if(1===a.nodeType){if(e&&n(a).is(c))break;d.push(a)}return d},v=function(a,b){for(var c=[];a;a=a.nextSibling)1===a.nodeType&&a!==b&&c.push(a);return c},w=n.expr.match.needsContext,x=/^<([\w-]+)\s*\/?>(?:<\/\1>|)$/,y=/^.[^:#\[\.,]*$/;function z(a,b,c){if(n.isFunction(b))return n.grep(a,function(a,d){return!!b.call(a,d,a)!==c});if(b.nodeType)return n.grep(a,function(a){return a===b!==c});if("string"==typeof b){if(y.test(b))return n.filter(b,a,c);b=n.filter(b,a)}return n.grep(a,function(a){return n.inArray(a,b)>-1!==c})}n.filter=function(a,b,c){var d=b[0];return c&&(a=":not("+a+")"),1===b.length&&1===d.nodeType?n.find.matchesSelector(d,a)?[d]:[]:n.find.matches(a,n.grep(b,function(a){return 1===a.nodeType}))},n.fn.extend({find:function(a){var b,c=[],d=this,e=d.length;if("string"!=typeof a)return this.pushStack(n(a).filter(function(){for(b=0;e>b;b++)if(n.contains(d[b],this))return!0}));for(b=0;e>b;b++)n.find(a,d[b],c);return c=this.pushStack(e>1?n.unique(c):c),c.selector=this.selector?this.selector+" "+a:a,c},filter:function(a){return this.pushStack(z(this,a||[],!1))},not:function(a){return this.pushStack(z(this,a||[],!0))},is:function(a){return!!z(this,"string"==typeof a&&w.test(a)?n(a):a||[],!1).length}});var A,B=/^(?:\s*(<[\w\W]+>)[^>]*|#([\w-]*))$/,C=n.fn.init=function(a,b,c){var e,f;if(!a)return this;if(c=c||A,"string"==typeof a){if(e="<"===a.charAt(0)&&">"===a.charAt(a.length-1)&&a.length>=3?[null,a,null]:B.exec(a),!e||!e[1]&&b)return!b||b.jquery?(b||c).find(a):this.constructor(b).find(a);if(e[1]){if(b=b instanceof n?b[0]:b,n.merge(this,n.parseHTML(e[1],b&&b.nodeType?b.ownerDocument||b:d,!0)),x.test(e[1])&&n.isPlainObject(b))for(e in b)n.isFunction(this[e])?this[e](b[e]):this.attr(e,b[e]);return this}if(f=d.getElementById(e[2]),f&&f.parentNode){if(f.id!==e[2])return A.find(a);this.length=1,this[0]=f}return this.context=d,this.selector=a,this}return a.nodeType?(this.context=this[0]=a,this.length=1,this):n.isFunction(a)?"undefined"!=typeof c.ready?c.ready(a):a(n):(void 0!==a.selector&&(this.selector=a.selector,this.context=a.context),n.makeArray(a,this))};C.prototype=n.fn,A=n(d);var D=/^(?:parents|prev(?:Until|All))/,E={children:!0,contents:!0,next:!0,prev:!0};n.fn.extend({has:function(a){var b,c=n(a,this),d=c.length;return this.filter(function(){for(b=0;d>b;b++)if(n.contains(this,c[b]))return!0})},closest:function(a,b){for(var c,d=0,e=this.length,f=[],g=w.test(a)||"string"!=typeof a?n(a,b||this.context):0;e>d;d++)for(c=this[d];c&&c!==b;c=c.parentNode)if(c.nodeType<11&&(g?g.index(c)>-1:1===c.nodeType&&n.find.matchesSelector(c,a))){f.push(c);break}return this.pushStack(f.length>1?n.uniqueSort(f):f)},index:function(a){return a?"string"==typeof a?n.inArray(this[0],n(a)):n.inArray(a.jquery?a[0]:a,this):this[0]&&this[0].parentNode?this.first().prevAll().length:-1},add:function(a,b){return this.pushStack(n.uniqueSort(n.merge(this.get(),n(a,b))))},addBack:function(a){return this.add(null==a?this.prevObject:this.prevObject.filter(a))}});function F(a,b){do a=a[b];while(a&&1!==a.nodeType);return a}n.each({parent:function(a){var b=a.parentNode;return b&&11!==b.nodeType?b:null},parents:function(a){return u(a,"parentNode")},parentsUntil:function(a,b,c){return u(a,"parentNode",c)},next:function(a){return F(a,"nextSibling")},prev:function(a){return F(a,"previousSibling")},nextAll:function(a){return u(a,"nextSibling")},prevAll:function(a){return u(a,"previousSibling")},nextUntil:function(a,b,c){return u(a,"nextSibling",c)},prevUntil:function(a,b,c){return u(a,"previousSibling",c)},siblings:function(a){return v((a.parentNode||{}).firstChild,a)},children:function(a){return v(a.firstChild)},contents:function(a){return n.nodeName(a,"iframe")?a.contentDocument||a.contentWindow.document:n.merge([],a.childNodes)}},function(a,b){n.fn[a]=function(c,d){var e=n.map(this,b,c);return"Until"!==a.slice(-5)&&(d=c),d&&"string"==typeof d&&(e=n.filter(d,e)),this.length>1&&(E[a]||(e=n.uniqueSort(e)),D.test(a)&&(e=e.reverse())),this.pushStack(e)}});var G=/\S+/g;function H(a){var b={};return n.each(a.match(G)||[],function(a,c){b[c]=!0}),b}n.Callbacks=function(a){a="string"==typeof a?H(a):n.extend({},a);var b,c,d,e,f=[],g=[],h=-1,i=function(){for(e=a.once,d=b=!0;g.length;h=-1){c=g.shift();while(++h<f.length)f[h].apply(c[0],c[1])===!1&&a.stopOnFalse&&(h=f.length,c=!1)}a.memory||(c=!1),b=!1,e&&(f=c?[]:"")},j={add:function(){return f&&(c&&!b&&(h=f.length-1,g.push(c)),function d(b){n.each(b,function(b,c){n.isFunction(c)?a.unique&&j.has(c)||f.push(c):c&&c.length&&"string"!==n.type(c)&&d(c)})}(arguments),c&&!b&&i()),this},remove:function(){return n.each(arguments,function(a,b){var c;while((c=n.inArray(b,f,c))>-1)f.splice(c,1),h>=c&&h--}),this},has:function(a){return a?n.inArray(a,f)>-1:f.length>0},empty:function(){return f&&(f=[]),this},disable:function(){return e=g=[],f=c="",this},disabled:function(){return!f},lock:function(){return e=!0,c||j.disable(),this},locked:function(){return!!e},fireWith:function(a,c){return e||(c=c||[],c=[a,c.slice?c.slice():c],g.push(c),b||i()),this},fire:function(){return j.fireWith(this,arguments),this},fired:function(){return!!d}};return j},n.extend({Deferred:function(a){var b=[["resolve","done",n.Callbacks("once memory"),"resolved"],["reject","fail",n.Callbacks("once memory"),"rejected"],["notify","progress",n.Callbacks("memory")]],c="pending",d={state:function(){return c},always:function(){return e.done(arguments).fail(arguments),this},then:function(){var a=arguments;return n.Deferred(function(c){n.each(b,function(b,f){var g=n.isFunction(a[b])&&a[b];e[f[1]](function(){var a=g&&g.apply(this,arguments);a&&n.isFunction(a.promise)?a.promise().progress(c.notify).done(c.resolve).fail(c.reject):c[f[0]+"With"](this===d?c.promise():this,g?[a]:arguments)})}),a=null}).promise()},promise:function(a){return null!=a?n.extend(a,d):d}},e={};return d.pipe=d.then,n.each(b,function(a,f){var g=f[2],h=f[3];d[f[1]]=g.add,h&&g.add(function(){c=h},b[1^a][2].disable,b[2][2].lock),e[f[0]]=function(){return e[f[0]+"With"](this===e?d:this,arguments),this},e[f[0]+"With"]=g.fireWith}),d.promise(e),a&&a.call(e,e),e},when:function(a){var b=0,c=e.call(arguments),d=c.length,f=1!==d||a&&n.isFunction(a.promise)?d:0,g=1===f?a:n.Deferred(),h=function(a,b,c){return function(d){b[a]=this,c[a]=arguments.length>1?e.call(arguments):d,c===i?g.notifyWith(b,c):--f||g.resolveWith(b,c)}},i,j,k;if(d>1)for(i=new Array(d),j=new Array(d),k=new Array(d);d>b;b++)c[b]&&n.isFunction(c[b].promise)?c[b].promise().progress(h(b,j,i)).done(h(b,k,c)).fail(g.reject):--f;return f||g.resolveWith(k,c),g.promise()}});var I;n.fn.ready=function(a){return n.ready.promise().done(a),this},n.extend({isReady:!1,readyWait:1,holdReady:function(a){a?n.readyWait++:n.ready(!0)},ready:function(a){(a===!0?--n.readyWait:n.isReady)||(n.isReady=!0,a!==!0&&--n.readyWait>0||(I.resolveWith(d,[n]),n.fn.triggerHandler&&(n(d).triggerHandler("ready"),n(d).off("ready"))))}});function J(){d.addEventListener?(d.removeEventListener("DOMContentLoaded",K),a.removeEventListener("load",K)):(d.detachEvent("onreadystatechange",K),a.detachEvent("onload",K))}function K(){(d.addEventListener||"load"===a.event.type||"complete"===d.readyState)&&(J(),n.ready())}n.ready.promise=function(b){if(!I)if(I=n.Deferred(),"complete"===d.readyState||"loading"!==d.readyState&&!d.documentElement.doScroll)a.setTimeout(n.ready);else if(d.addEventListener)d.addEventListener("DOMContentLoaded",K),a.addEventListener("load",K);else{d.attachEvent("onreadystatechange",K),a.attachEvent("onload",K);var c=!1;try{c=null==a.frameElement&&d.documentElement}catch(e){}c&&c.doScroll&&!function f(){if(!n.isReady){try{c.doScroll("left")}catch(b){return a.setTimeout(f,50)}J(),n.ready()}}()}return I.promise(b)},n.ready.promise();var L;for(L in n(l))break;l.ownFirst="0"===L,l.inlineBlockNeedsLayout=!1,n(function(){var a,b,c,e;c=d.getElementsByTagName("body")[0],c&&c.style&&(b=d.createElement("div"),e=d.createElement("div"),e.style.cssText="position:absolute;border:0;width:0;height:0;top:0;left:-9999px",c.appendChild(e).appendChild(b),"undefined"!=typeof b.style.zoom&&(b.style.cssText="display:inline;margin:0;border:0;padding:1px;width:1px;zoom:1",l.inlineBlockNeedsLayout=a=3===b.offsetWidth,a&&(c.style.zoom=1)),c.removeChild(e))}),function(){var a=d.createElement("div");l.deleteExpando=!0;try{delete a.test}catch(b){l.deleteExpando=!1}a=null}();var M=function(a){var b=n.noData[(a.nodeName+" ").toLowerCase()],c=+a.nodeType||1;return 1!==c&&9!==c?!1:!b||b!==!0&&a.getAttribute("classid")===b},N=/^(?:\{[\w\W]*\}|\[[\w\W]*\])$/,O=/([A-Z])/g;function P(a,b,c){if(void 0===c&&1===a.nodeType){var d="data-"+b.replace(O,"-$1").toLowerCase();if(c=a.getAttribute(d),"string"==typeof c){try{c="true"===c?!0:"false"===c?!1:"null"===c?null:+c+""===c?+c:N.test(c)?n.parseJSON(c):c}catch(e){}n.data(a,b,c)}else c=void 0;
}return c}function Q(a){var b;for(b in a)if(("data"!==b||!n.isEmptyObject(a[b]))&&"toJSON"!==b)return!1;return!0}function R(a,b,d,e){if(M(a)){var f,g,h=n.expando,i=a.nodeType,j=i?n.cache:a,k=i?a[h]:a[h]&&h;if(k&&j[k]&&(e||j[k].data)||void 0!==d||"string"!=typeof b)return k||(k=i?a[h]=c.pop()||n.guid++:h),j[k]||(j[k]=i?{}:{toJSON:n.noop}),"object"!=typeof b&&"function"!=typeof b||(e?j[k]=n.extend(j[k],b):j[k].data=n.extend(j[k].data,b)),g=j[k],e||(g.data||(g.data={}),g=g.data),void 0!==d&&(g[n.camelCase(b)]=d),"string"==typeof b?(f=g[b],null==f&&(f=g[n.camelCase(b)])):f=g,f}}function S(a,b,c){if(M(a)){var d,e,f=a.nodeType,g=f?n.cache:a,h=f?a[n.expando]:n.expando;if(g[h]){if(b&&(d=c?g[h]:g[h].data)){n.isArray(b)?b=b.concat(n.map(b,n.camelCase)):b in d?b=[b]:(b=n.camelCase(b),b=b in d?[b]:b.split(" ")),e=b.length;while(e--)delete d[b[e]];if(c?!Q(d):!n.isEmptyObject(d))return}(c||(delete g[h].data,Q(g[h])))&&(f?n.cleanData([a],!0):l.deleteExpando||g!=g.window?delete g[h]:g[h]=void 0)}}}n.extend({cache:{},noData:{"applet ":!0,"embed ":!0,"object ":"clsid:D27CDB6E-AE6D-11cf-96B8-444553540000"},hasData:function(a){return a=a.nodeType?n.cache[a[n.expando]]:a[n.expando],!!a&&!Q(a)},data:function(a,b,c){return R(a,b,c)},removeData:function(a,b){return S(a,b)},_data:function(a,b,c){return R(a,b,c,!0)},_removeData:function(a,b){return S(a,b,!0)}}),n.fn.extend({data:function(a,b){var c,d,e,f=this[0],g=f&&f.attributes;if(void 0===a){if(this.length&&(e=n.data(f),1===f.nodeType&&!n._data(f,"parsedAttrs"))){c=g.length;while(c--)g[c]&&(d=g[c].name,0===d.indexOf("data-")&&(d=n.camelCase(d.slice(5)),P(f,d,e[d])));n._data(f,"parsedAttrs",!0)}return e}return"object"==typeof a?this.each(function(){n.data(this,a)}):arguments.length>1?this.each(function(){n.data(this,a,b)}):f?P(f,a,n.data(f,a)):void 0},removeData:function(a){return this.each(function(){n.removeData(this,a)})}}),n.extend({queue:function(a,b,c){var d;return a?(b=(b||"fx")+"queue",d=n._data(a,b),c&&(!d||n.isArray(c)?d=n._data(a,b,n.makeArray(c)):d.push(c)),d||[]):void 0},dequeue:function(a,b){b=b||"fx";var c=n.queue(a,b),d=c.length,e=c.shift(),f=n._queueHooks(a,b),g=function(){n.dequeue(a,b)};"inprogress"===e&&(e=c.shift(),d--),e&&("fx"===b&&c.unshift("inprogress"),delete f.stop,e.call(a,g,f)),!d&&f&&f.empty.fire()},_queueHooks:function(a,b){var c=b+"queueHooks";return n._data(a,c)||n._data(a,c,{empty:n.Callbacks("once memory").add(function(){n._removeData(a,b+"queue"),n._removeData(a,c)})})}}),n.fn.extend({queue:function(a,b){var c=2;return"string"!=typeof a&&(b=a,a="fx",c--),arguments.length<c?n.queue(this[0],a):void 0===b?this:this.each(function(){var c=n.queue(this,a,b);n._queueHooks(this,a),"fx"===a&&"inprogress"!==c[0]&&n.dequeue(this,a)})},dequeue:function(a){return this.each(function(){n.dequeue(this,a)})},clearQueue:function(a){return this.queue(a||"fx",[])},promise:function(a,b){var c,d=1,e=n.Deferred(),f=this,g=this.length,h=function(){--d||e.resolveWith(f,[f])};"string"!=typeof a&&(b=a,a=void 0),a=a||"fx";while(g--)c=n._data(f[g],a+"queueHooks"),c&&c.empty&&(d++,c.empty.add(h));return h(),e.promise(b)}}),function(){var a;l.shrinkWrapBlocks=function(){if(null!=a)return a;a=!1;var b,c,e;return c=d.getElementsByTagName("body")[0],c&&c.style?(b=d.createElement("div"),e=d.createElement("div"),e.style.cssText="position:absolute;border:0;width:0;height:0;top:0;left:-9999px",c.appendChild(e).appendChild(b),"undefined"!=typeof b.style.zoom&&(b.style.cssText="-webkit-box-sizing:content-box;-moz-box-sizing:content-box;box-sizing:content-box;display:block;margin:0;border:0;padding:1px;width:1px;zoom:1",b.appendChild(d.createElement("div")).style.width="5px",a=3!==b.offsetWidth),c.removeChild(e),a):void 0}}();var T=/[+-]?(?:\d*\.|)\d+(?:[eE][+-]?\d+|)/.source,U=new RegExp("^(?:([+-])=|)("+T+")([a-z%]*)$","i"),V=["Top","Right","Bottom","Left"],W=function(a,b){return a=b||a,"none"===n.css(a,"display")||!n.contains(a.ownerDocument,a)};function X(a,b,c,d){var e,f=1,g=20,h=d?function(){return d.cur()}:function(){return n.css(a,b,"")},i=h(),j=c&&c[3]||(n.cssNumber[b]?"":"px"),k=(n.cssNumber[b]||"px"!==j&&+i)&&U.exec(n.css(a,b));if(k&&k[3]!==j){j=j||k[3],c=c||[],k=+i||1;do f=f||".5",k/=f,n.style(a,b,k+j);while(f!==(f=h()/i)&&1!==f&&--g)}return c&&(k=+k||+i||0,e=c[1]?k+(c[1]+1)*c[2]:+c[2],d&&(d.unit=j,d.start=k,d.end=e)),e}var Y=function(a,b,c,d,e,f,g){var h=0,i=a.length,j=null==c;if("object"===n.type(c)){e=!0;for(h in c)Y(a,b,h,c[h],!0,f,g)}else if(void 0!==d&&(e=!0,n.isFunction(d)||(g=!0),j&&(g?(b.call(a,d),b=null):(j=b,b=function(a,b,c){return j.call(n(a),c)})),b))for(;i>h;h++)b(a[h],c,g?d:d.call(a[h],h,b(a[h],c)));return e?a:j?b.call(a):i?b(a[0],c):f},Z=/^(?:checkbox|radio)$/i,$=/<([\w:-]+)/,_=/^$|\/(?:java|ecma)script/i,aa=/^\s+/,ba="abbr|article|aside|audio|bdi|canvas|data|datalist|details|dialog|figcaption|figure|footer|header|hgroup|main|mark|meter|nav|output|picture|progress|section|summary|template|time|video";function ca(a){var b=ba.split("|"),c=a.createDocumentFragment();if(c.createElement)while(b.length)c.createElement(b.pop());return c}!function(){var a=d.createElement("div"),b=d.createDocumentFragment(),c=d.createElement("input");a.innerHTML="  <link/><table></table><a href='/a'>a</a><input type='checkbox'/>",l.leadingWhitespace=3===a.firstChild.nodeType,l.tbody=!a.getElementsByTagName("tbody").length,l.htmlSerialize=!!a.getElementsByTagName("link").length,l.html5Clone="<:nav></:nav>"!==d.createElement("nav").cloneNode(!0).outerHTML,c.type="checkbox",c.checked=!0,b.appendChild(c),l.appendChecked=c.checked,a.innerHTML="<textarea>x</textarea>",l.noCloneChecked=!!a.cloneNode(!0).lastChild.defaultValue,b.appendChild(a),c=d.createElement("input"),c.setAttribute("type","radio"),c.setAttribute("checked","checked"),c.setAttribute("name","t"),a.appendChild(c),l.checkClone=a.cloneNode(!0).cloneNode(!0).lastChild.checked,l.noCloneEvent=!!a.addEventListener,a[n.expando]=1,l.attributes=!a.getAttribute(n.expando)}();var da={option:[1,"<select multiple='multiple'>","</select>"],legend:[1,"<fieldset>","</fieldset>"],area:[1,"<map>","</map>"],param:[1,"<object>","</object>"],thead:[1,"<table>","</table>"],tr:[2,"<table><tbody>","</tbody></table>"],col:[2,"<table><tbody></tbody><colgroup>","</colgroup></table>"],td:[3,"<table><tbody><tr>","</tr></tbody></table>"],_default:l.htmlSerialize?[0,"",""]:[1,"X<div>","</div>"]};da.optgroup=da.option,da.tbody=da.tfoot=da.colgroup=da.caption=da.thead,da.th=da.td;function ea(a,b){var c,d,e=0,f="undefined"!=typeof a.getElementsByTagName?a.getElementsByTagName(b||"*"):"undefined"!=typeof a.querySelectorAll?a.querySelectorAll(b||"*"):void 0;if(!f)for(f=[],c=a.childNodes||a;null!=(d=c[e]);e++)!b||n.nodeName(d,b)?f.push(d):n.merge(f,ea(d,b));return void 0===b||b&&n.nodeName(a,b)?n.merge([a],f):f}function fa(a,b){for(var c,d=0;null!=(c=a[d]);d++)n._data(c,"globalEval",!b||n._data(b[d],"globalEval"))}var ga=/<|&#?\w+;/,ha=/<tbody/i;function ia(a){Z.test(a.type)&&(a.defaultChecked=a.checked)}function ja(a,b,c,d,e){for(var f,g,h,i,j,k,m,o=a.length,p=ca(b),q=[],r=0;o>r;r++)if(g=a[r],g||0===g)if("object"===n.type(g))n.merge(q,g.nodeType?[g]:g);else if(ga.test(g)){i=i||p.appendChild(b.createElement("div")),j=($.exec(g)||["",""])[1].toLowerCase(),m=da[j]||da._default,i.innerHTML=m[1]+n.htmlPrefilter(g)+m[2],f=m[0];while(f--)i=i.lastChild;if(!l.leadingWhitespace&&aa.test(g)&&q.push(b.createTextNode(aa.exec(g)[0])),!l.tbody){g="table"!==j||ha.test(g)?"<table>"!==m[1]||ha.test(g)?0:i:i.firstChild,f=g&&g.childNodes.length;while(f--)n.nodeName(k=g.childNodes[f],"tbody")&&!k.childNodes.length&&g.removeChild(k)}n.merge(q,i.childNodes),i.textContent="";while(i.firstChild)i.removeChild(i.firstChild);i=p.lastChild}else q.push(b.createTextNode(g));i&&p.removeChild(i),l.appendChecked||n.grep(ea(q,"input"),ia),r=0;while(g=q[r++])if(d&&n.inArray(g,d)>-1)e&&e.push(g);else if(h=n.contains(g.ownerDocument,g),i=ea(p.appendChild(g),"script"),h&&fa(i),c){f=0;while(g=i[f++])_.test(g.type||"")&&c.push(g)}return i=null,p}!function(){var b,c,e=d.createElement("div");for(b in{submit:!0,change:!0,focusin:!0})c="on"+b,(l[b]=c in a)||(e.setAttribute(c,"t"),l[b]=e.attributes[c].expando===!1);e=null}();var ka=/^(?:input|select|textarea)$/i,la=/^key/,ma=/^(?:mouse|pointer|contextmenu|drag|drop)|click/,na=/^(?:focusinfocus|focusoutblur)$/,oa=/^([^.]*)(?:\.(.+)|)/;function pa(){return!0}function qa(){return!1}function ra(){try{return d.activeElement}catch(a){}}function sa(a,b,c,d,e,f){var g,h;if("object"==typeof b){"string"!=typeof c&&(d=d||c,c=void 0);for(h in b)sa(a,h,c,d,b[h],f);return a}if(null==d&&null==e?(e=c,d=c=void 0):null==e&&("string"==typeof c?(e=d,d=void 0):(e=d,d=c,c=void 0)),e===!1)e=qa;else if(!e)return a;return 1===f&&(g=e,e=function(a){return n().off(a),g.apply(this,arguments)},e.guid=g.guid||(g.guid=n.guid++)),a.each(function(){n.event.add(this,b,e,d,c)})}n.event={global:{},add:function(a,b,c,d,e){var f,g,h,i,j,k,l,m,o,p,q,r=n._data(a);if(r){c.handler&&(i=c,c=i.handler,e=i.selector),c.guid||(c.guid=n.guid++),(g=r.events)||(g=r.events={}),(k=r.handle)||(k=r.handle=function(a){return"undefined"==typeof n||a&&n.event.triggered===a.type?void 0:n.event.dispatch.apply(k.elem,arguments)},k.elem=a),b=(b||"").match(G)||[""],h=b.length;while(h--)f=oa.exec(b[h])||[],o=q=f[1],p=(f[2]||"").split(".").sort(),o&&(j=n.event.special[o]||{},o=(e?j.delegateType:j.bindType)||o,j=n.event.special[o]||{},l=n.extend({type:o,origType:q,data:d,handler:c,guid:c.guid,selector:e,needsContext:e&&n.expr.match.needsContext.test(e),namespace:p.join(".")},i),(m=g[o])||(m=g[o]=[],m.delegateCount=0,j.setup&&j.setup.call(a,d,p,k)!==!1||(a.addEventListener?a.addEventListener(o,k,!1):a.attachEvent&&a.attachEvent("on"+o,k))),j.add&&(j.add.call(a,l),l.handler.guid||(l.handler.guid=c.guid)),e?m.splice(m.delegateCount++,0,l):m.push(l),n.event.global[o]=!0);a=null}},remove:function(a,b,c,d,e){var f,g,h,i,j,k,l,m,o,p,q,r=n.hasData(a)&&n._data(a);if(r&&(k=r.events)){b=(b||"").match(G)||[""],j=b.length;while(j--)if(h=oa.exec(b[j])||[],o=q=h[1],p=(h[2]||"").split(".").sort(),o){l=n.event.special[o]||{},o=(d?l.delegateType:l.bindType)||o,m=k[o]||[],h=h[2]&&new RegExp("(^|\\.)"+p.join("\\.(?:.*\\.|)")+"(\\.|$)"),i=f=m.length;while(f--)g=m[f],!e&&q!==g.origType||c&&c.guid!==g.guid||h&&!h.test(g.namespace)||d&&d!==g.selector&&("**"!==d||!g.selector)||(m.splice(f,1),g.selector&&m.delegateCount--,l.remove&&l.remove.call(a,g));i&&!m.length&&(l.teardown&&l.teardown.call(a,p,r.handle)!==!1||n.removeEvent(a,o,r.handle),delete k[o])}else for(o in k)n.event.remove(a,o+b[j],c,d,!0);n.isEmptyObject(k)&&(delete r.handle,n._removeData(a,"events"))}},trigger:function(b,c,e,f){var g,h,i,j,l,m,o,p=[e||d],q=k.call(b,"type")?b.type:b,r=k.call(b,"namespace")?b.namespace.split("."):[];if(i=m=e=e||d,3!==e.nodeType&&8!==e.nodeType&&!na.test(q+n.event.triggered)&&(q.indexOf(".")>-1&&(r=q.split("."),q=r.shift(),r.sort()),h=q.indexOf(":")<0&&"on"+q,b=b[n.expando]?b:new n.Event(q,"object"==typeof b&&b),b.isTrigger=f?2:3,b.namespace=r.join("."),b.rnamespace=b.namespace?new RegExp("(^|\\.)"+r.join("\\.(?:.*\\.|)")+"(\\.|$)"):null,b.result=void 0,b.target||(b.target=e),c=null==c?[b]:n.makeArray(c,[b]),l=n.event.special[q]||{},f||!l.trigger||l.trigger.apply(e,c)!==!1)){if(!f&&!l.noBubble&&!n.isWindow(e)){for(j=l.delegateType||q,na.test(j+q)||(i=i.parentNode);i;i=i.parentNode)p.push(i),m=i;m===(e.ownerDocument||d)&&p.push(m.defaultView||m.parentWindow||a)}o=0;while((i=p[o++])&&!b.isPropagationStopped())b.type=o>1?j:l.bindType||q,g=(n._data(i,"events")||{})[b.type]&&n._data(i,"handle"),g&&g.apply(i,c),g=h&&i[h],g&&g.apply&&M(i)&&(b.result=g.apply(i,c),b.result===!1&&b.preventDefault());if(b.type=q,!f&&!b.isDefaultPrevented()&&(!l._default||l._default.apply(p.pop(),c)===!1)&&M(e)&&h&&e[q]&&!n.isWindow(e)){m=e[h],m&&(e[h]=null),n.event.triggered=q;try{e[q]()}catch(s){}n.event.triggered=void 0,m&&(e[h]=m)}return b.result}},dispatch:function(a){a=n.event.fix(a);var b,c,d,f,g,h=[],i=e.call(arguments),j=(n._data(this,"events")||{})[a.type]||[],k=n.event.special[a.type]||{};if(i[0]=a,a.delegateTarget=this,!k.preDispatch||k.preDispatch.call(this,a)!==!1){h=n.event.handlers.call(this,a,j),b=0;while((f=h[b++])&&!a.isPropagationStopped()){a.currentTarget=f.elem,c=0;while((g=f.handlers[c++])&&!a.isImmediatePropagationStopped())a.rnamespace&&!a.rnamespace.test(g.namespace)||(a.handleObj=g,a.data=g.data,d=((n.event.special[g.origType]||{}).handle||g.handler).apply(f.elem,i),void 0!==d&&(a.result=d)===!1&&(a.preventDefault(),a.stopPropagation()))}return k.postDispatch&&k.postDispatch.call(this,a),a.result}},handlers:function(a,b){var c,d,e,f,g=[],h=b.delegateCount,i=a.target;if(h&&i.nodeType&&("click"!==a.type||isNaN(a.button)||a.button<1))for(;i!=this;i=i.parentNode||this)if(1===i.nodeType&&(i.disabled!==!0||"click"!==a.type)){for(d=[],c=0;h>c;c++)f=b[c],e=f.selector+" ",void 0===d[e]&&(d[e]=f.needsContext?n(e,this).index(i)>-1:n.find(e,this,null,[i]).length),d[e]&&d.push(f);d.length&&g.push({elem:i,handlers:d})}return h<b.length&&g.push({elem:this,handlers:b.slice(h)}),g},fix:function(a){if(a[n.expando])return a;var b,c,e,f=a.type,g=a,h=this.fixHooks[f];h||(this.fixHooks[f]=h=ma.test(f)?this.mouseHooks:la.test(f)?this.keyHooks:{}),e=h.props?this.props.concat(h.props):this.props,a=new n.Event(g),b=e.length;while(b--)c=e[b],a[c]=g[c];return a.target||(a.target=g.srcElement||d),3===a.target.nodeType&&(a.target=a.target.parentNode),a.metaKey=!!a.metaKey,h.filter?h.filter(a,g):a},props:"altKey bubbles cancelable ctrlKey currentTarget detail eventPhase metaKey relatedTarget shiftKey target timeStamp view which".split(" "),fixHooks:{},keyHooks:{props:"char charCode key keyCode".split(" "),filter:function(a,b){return null==a.which&&(a.which=null!=b.charCode?b.charCode:b.keyCode),a}},mouseHooks:{props:"button buttons clientX clientY fromElement offsetX offsetY pageX pageY screenX screenY toElement".split(" "),filter:function(a,b){var c,e,f,g=b.button,h=b.fromElement;return null==a.pageX&&null!=b.clientX&&(e=a.target.ownerDocument||d,f=e.documentElement,c=e.body,a.pageX=b.clientX+(f&&f.scrollLeft||c&&c.scrollLeft||0)-(f&&f.clientLeft||c&&c.clientLeft||0),a.pageY=b.clientY+(f&&f.scrollTop||c&&c.scrollTop||0)-(f&&f.clientTop||c&&c.clientTop||0)),!a.relatedTarget&&h&&(a.relatedTarget=h===a.target?b.toElement:h),a.which||void 0===g||(a.which=1&g?1:2&g?3:4&g?2:0),a}},special:{load:{noBubble:!0},focus:{trigger:function(){if(this!==ra()&&this.focus)try{return this.focus(),!1}catch(a){}},delegateType:"focusin"},blur:{trigger:function(){return this===ra()&&this.blur?(this.blur(),!1):void 0},delegateType:"focusout"},click:{trigger:function(){return n.nodeName(this,"input")&&"checkbox"===this.type&&this.click?(this.click(),!1):void 0},_default:function(a){return n.nodeName(a.target,"a")}},beforeunload:{postDispatch:function(a){void 0!==a.result&&a.originalEvent&&(a.originalEvent.returnValue=a.result)}}},simulate:function(a,b,c){var d=n.extend(new n.Event,c,{type:a,isSimulated:!0});n.event.trigger(d,null,b),d.isDefaultPrevented()&&c.preventDefault()}},n.removeEvent=d.removeEventListener?function(a,b,c){a.removeEventListener&&a.removeEventListener(b,c)}:function(a,b,c){var d="on"+b;a.detachEvent&&("undefined"==typeof a[d]&&(a[d]=null),a.detachEvent(d,c))},n.Event=function(a,b){return this instanceof n.Event?(a&&a.type?(this.originalEvent=a,this.type=a.type,this.isDefaultPrevented=a.defaultPrevented||void 0===a.defaultPrevented&&a.returnValue===!1?pa:qa):this.type=a,b&&n.extend(this,b),this.timeStamp=a&&a.timeStamp||n.now(),void(this[n.expando]=!0)):new n.Event(a,b)},n.Event.prototype={constructor:n.Event,isDefaultPrevented:qa,isPropagationStopped:qa,isImmediatePropagationStopped:qa,preventDefault:function(){var a=this.originalEvent;this.isDefaultPrevented=pa,a&&(a.preventDefault?a.preventDefault():a.returnValue=!1)},stopPropagation:function(){var a=this.originalEvent;this.isPropagationStopped=pa,a&&!this.isSimulated&&(a.stopPropagation&&a.stopPropagation(),a.cancelBubble=!0)},stopImmediatePropagation:function(){var a=this.originalEvent;this.isImmediatePropagationStopped=pa,a&&a.stopImmediatePropagation&&a.stopImmediatePropagation(),this.stopPropagation()}},n.each({mouseenter:"mouseover",mouseleave:"mouseout",pointerenter:"pointerover",pointerleave:"pointerout"},function(a,b){n.event.special[a]={delegateType:b,bindType:b,handle:function(a){var c,d=this,e=a.relatedTarget,f=a.handleObj;return e&&(e===d||n.contains(d,e))||(a.type=f.origType,c=f.handler.apply(this,arguments),a.type=b),c}}}),l.submit||(n.event.special.submit={setup:function(){return n.nodeName(this,"form")?!1:void n.event.add(this,"click._submit keypress._submit",function(a){var b=a.target,c=n.nodeName(b,"input")||n.nodeName(b,"button")?n.prop(b,"form"):void 0;c&&!n._data(c,"submit")&&(n.event.add(c,"submit._submit",function(a){a._submitBubble=!0}),n._data(c,"submit",!0))})},postDispatch:function(a){a._submitBubble&&(delete a._submitBubble,this.parentNode&&!a.isTrigger&&n.event.simulate("submit",this.parentNode,a))},teardown:function(){return n.nodeName(this,"form")?!1:void n.event.remove(this,"._submit")}}),l.change||(n.event.special.change={setup:function(){return ka.test(this.nodeName)?("checkbox"!==this.type&&"radio"!==this.type||(n.event.add(this,"propertychange._change",function(a){"checked"===a.originalEvent.propertyName&&(this._justChanged=!0)}),n.event.add(this,"click._change",function(a){this._justChanged&&!a.isTrigger&&(this._justChanged=!1),n.event.simulate("change",this,a)})),!1):void n.event.add(this,"beforeactivate._change",function(a){var b=a.target;ka.test(b.nodeName)&&!n._data(b,"change")&&(n.event.add(b,"change._change",function(a){!this.parentNode||a.isSimulated||a.isTrigger||n.event.simulate("change",this.parentNode,a)}),n._data(b,"change",!0))})},handle:function(a){var b=a.target;return this!==b||a.isSimulated||a.isTrigger||"radio"!==b.type&&"checkbox"!==b.type?a.handleObj.handler.apply(this,arguments):void 0},teardown:function(){return n.event.remove(this,"._change"),!ka.test(this.nodeName)}}),l.focusin||n.each({focus:"focusin",blur:"focusout"},function(a,b){var c=function(a){n.event.simulate(b,a.target,n.event.fix(a))};n.event.special[b]={setup:function(){var d=this.ownerDocument||this,e=n._data(d,b);e||d.addEventListener(a,c,!0),n._data(d,b,(e||0)+1)},teardown:function(){var d=this.ownerDocument||this,e=n._data(d,b)-1;e?n._data(d,b,e):(d.removeEventListener(a,c,!0),n._removeData(d,b))}}}),n.fn.extend({on:function(a,b,c,d){return sa(this,a,b,c,d)},one:function(a,b,c,d){return sa(this,a,b,c,d,1)},off:function(a,b,c){var d,e;if(a&&a.preventDefault&&a.handleObj)return d=a.handleObj,n(a.delegateTarget).off(d.namespace?d.origType+"."+d.namespace:d.origType,d.selector,d.handler),this;if("object"==typeof a){for(e in a)this.off(e,b,a[e]);return this}return b!==!1&&"function"!=typeof b||(c=b,b=void 0),c===!1&&(c=qa),this.each(function(){n.event.remove(this,a,c,b)})},trigger:function(a,b){return this.each(function(){n.event.trigger(a,b,this)})},triggerHandler:function(a,b){var c=this[0];return c?n.event.trigger(a,b,c,!0):void 0}});var ta=/ jQuery\d+="(?:null|\d+)"/g,ua=new RegExp("<(?:"+ba+")[\\s/>]","i"),va=/<(?!area|br|col|embed|hr|img|input|link|meta|param)(([\w:-]+)[^>]*)\/>/gi,wa=/<script|<style|<link/i,xa=/checked\s*(?:[^=]|=\s*.checked.)/i,ya=/^true\/(.*)/,za=/^\s*<!(?:\[CDATA\[|--)|(?:\]\]|--)>\s*$/g,Aa=ca(d),Ba=Aa.appendChild(d.createElement("div"));function Ca(a,b){return n.nodeName(a,"table")&&n.nodeName(11!==b.nodeType?b:b.firstChild,"tr")?a.getElementsByTagName("tbody")[0]||a.appendChild(a.ownerDocument.createElement("tbody")):a}function Da(a){return a.type=(null!==n.find.attr(a,"type"))+"/"+a.type,a}function Ea(a){var b=ya.exec(a.type);return b?a.type=b[1]:a.removeAttribute("type"),a}function Fa(a,b){if(1===b.nodeType&&n.hasData(a)){var c,d,e,f=n._data(a),g=n._data(b,f),h=f.events;if(h){delete g.handle,g.events={};for(c in h)for(d=0,e=h[c].length;e>d;d++)n.event.add(b,c,h[c][d])}g.data&&(g.data=n.extend({},g.data))}}function Ga(a,b){var c,d,e;if(1===b.nodeType){if(c=b.nodeName.toLowerCase(),!l.noCloneEvent&&b[n.expando]){e=n._data(b);for(d in e.events)n.removeEvent(b,d,e.handle);b.removeAttribute(n.expando)}"script"===c&&b.text!==a.text?(Da(b).text=a.text,Ea(b)):"object"===c?(b.parentNode&&(b.outerHTML=a.outerHTML),l.html5Clone&&a.innerHTML&&!n.trim(b.innerHTML)&&(b.innerHTML=a.innerHTML)):"input"===c&&Z.test(a.type)?(b.defaultChecked=b.checked=a.checked,b.value!==a.value&&(b.value=a.value)):"option"===c?b.defaultSelected=b.selected=a.defaultSelected:"input"!==c&&"textarea"!==c||(b.defaultValue=a.defaultValue)}}function Ha(a,b,c,d){b=f.apply([],b);var e,g,h,i,j,k,m=0,o=a.length,p=o-1,q=b[0],r=n.isFunction(q);if(r||o>1&&"string"==typeof q&&!l.checkClone&&xa.test(q))return a.each(function(e){var f=a.eq(e);r&&(b[0]=q.call(this,e,f.html())),Ha(f,b,c,d)});if(o&&(k=ja(b,a[0].ownerDocument,!1,a,d),e=k.firstChild,1===k.childNodes.length&&(k=e),e||d)){for(i=n.map(ea(k,"script"),Da),h=i.length;o>m;m++)g=k,m!==p&&(g=n.clone(g,!0,!0),h&&n.merge(i,ea(g,"script"))),c.call(a[m],g,m);if(h)for(j=i[i.length-1].ownerDocument,n.map(i,Ea),m=0;h>m;m++)g=i[m],_.test(g.type||"")&&!n._data(g,"globalEval")&&n.contains(j,g)&&(g.src?n._evalUrl&&n._evalUrl(g.src):n.globalEval((g.text||g.textContent||g.innerHTML||"").replace(za,"")));k=e=null}return a}function Ia(a,b,c){for(var d,e=b?n.filter(b,a):a,f=0;null!=(d=e[f]);f++)c||1!==d.nodeType||n.cleanData(ea(d)),d.parentNode&&(c&&n.contains(d.ownerDocument,d)&&fa(ea(d,"script")),d.parentNode.removeChild(d));return a}n.extend({htmlPrefilter:function(a){return a.replace(va,"<$1></$2>")},clone:function(a,b,c){var d,e,f,g,h,i=n.contains(a.ownerDocument,a);if(l.html5Clone||n.isXMLDoc(a)||!ua.test("<"+a.nodeName+">")?f=a.cloneNode(!0):(Ba.innerHTML=a.outerHTML,Ba.removeChild(f=Ba.firstChild)),!(l.noCloneEvent&&l.noCloneChecked||1!==a.nodeType&&11!==a.nodeType||n.isXMLDoc(a)))for(d=ea(f),h=ea(a),g=0;null!=(e=h[g]);++g)d[g]&&Ga(e,d[g]);if(b)if(c)for(h=h||ea(a),d=d||ea(f),g=0;null!=(e=h[g]);g++)Fa(e,d[g]);else Fa(a,f);return d=ea(f,"script"),d.length>0&&fa(d,!i&&ea(a,"script")),d=h=e=null,f},cleanData:function(a,b){for(var d,e,f,g,h=0,i=n.expando,j=n.cache,k=l.attributes,m=n.event.special;null!=(d=a[h]);h++)if((b||M(d))&&(f=d[i],g=f&&j[f])){if(g.events)for(e in g.events)m[e]?n.event.remove(d,e):n.removeEvent(d,e,g.handle);j[f]&&(delete j[f],k||"undefined"==typeof d.removeAttribute?d[i]=void 0:d.removeAttribute(i),c.push(f))}}}),n.fn.extend({domManip:Ha,detach:function(a){return Ia(this,a,!0)},remove:function(a){return Ia(this,a)},text:function(a){return Y(this,function(a){return void 0===a?n.text(this):this.empty().append((this[0]&&this[0].ownerDocument||d).createTextNode(a))},null,a,arguments.length)},append:function(){return Ha(this,arguments,function(a){if(1===this.nodeType||11===this.nodeType||9===this.nodeType){var b=Ca(this,a);b.appendChild(a)}})},prepend:function(){return Ha(this,arguments,function(a){if(1===this.nodeType||11===this.nodeType||9===this.nodeType){var b=Ca(this,a);b.insertBefore(a,b.firstChild)}})},before:function(){return Ha(this,arguments,function(a){this.parentNode&&this.parentNode.insertBefore(a,this)})},after:function(){return Ha(this,arguments,function(a){this.parentNode&&this.parentNode.insertBefore(a,this.nextSibling)})},empty:function(){for(var a,b=0;null!=(a=this[b]);b++){1===a.nodeType&&n.cleanData(ea(a,!1));while(a.firstChild)a.removeChild(a.firstChild);a.options&&n.nodeName(a,"select")&&(a.options.length=0)}return this},clone:function(a,b){return a=null==a?!1:a,b=null==b?a:b,this.map(function(){return n.clone(this,a,b)})},html:function(a){return Y(this,function(a){var b=this[0]||{},c=0,d=this.length;if(void 0===a)return 1===b.nodeType?b.innerHTML.replace(ta,""):void 0;if("string"==typeof a&&!wa.test(a)&&(l.htmlSerialize||!ua.test(a))&&(l.leadingWhitespace||!aa.test(a))&&!da[($.exec(a)||["",""])[1].toLowerCase()]){a=n.htmlPrefilter(a);try{for(;d>c;c++)b=this[c]||{},1===b.nodeType&&(n.cleanData(ea(b,!1)),b.innerHTML=a);b=0}catch(e){}}b&&this.empty().append(a)},null,a,arguments.length)},replaceWith:function(){var a=[];return Ha(this,arguments,function(b){var c=this.parentNode;n.inArray(this,a)<0&&(n.cleanData(ea(this)),c&&c.replaceChild(b,this))},a)}}),n.each({appendTo:"append",prependTo:"prepend",insertBefore:"before",insertAfter:"after",replaceAll:"replaceWith"},function(a,b){n.fn[a]=function(a){for(var c,d=0,e=[],f=n(a),h=f.length-1;h>=d;d++)c=d===h?this:this.clone(!0),n(f[d])[b](c),g.apply(e,c.get());return this.pushStack(e)}});var Ja,Ka={HTML:"block",BODY:"block"};function La(a,b){var c=n(b.createElement(a)).appendTo(b.body),d=n.css(c[0],"display");return c.detach(),d}function Ma(a){var b=d,c=Ka[a];return c||(c=La(a,b),"none"!==c&&c||(Ja=(Ja||n("<iframe frameborder='0' width='0' height='0'/>")).appendTo(b.documentElement),b=(Ja[0].contentWindow||Ja[0].contentDocument).document,b.write(),b.close(),c=La(a,b),Ja.detach()),Ka[a]=c),c}var Na=/^margin/,Oa=new RegExp("^("+T+")(?!px)[a-z%]+$","i"),Pa=function(a,b,c,d){var e,f,g={};for(f in b)g[f]=a.style[f],a.style[f]=b[f];e=c.apply(a,d||[]);for(f in b)a.style[f]=g[f];return e},Qa=d.documentElement;!function(){var b,c,e,f,g,h,i=d.createElement("div"),j=d.createElement("div");if(j.style){j.style.cssText="float:left;opacity:.5",l.opacity="0.5"===j.style.opacity,l.cssFloat=!!j.style.cssFloat,j.style.backgroundClip="content-box",j.cloneNode(!0).style.backgroundClip="",l.clearCloneStyle="content-box"===j.style.backgroundClip,i=d.createElement("div"),i.style.cssText="border:0;width:8px;height:0;top:0;left:-9999px;padding:0;margin-top:1px;position:absolute",j.innerHTML="",i.appendChild(j),l.boxSizing=""===j.style.boxSizing||""===j.style.MozBoxSizing||""===j.style.WebkitBoxSizing,n.extend(l,{reliableHiddenOffsets:function(){return null==b&&k(),f},boxSizingReliable:function(){return null==b&&k(),e},pixelMarginRight:function(){return null==b&&k(),c},pixelPosition:function(){return null==b&&k(),b},reliableMarginRight:function(){return null==b&&k(),g},reliableMarginLeft:function(){return null==b&&k(),h}});function k(){var k,l,m=d.documentElement;m.appendChild(i),j.style.cssText="-webkit-box-sizing:border-box;box-sizing:border-box;position:relative;display:block;margin:auto;border:1px;padding:1px;top:1%;width:50%",b=e=h=!1,c=g=!0,a.getComputedStyle&&(l=a.getComputedStyle(j),b="1%"!==(l||{}).top,h="2px"===(l||{}).marginLeft,e="4px"===(l||{width:"4px"}).width,j.style.marginRight="50%",c="4px"===(l||{marginRight:"4px"}).marginRight,k=j.appendChild(d.createElement("div")),k.style.cssText=j.style.cssText="-webkit-box-sizing:content-box;-moz-box-sizing:content-box;box-sizing:content-box;display:block;margin:0;border:0;padding:0",k.style.marginRight=k.style.width="0",j.style.width="1px",g=!parseFloat((a.getComputedStyle(k)||{}).marginRight),j.removeChild(k)),j.style.display="none",f=0===j.getClientRects().length,f&&(j.style.display="",j.innerHTML="<table><tr><td></td><td>t</td></tr></table>",j.childNodes[0].style.borderCollapse="separate",k=j.getElementsByTagName("td"),k[0].style.cssText="margin:0;border:0;padding:0;display:none",f=0===k[0].offsetHeight,f&&(k[0].style.display="",k[1].style.display="none",f=0===k[0].offsetHeight)),m.removeChild(i)}}}();var Ra,Sa,Ta=/^(top|right|bottom|left)$/;a.getComputedStyle?(Ra=function(b){var c=b.ownerDocument.defaultView;return c&&c.opener||(c=a),c.getComputedStyle(b)},Sa=function(a,b,c){var d,e,f,g,h=a.style;return c=c||Ra(a),g=c?c.getPropertyValue(b)||c[b]:void 0,""!==g&&void 0!==g||n.contains(a.ownerDocument,a)||(g=n.style(a,b)),c&&!l.pixelMarginRight()&&Oa.test(g)&&Na.test(b)&&(d=h.width,e=h.minWidth,f=h.maxWidth,h.minWidth=h.maxWidth=h.width=g,g=c.width,h.width=d,h.minWidth=e,h.maxWidth=f),void 0===g?g:g+""}):Qa.currentStyle&&(Ra=function(a){return a.currentStyle},Sa=function(a,b,c){var d,e,f,g,h=a.style;return c=c||Ra(a),g=c?c[b]:void 0,null==g&&h&&h[b]&&(g=h[b]),Oa.test(g)&&!Ta.test(b)&&(d=h.left,e=a.runtimeStyle,f=e&&e.left,f&&(e.left=a.currentStyle.left),h.left="fontSize"===b?"1em":g,g=h.pixelLeft+"px",h.left=d,f&&(e.left=f)),void 0===g?g:g+""||"auto"});function Ua(a,b){return{get:function(){return a()?void delete this.get:(this.get=b).apply(this,arguments)}}}var Va=/alpha\([^)]*\)/i,Wa=/opacity\s*=\s*([^)]*)/i,Xa=/^(none|table(?!-c[ea]).+)/,Ya=new RegExp("^("+T+")(.*)$","i"),Za={position:"absolute",visibility:"hidden",display:"block"},$a={letterSpacing:"0",fontWeight:"400"},_a=["Webkit","O","Moz","ms"],ab=d.createElement("div").style;function bb(a){if(a in ab)return a;var b=a.charAt(0).toUpperCase()+a.slice(1),c=_a.length;while(c--)if(a=_a[c]+b,a in ab)return a}function cb(a,b){for(var c,d,e,f=[],g=0,h=a.length;h>g;g++)d=a[g],d.style&&(f[g]=n._data(d,"olddisplay"),c=d.style.display,b?(f[g]||"none"!==c||(d.style.display=""),""===d.style.display&&W(d)&&(f[g]=n._data(d,"olddisplay",Ma(d.nodeName)))):(e=W(d),(c&&"none"!==c||!e)&&n._data(d,"olddisplay",e?c:n.css(d,"display"))));for(g=0;h>g;g++)d=a[g],d.style&&(b&&"none"!==d.style.display&&""!==d.style.display||(d.style.display=b?f[g]||"":"none"));return a}function db(a,b,c){var d=Ya.exec(b);return d?Math.max(0,d[1]-(c||0))+(d[2]||"px"):b}function eb(a,b,c,d,e){for(var f=c===(d?"border":"content")?4:"width"===b?1:0,g=0;4>f;f+=2)"margin"===c&&(g+=n.css(a,c+V[f],!0,e)),d?("content"===c&&(g-=n.css(a,"padding"+V[f],!0,e)),"margin"!==c&&(g-=n.css(a,"border"+V[f]+"Width",!0,e))):(g+=n.css(a,"padding"+V[f],!0,e),"padding"!==c&&(g+=n.css(a,"border"+V[f]+"Width",!0,e)));return g}function fb(a,b,c){var d=!0,e="width"===b?a.offsetWidth:a.offsetHeight,f=Ra(a),g=l.boxSizing&&"border-box"===n.css(a,"boxSizing",!1,f);if(0>=e||null==e){if(e=Sa(a,b,f),(0>e||null==e)&&(e=a.style[b]),Oa.test(e))return e;d=g&&(l.boxSizingReliable()||e===a.style[b]),e=parseFloat(e)||0}return e+eb(a,b,c||(g?"border":"content"),d,f)+"px"}n.extend({cssHooks:{opacity:{get:function(a,b){if(b){var c=Sa(a,"opacity");return""===c?"1":c}}}},cssNumber:{animationIterationCount:!0,columnCount:!0,fillOpacity:!0,flexGrow:!0,flexShrink:!0,fontWeight:!0,lineHeight:!0,opacity:!0,order:!0,orphans:!0,widows:!0,zIndex:!0,zoom:!0},cssProps:{"float":l.cssFloat?"cssFloat":"styleFloat"},style:function(a,b,c,d){if(a&&3!==a.nodeType&&8!==a.nodeType&&a.style){var e,f,g,h=n.camelCase(b),i=a.style;if(b=n.cssProps[h]||(n.cssProps[h]=bb(h)||h),g=n.cssHooks[b]||n.cssHooks[h],void 0===c)return g&&"get"in g&&void 0!==(e=g.get(a,!1,d))?e:i[b];if(f=typeof c,"string"===f&&(e=U.exec(c))&&e[1]&&(c=X(a,b,e),f="number"),null!=c&&c===c&&("number"===f&&(c+=e&&e[3]||(n.cssNumber[h]?"":"px")),l.clearCloneStyle||""!==c||0!==b.indexOf("background")||(i[b]="inherit"),!(g&&"set"in g&&void 0===(c=g.set(a,c,d)))))try{i[b]=c}catch(j){}}},css:function(a,b,c,d){var e,f,g,h=n.camelCase(b);return b=n.cssProps[h]||(n.cssProps[h]=bb(h)||h),g=n.cssHooks[b]||n.cssHooks[h],g&&"get"in g&&(f=g.get(a,!0,c)),void 0===f&&(f=Sa(a,b,d)),"normal"===f&&b in $a&&(f=$a[b]),""===c||c?(e=parseFloat(f),c===!0||isFinite(e)?e||0:f):f}}),n.each(["height","width"],function(a,b){n.cssHooks[b]={get:function(a,c,d){return c?Xa.test(n.css(a,"display"))&&0===a.offsetWidth?Pa(a,Za,function(){return fb(a,b,d)}):fb(a,b,d):void 0},set:function(a,c,d){var e=d&&Ra(a);return db(a,c,d?eb(a,b,d,l.boxSizing&&"border-box"===n.css(a,"boxSizing",!1,e),e):0)}}}),l.opacity||(n.cssHooks.opacity={get:function(a,b){return Wa.test((b&&a.currentStyle?a.currentStyle.filter:a.style.filter)||"")?.01*parseFloat(RegExp.$1)+"":b?"1":""},set:function(a,b){var c=a.style,d=a.currentStyle,e=n.isNumeric(b)?"alpha(opacity="+100*b+")":"",f=d&&d.filter||c.filter||"";c.zoom=1,(b>=1||""===b)&&""===n.trim(f.replace(Va,""))&&c.removeAttribute&&(c.removeAttribute("filter"),""===b||d&&!d.filter)||(c.filter=Va.test(f)?f.replace(Va,e):f+" "+e)}}),n.cssHooks.marginRight=Ua(l.reliableMarginRight,function(a,b){return b?Pa(a,{display:"inline-block"},Sa,[a,"marginRight"]):void 0}),n.cssHooks.marginLeft=Ua(l.reliableMarginLeft,function(a,b){return b?(parseFloat(Sa(a,"marginLeft"))||(n.contains(a.ownerDocument,a)?a.getBoundingClientRect().left-Pa(a,{
marginLeft:0},function(){return a.getBoundingClientRect().left}):0))+"px":void 0}),n.each({margin:"",padding:"",border:"Width"},function(a,b){n.cssHooks[a+b]={expand:function(c){for(var d=0,e={},f="string"==typeof c?c.split(" "):[c];4>d;d++)e[a+V[d]+b]=f[d]||f[d-2]||f[0];return e}},Na.test(a)||(n.cssHooks[a+b].set=db)}),n.fn.extend({css:function(a,b){return Y(this,function(a,b,c){var d,e,f={},g=0;if(n.isArray(b)){for(d=Ra(a),e=b.length;e>g;g++)f[b[g]]=n.css(a,b[g],!1,d);return f}return void 0!==c?n.style(a,b,c):n.css(a,b)},a,b,arguments.length>1)},show:function(){return cb(this,!0)},hide:function(){return cb(this)},toggle:function(a){return"boolean"==typeof a?a?this.show():this.hide():this.each(function(){W(this)?n(this).show():n(this).hide()})}});function gb(a,b,c,d,e){return new gb.prototype.init(a,b,c,d,e)}n.Tween=gb,gb.prototype={constructor:gb,init:function(a,b,c,d,e,f){this.elem=a,this.prop=c,this.easing=e||n.easing._default,this.options=b,this.start=this.now=this.cur(),this.end=d,this.unit=f||(n.cssNumber[c]?"":"px")},cur:function(){var a=gb.propHooks[this.prop];return a&&a.get?a.get(this):gb.propHooks._default.get(this)},run:function(a){var b,c=gb.propHooks[this.prop];return this.options.duration?this.pos=b=n.easing[this.easing](a,this.options.duration*a,0,1,this.options.duration):this.pos=b=a,this.now=(this.end-this.start)*b+this.start,this.options.step&&this.options.step.call(this.elem,this.now,this),c&&c.set?c.set(this):gb.propHooks._default.set(this),this}},gb.prototype.init.prototype=gb.prototype,gb.propHooks={_default:{get:function(a){var b;return 1!==a.elem.nodeType||null!=a.elem[a.prop]&&null==a.elem.style[a.prop]?a.elem[a.prop]:(b=n.css(a.elem,a.prop,""),b&&"auto"!==b?b:0)},set:function(a){n.fx.step[a.prop]?n.fx.step[a.prop](a):1!==a.elem.nodeType||null==a.elem.style[n.cssProps[a.prop]]&&!n.cssHooks[a.prop]?a.elem[a.prop]=a.now:n.style(a.elem,a.prop,a.now+a.unit)}}},gb.propHooks.scrollTop=gb.propHooks.scrollLeft={set:function(a){a.elem.nodeType&&a.elem.parentNode&&(a.elem[a.prop]=a.now)}},n.easing={linear:function(a){return a},swing:function(a){return.5-Math.cos(a*Math.PI)/2},_default:"swing"},n.fx=gb.prototype.init,n.fx.step={};var hb,ib,jb=/^(?:toggle|show|hide)$/,kb=/queueHooks$/;function lb(){return a.setTimeout(function(){hb=void 0}),hb=n.now()}function mb(a,b){var c,d={height:a},e=0;for(b=b?1:0;4>e;e+=2-b)c=V[e],d["margin"+c]=d["padding"+c]=a;return b&&(d.opacity=d.width=a),d}function nb(a,b,c){for(var d,e=(qb.tweeners[b]||[]).concat(qb.tweeners["*"]),f=0,g=e.length;g>f;f++)if(d=e[f].call(c,b,a))return d}function ob(a,b,c){var d,e,f,g,h,i,j,k,m=this,o={},p=a.style,q=a.nodeType&&W(a),r=n._data(a,"fxshow");c.queue||(h=n._queueHooks(a,"fx"),null==h.unqueued&&(h.unqueued=0,i=h.empty.fire,h.empty.fire=function(){h.unqueued||i()}),h.unqueued++,m.always(function(){m.always(function(){h.unqueued--,n.queue(a,"fx").length||h.empty.fire()})})),1===a.nodeType&&("height"in b||"width"in b)&&(c.overflow=[p.overflow,p.overflowX,p.overflowY],j=n.css(a,"display"),k="none"===j?n._data(a,"olddisplay")||Ma(a.nodeName):j,"inline"===k&&"none"===n.css(a,"float")&&(l.inlineBlockNeedsLayout&&"inline"!==Ma(a.nodeName)?p.zoom=1:p.display="inline-block")),c.overflow&&(p.overflow="hidden",l.shrinkWrapBlocks()||m.always(function(){p.overflow=c.overflow[0],p.overflowX=c.overflow[1],p.overflowY=c.overflow[2]}));for(d in b)if(e=b[d],jb.exec(e)){if(delete b[d],f=f||"toggle"===e,e===(q?"hide":"show")){if("show"!==e||!r||void 0===r[d])continue;q=!0}o[d]=r&&r[d]||n.style(a,d)}else j=void 0;if(n.isEmptyObject(o))"inline"===("none"===j?Ma(a.nodeName):j)&&(p.display=j);else{r?"hidden"in r&&(q=r.hidden):r=n._data(a,"fxshow",{}),f&&(r.hidden=!q),q?n(a).show():m.done(function(){n(a).hide()}),m.done(function(){var b;n._removeData(a,"fxshow");for(b in o)n.style(a,b,o[b])});for(d in o)g=nb(q?r[d]:0,d,m),d in r||(r[d]=g.start,q&&(g.end=g.start,g.start="width"===d||"height"===d?1:0))}}function pb(a,b){var c,d,e,f,g;for(c in a)if(d=n.camelCase(c),e=b[d],f=a[c],n.isArray(f)&&(e=f[1],f=a[c]=f[0]),c!==d&&(a[d]=f,delete a[c]),g=n.cssHooks[d],g&&"expand"in g){f=g.expand(f),delete a[d];for(c in f)c in a||(a[c]=f[c],b[c]=e)}else b[d]=e}function qb(a,b,c){var d,e,f=0,g=qb.prefilters.length,h=n.Deferred().always(function(){delete i.elem}),i=function(){if(e)return!1;for(var b=hb||lb(),c=Math.max(0,j.startTime+j.duration-b),d=c/j.duration||0,f=1-d,g=0,i=j.tweens.length;i>g;g++)j.tweens[g].run(f);return h.notifyWith(a,[j,f,c]),1>f&&i?c:(h.resolveWith(a,[j]),!1)},j=h.promise({elem:a,props:n.extend({},b),opts:n.extend(!0,{specialEasing:{},easing:n.easing._default},c),originalProperties:b,originalOptions:c,startTime:hb||lb(),duration:c.duration,tweens:[],createTween:function(b,c){var d=n.Tween(a,j.opts,b,c,j.opts.specialEasing[b]||j.opts.easing);return j.tweens.push(d),d},stop:function(b){var c=0,d=b?j.tweens.length:0;if(e)return this;for(e=!0;d>c;c++)j.tweens[c].run(1);return b?(h.notifyWith(a,[j,1,0]),h.resolveWith(a,[j,b])):h.rejectWith(a,[j,b]),this}}),k=j.props;for(pb(k,j.opts.specialEasing);g>f;f++)if(d=qb.prefilters[f].call(j,a,k,j.opts))return n.isFunction(d.stop)&&(n._queueHooks(j.elem,j.opts.queue).stop=n.proxy(d.stop,d)),d;return n.map(k,nb,j),n.isFunction(j.opts.start)&&j.opts.start.call(a,j),n.fx.timer(n.extend(i,{elem:a,anim:j,queue:j.opts.queue})),j.progress(j.opts.progress).done(j.opts.done,j.opts.complete).fail(j.opts.fail).always(j.opts.always)}n.Animation=n.extend(qb,{tweeners:{"*":[function(a,b){var c=this.createTween(a,b);return X(c.elem,a,U.exec(b),c),c}]},tweener:function(a,b){n.isFunction(a)?(b=a,a=["*"]):a=a.match(G);for(var c,d=0,e=a.length;e>d;d++)c=a[d],qb.tweeners[c]=qb.tweeners[c]||[],qb.tweeners[c].unshift(b)},prefilters:[ob],prefilter:function(a,b){b?qb.prefilters.unshift(a):qb.prefilters.push(a)}}),n.speed=function(a,b,c){var d=a&&"object"==typeof a?n.extend({},a):{complete:c||!c&&b||n.isFunction(a)&&a,duration:a,easing:c&&b||b&&!n.isFunction(b)&&b};return d.duration=n.fx.off?0:"number"==typeof d.duration?d.duration:d.duration in n.fx.speeds?n.fx.speeds[d.duration]:n.fx.speeds._default,null!=d.queue&&d.queue!==!0||(d.queue="fx"),d.old=d.complete,d.complete=function(){n.isFunction(d.old)&&d.old.call(this),d.queue&&n.dequeue(this,d.queue)},d},n.fn.extend({fadeTo:function(a,b,c,d){return this.filter(W).css("opacity",0).show().end().animate({opacity:b},a,c,d)},animate:function(a,b,c,d){var e=n.isEmptyObject(a),f=n.speed(b,c,d),g=function(){var b=qb(this,n.extend({},a),f);(e||n._data(this,"finish"))&&b.stop(!0)};return g.finish=g,e||f.queue===!1?this.each(g):this.queue(f.queue,g)},stop:function(a,b,c){var d=function(a){var b=a.stop;delete a.stop,b(c)};return"string"!=typeof a&&(c=b,b=a,a=void 0),b&&a!==!1&&this.queue(a||"fx",[]),this.each(function(){var b=!0,e=null!=a&&a+"queueHooks",f=n.timers,g=n._data(this);if(e)g[e]&&g[e].stop&&d(g[e]);else for(e in g)g[e]&&g[e].stop&&kb.test(e)&&d(g[e]);for(e=f.length;e--;)f[e].elem!==this||null!=a&&f[e].queue!==a||(f[e].anim.stop(c),b=!1,f.splice(e,1));!b&&c||n.dequeue(this,a)})},finish:function(a){return a!==!1&&(a=a||"fx"),this.each(function(){var b,c=n._data(this),d=c[a+"queue"],e=c[a+"queueHooks"],f=n.timers,g=d?d.length:0;for(c.finish=!0,n.queue(this,a,[]),e&&e.stop&&e.stop.call(this,!0),b=f.length;b--;)f[b].elem===this&&f[b].queue===a&&(f[b].anim.stop(!0),f.splice(b,1));for(b=0;g>b;b++)d[b]&&d[b].finish&&d[b].finish.call(this);delete c.finish})}}),n.each(["toggle","show","hide"],function(a,b){var c=n.fn[b];n.fn[b]=function(a,d,e){return null==a||"boolean"==typeof a?c.apply(this,arguments):this.animate(mb(b,!0),a,d,e)}}),n.each({slideDown:mb("show"),slideUp:mb("hide"),slideToggle:mb("toggle"),fadeIn:{opacity:"show"},fadeOut:{opacity:"hide"},fadeToggle:{opacity:"toggle"}},function(a,b){n.fn[a]=function(a,c,d){return this.animate(b,a,c,d)}}),n.timers=[],n.fx.tick=function(){var a,b=n.timers,c=0;for(hb=n.now();c<b.length;c++)a=b[c],a()||b[c]!==a||b.splice(c--,1);b.length||n.fx.stop(),hb=void 0},n.fx.timer=function(a){n.timers.push(a),a()?n.fx.start():n.timers.pop()},n.fx.interval=13,n.fx.start=function(){ib||(ib=a.setInterval(n.fx.tick,n.fx.interval))},n.fx.stop=function(){a.clearInterval(ib),ib=null},n.fx.speeds={slow:600,fast:200,_default:400},n.fn.delay=function(b,c){return b=n.fx?n.fx.speeds[b]||b:b,c=c||"fx",this.queue(c,function(c,d){var e=a.setTimeout(c,b);d.stop=function(){a.clearTimeout(e)}})},function(){var a,b=d.createElement("input"),c=d.createElement("div"),e=d.createElement("select"),f=e.appendChild(d.createElement("option"));c=d.createElement("div"),c.setAttribute("className","t"),c.innerHTML="  <link/><table></table><a href='/a'>a</a><input type='checkbox'/>",a=c.getElementsByTagName("a")[0],b.setAttribute("type","checkbox"),c.appendChild(b),a=c.getElementsByTagName("a")[0],a.style.cssText="top:1px",l.getSetAttribute="t"!==c.className,l.style=/top/.test(a.getAttribute("style")),l.hrefNormalized="/a"===a.getAttribute("href"),l.checkOn=!!b.value,l.optSelected=f.selected,l.enctype=!!d.createElement("form").enctype,e.disabled=!0,l.optDisabled=!f.disabled,b=d.createElement("input"),b.setAttribute("value",""),l.input=""===b.getAttribute("value"),b.value="t",b.setAttribute("type","radio"),l.radioValue="t"===b.value}();var rb=/\r/g,sb=/[\x20\t\r\n\f]+/g;n.fn.extend({val:function(a){var b,c,d,e=this[0];{if(arguments.length)return d=n.isFunction(a),this.each(function(c){var e;1===this.nodeType&&(e=d?a.call(this,c,n(this).val()):a,null==e?e="":"number"==typeof e?e+="":n.isArray(e)&&(e=n.map(e,function(a){return null==a?"":a+""})),b=n.valHooks[this.type]||n.valHooks[this.nodeName.toLowerCase()],b&&"set"in b&&void 0!==b.set(this,e,"value")||(this.value=e))});if(e)return b=n.valHooks[e.type]||n.valHooks[e.nodeName.toLowerCase()],b&&"get"in b&&void 0!==(c=b.get(e,"value"))?c:(c=e.value,"string"==typeof c?c.replace(rb,""):null==c?"":c)}}}),n.extend({valHooks:{option:{get:function(a){var b=n.find.attr(a,"value");return null!=b?b:n.trim(n.text(a)).replace(sb," ")}},select:{get:function(a){for(var b,c,d=a.options,e=a.selectedIndex,f="select-one"===a.type||0>e,g=f?null:[],h=f?e+1:d.length,i=0>e?h:f?e:0;h>i;i++)if(c=d[i],(c.selected||i===e)&&(l.optDisabled?!c.disabled:null===c.getAttribute("disabled"))&&(!c.parentNode.disabled||!n.nodeName(c.parentNode,"optgroup"))){if(b=n(c).val(),f)return b;g.push(b)}return g},set:function(a,b){var c,d,e=a.options,f=n.makeArray(b),g=e.length;while(g--)if(d=e[g],n.inArray(n.valHooks.option.get(d),f)>-1)try{d.selected=c=!0}catch(h){d.scrollHeight}else d.selected=!1;return c||(a.selectedIndex=-1),e}}}}),n.each(["radio","checkbox"],function(){n.valHooks[this]={set:function(a,b){return n.isArray(b)?a.checked=n.inArray(n(a).val(),b)>-1:void 0}},l.checkOn||(n.valHooks[this].get=function(a){return null===a.getAttribute("value")?"on":a.value})});var tb,ub,vb=n.expr.attrHandle,wb=/^(?:checked|selected)$/i,xb=l.getSetAttribute,yb=l.input;n.fn.extend({attr:function(a,b){return Y(this,n.attr,a,b,arguments.length>1)},removeAttr:function(a){return this.each(function(){n.removeAttr(this,a)})}}),n.extend({attr:function(a,b,c){var d,e,f=a.nodeType;if(3!==f&&8!==f&&2!==f)return"undefined"==typeof a.getAttribute?n.prop(a,b,c):(1===f&&n.isXMLDoc(a)||(b=b.toLowerCase(),e=n.attrHooks[b]||(n.expr.match.bool.test(b)?ub:tb)),void 0!==c?null===c?void n.removeAttr(a,b):e&&"set"in e&&void 0!==(d=e.set(a,c,b))?d:(a.setAttribute(b,c+""),c):e&&"get"in e&&null!==(d=e.get(a,b))?d:(d=n.find.attr(a,b),null==d?void 0:d))},attrHooks:{type:{set:function(a,b){if(!l.radioValue&&"radio"===b&&n.nodeName(a,"input")){var c=a.value;return a.setAttribute("type",b),c&&(a.value=c),b}}}},removeAttr:function(a,b){var c,d,e=0,f=b&&b.match(G);if(f&&1===a.nodeType)while(c=f[e++])d=n.propFix[c]||c,n.expr.match.bool.test(c)?yb&&xb||!wb.test(c)?a[d]=!1:a[n.camelCase("default-"+c)]=a[d]=!1:n.attr(a,c,""),a.removeAttribute(xb?c:d)}}),ub={set:function(a,b,c){return b===!1?n.removeAttr(a,c):yb&&xb||!wb.test(c)?a.setAttribute(!xb&&n.propFix[c]||c,c):a[n.camelCase("default-"+c)]=a[c]=!0,c}},n.each(n.expr.match.bool.source.match(/\w+/g),function(a,b){var c=vb[b]||n.find.attr;yb&&xb||!wb.test(b)?vb[b]=function(a,b,d){var e,f;return d||(f=vb[b],vb[b]=e,e=null!=c(a,b,d)?b.toLowerCase():null,vb[b]=f),e}:vb[b]=function(a,b,c){return c?void 0:a[n.camelCase("default-"+b)]?b.toLowerCase():null}}),yb&&xb||(n.attrHooks.value={set:function(a,b,c){return n.nodeName(a,"input")?void(a.defaultValue=b):tb&&tb.set(a,b,c)}}),xb||(tb={set:function(a,b,c){var d=a.getAttributeNode(c);return d||a.setAttributeNode(d=a.ownerDocument.createAttribute(c)),d.value=b+="","value"===c||b===a.getAttribute(c)?b:void 0}},vb.id=vb.name=vb.coords=function(a,b,c){var d;return c?void 0:(d=a.getAttributeNode(b))&&""!==d.value?d.value:null},n.valHooks.button={get:function(a,b){var c=a.getAttributeNode(b);return c&&c.specified?c.value:void 0},set:tb.set},n.attrHooks.contenteditable={set:function(a,b,c){tb.set(a,""===b?!1:b,c)}},n.each(["width","height"],function(a,b){n.attrHooks[b]={set:function(a,c){return""===c?(a.setAttribute(b,"auto"),c):void 0}}})),l.style||(n.attrHooks.style={get:function(a){return a.style.cssText||void 0},set:function(a,b){return a.style.cssText=b+""}});var zb=/^(?:input|select|textarea|button|object)$/i,Ab=/^(?:a|area)$/i;n.fn.extend({prop:function(a,b){return Y(this,n.prop,a,b,arguments.length>1)},removeProp:function(a){return a=n.propFix[a]||a,this.each(function(){try{this[a]=void 0,delete this[a]}catch(b){}})}}),n.extend({prop:function(a,b,c){var d,e,f=a.nodeType;if(3!==f&&8!==f&&2!==f)return 1===f&&n.isXMLDoc(a)||(b=n.propFix[b]||b,e=n.propHooks[b]),void 0!==c?e&&"set"in e&&void 0!==(d=e.set(a,c,b))?d:a[b]=c:e&&"get"in e&&null!==(d=e.get(a,b))?d:a[b]},propHooks:{tabIndex:{get:function(a){var b=n.find.attr(a,"tabindex");return b?parseInt(b,10):zb.test(a.nodeName)||Ab.test(a.nodeName)&&a.href?0:-1}}},propFix:{"for":"htmlFor","class":"className"}}),l.hrefNormalized||n.each(["href","src"],function(a,b){n.propHooks[b]={get:function(a){return a.getAttribute(b,4)}}}),l.optSelected||(n.propHooks.selected={get:function(a){var b=a.parentNode;return b&&(b.selectedIndex,b.parentNode&&b.parentNode.selectedIndex),null},set:function(a){var b=a.parentNode;b&&(b.selectedIndex,b.parentNode&&b.parentNode.selectedIndex)}}),n.each(["tabIndex","readOnly","maxLength","cellSpacing","cellPadding","rowSpan","colSpan","useMap","frameBorder","contentEditable"],function(){n.propFix[this.toLowerCase()]=this}),l.enctype||(n.propFix.enctype="encoding");var Bb=/[\t\r\n\f]/g;function Cb(a){return n.attr(a,"class")||""}n.fn.extend({addClass:function(a){var b,c,d,e,f,g,h,i=0;if(n.isFunction(a))return this.each(function(b){n(this).addClass(a.call(this,b,Cb(this)))});if("string"==typeof a&&a){b=a.match(G)||[];while(c=this[i++])if(e=Cb(c),d=1===c.nodeType&&(" "+e+" ").replace(Bb," ")){g=0;while(f=b[g++])d.indexOf(" "+f+" ")<0&&(d+=f+" ");h=n.trim(d),e!==h&&n.attr(c,"class",h)}}return this},removeClass:function(a){var b,c,d,e,f,g,h,i=0;if(n.isFunction(a))return this.each(function(b){n(this).removeClass(a.call(this,b,Cb(this)))});if(!arguments.length)return this.attr("class","");if("string"==typeof a&&a){b=a.match(G)||[];while(c=this[i++])if(e=Cb(c),d=1===c.nodeType&&(" "+e+" ").replace(Bb," ")){g=0;while(f=b[g++])while(d.indexOf(" "+f+" ")>-1)d=d.replace(" "+f+" "," ");h=n.trim(d),e!==h&&n.attr(c,"class",h)}}return this},toggleClass:function(a,b){var c=typeof a;return"boolean"==typeof b&&"string"===c?b?this.addClass(a):this.removeClass(a):n.isFunction(a)?this.each(function(c){n(this).toggleClass(a.call(this,c,Cb(this),b),b)}):this.each(function(){var b,d,e,f;if("string"===c){d=0,e=n(this),f=a.match(G)||[];while(b=f[d++])e.hasClass(b)?e.removeClass(b):e.addClass(b)}else void 0!==a&&"boolean"!==c||(b=Cb(this),b&&n._data(this,"__className__",b),n.attr(this,"class",b||a===!1?"":n._data(this,"__className__")||""))})},hasClass:function(a){var b,c,d=0;b=" "+a+" ";while(c=this[d++])if(1===c.nodeType&&(" "+Cb(c)+" ").replace(Bb," ").indexOf(b)>-1)return!0;return!1}}),n.each("blur focus focusin focusout load resize scroll unload click dblclick mousedown mouseup mousemove mouseover mouseout mouseenter mouseleave change select submit keydown keypress keyup error contextmenu".split(" "),function(a,b){n.fn[b]=function(a,c){return arguments.length>0?this.on(b,null,a,c):this.trigger(b)}}),n.fn.extend({hover:function(a,b){return this.mouseenter(a).mouseleave(b||a)}});var Db=a.location,Eb=n.now(),Fb=/\?/,Gb=/(,)|(\[|{)|(}|])|"(?:[^"\\\r\n]|\\["\\\/bfnrt]|\\u[\da-fA-F]{4})*"\s*:?|true|false|null|-?(?!0\d)\d+(?:\.\d+|)(?:[eE][+-]?\d+|)/g;n.parseJSON=function(b){if(a.JSON&&a.JSON.parse)return a.JSON.parse(b+"");var c,d=null,e=n.trim(b+"");return e&&!n.trim(e.replace(Gb,function(a,b,e,f){return c&&b&&(d=0),0===d?a:(c=e||b,d+=!f-!e,"")}))?Function("return "+e)():n.error("Invalid JSON: "+b)},n.parseXML=function(b){var c,d;if(!b||"string"!=typeof b)return null;try{a.DOMParser?(d=new a.DOMParser,c=d.parseFromString(b,"text/xml")):(c=new a.ActiveXObject("Microsoft.XMLDOM"),c.async="false",c.loadXML(b))}catch(e){c=void 0}return c&&c.documentElement&&!c.getElementsByTagName("parsererror").length||n.error("Invalid XML: "+b),c};var Hb=/#.*$/,Ib=/([?&])_=[^&]*/,Jb=/^(.*?):[ \t]*([^\r\n]*)\r?$/gm,Kb=/^(?:about|app|app-storage|.+-extension|file|res|widget):$/,Lb=/^(?:GET|HEAD)$/,Mb=/^\/\//,Nb=/^([\w.+-]+:)(?:\/\/(?:[^\/?#]*@|)([^\/?#:]*)(?::(\d+)|)|)/,Ob={},Pb={},Qb="*/".concat("*"),Rb=Db.href,Sb=Nb.exec(Rb.toLowerCase())||[];function Tb(a){return function(b,c){"string"!=typeof b&&(c=b,b="*");var d,e=0,f=b.toLowerCase().match(G)||[];if(n.isFunction(c))while(d=f[e++])"+"===d.charAt(0)?(d=d.slice(1)||"*",(a[d]=a[d]||[]).unshift(c)):(a[d]=a[d]||[]).push(c)}}function Ub(a,b,c,d){var e={},f=a===Pb;function g(h){var i;return e[h]=!0,n.each(a[h]||[],function(a,h){var j=h(b,c,d);return"string"!=typeof j||f||e[j]?f?!(i=j):void 0:(b.dataTypes.unshift(j),g(j),!1)}),i}return g(b.dataTypes[0])||!e["*"]&&g("*")}function Vb(a,b){var c,d,e=n.ajaxSettings.flatOptions||{};for(d in b)void 0!==b[d]&&((e[d]?a:c||(c={}))[d]=b[d]);return c&&n.extend(!0,a,c),a}function Wb(a,b,c){var d,e,f,g,h=a.contents,i=a.dataTypes;while("*"===i[0])i.shift(),void 0===e&&(e=a.mimeType||b.getResponseHeader("Content-Type"));if(e)for(g in h)if(h[g]&&h[g].test(e)){i.unshift(g);break}if(i[0]in c)f=i[0];else{for(g in c){if(!i[0]||a.converters[g+" "+i[0]]){f=g;break}d||(d=g)}f=f||d}return f?(f!==i[0]&&i.unshift(f),c[f]):void 0}function Xb(a,b,c,d){var e,f,g,h,i,j={},k=a.dataTypes.slice();if(k[1])for(g in a.converters)j[g.toLowerCase()]=a.converters[g];f=k.shift();while(f)if(a.responseFields[f]&&(c[a.responseFields[f]]=b),!i&&d&&a.dataFilter&&(b=a.dataFilter(b,a.dataType)),i=f,f=k.shift())if("*"===f)f=i;else if("*"!==i&&i!==f){if(g=j[i+" "+f]||j["* "+f],!g)for(e in j)if(h=e.split(" "),h[1]===f&&(g=j[i+" "+h[0]]||j["* "+h[0]])){g===!0?g=j[e]:j[e]!==!0&&(f=h[0],k.unshift(h[1]));break}if(g!==!0)if(g&&a["throws"])b=g(b);else try{b=g(b)}catch(l){return{state:"parsererror",error:g?l:"No conversion from "+i+" to "+f}}}return{state:"success",data:b}}n.extend({active:0,lastModified:{},etag:{},ajaxSettings:{url:Rb,type:"GET",isLocal:Kb.test(Sb[1]),global:!0,processData:!0,async:!0,contentType:"application/x-www-form-urlencoded; charset=UTF-8",accepts:{"*":Qb,text:"text/plain",html:"text/html",xml:"application/xml, text/xml",json:"application/json, text/javascript"},contents:{xml:/\bxml\b/,html:/\bhtml/,json:/\bjson\b/},responseFields:{xml:"responseXML",text:"responseText",json:"responseJSON"},converters:{"* text":String,"text html":!0,"text json":n.parseJSON,"text xml":n.parseXML},flatOptions:{url:!0,context:!0}},ajaxSetup:function(a,b){return b?Vb(Vb(a,n.ajaxSettings),b):Vb(n.ajaxSettings,a)},ajaxPrefilter:Tb(Ob),ajaxTransport:Tb(Pb),ajax:function(b,c){"object"==typeof b&&(c=b,b=void 0),c=c||{};var d,e,f,g,h,i,j,k,l=n.ajaxSetup({},c),m=l.context||l,o=l.context&&(m.nodeType||m.jquery)?n(m):n.event,p=n.Deferred(),q=n.Callbacks("once memory"),r=l.statusCode||{},s={},t={},u=0,v="canceled",w={readyState:0,getResponseHeader:function(a){var b;if(2===u){if(!k){k={};while(b=Jb.exec(g))k[b[1].toLowerCase()]=b[2]}b=k[a.toLowerCase()]}return null==b?null:b},getAllResponseHeaders:function(){return 2===u?g:null},setRequestHeader:function(a,b){var c=a.toLowerCase();return u||(a=t[c]=t[c]||a,s[a]=b),this},overrideMimeType:function(a){return u||(l.mimeType=a),this},statusCode:function(a){var b;if(a)if(2>u)for(b in a)r[b]=[r[b],a[b]];else w.always(a[w.status]);return this},abort:function(a){var b=a||v;return j&&j.abort(b),y(0,b),this}};if(p.promise(w).complete=q.add,w.success=w.done,w.error=w.fail,l.url=((b||l.url||Rb)+"").replace(Hb,"").replace(Mb,Sb[1]+"//"),l.type=c.method||c.type||l.method||l.type,l.dataTypes=n.trim(l.dataType||"*").toLowerCase().match(G)||[""],null==l.crossDomain&&(d=Nb.exec(l.url.toLowerCase()),l.crossDomain=!(!d||d[1]===Sb[1]&&d[2]===Sb[2]&&(d[3]||("http:"===d[1]?"80":"443"))===(Sb[3]||("http:"===Sb[1]?"80":"443")))),l.data&&l.processData&&"string"!=typeof l.data&&(l.data=n.param(l.data,l.traditional)),Ub(Ob,l,c,w),2===u)return w;i=n.event&&l.global,i&&0===n.active++&&n.event.trigger("ajaxStart"),l.type=l.type.toUpperCase(),l.hasContent=!Lb.test(l.type),f=l.url,l.hasContent||(l.data&&(f=l.url+=(Fb.test(f)?"&":"?")+l.data,delete l.data),l.cache===!1&&(l.url=Ib.test(f)?f.replace(Ib,"$1_="+Eb++):f+(Fb.test(f)?"&":"?")+"_="+Eb++)),l.ifModified&&(n.lastModified[f]&&w.setRequestHeader("If-Modified-Since",n.lastModified[f]),n.etag[f]&&w.setRequestHeader("If-None-Match",n.etag[f])),(l.data&&l.hasContent&&l.contentType!==!1||c.contentType)&&w.setRequestHeader("Content-Type",l.contentType),w.setRequestHeader("Accept",l.dataTypes[0]&&l.accepts[l.dataTypes[0]]?l.accepts[l.dataTypes[0]]+("*"!==l.dataTypes[0]?", "+Qb+"; q=0.01":""):l.accepts["*"]);for(e in l.headers)w.setRequestHeader(e,l.headers[e]);if(l.beforeSend&&(l.beforeSend.call(m,w,l)===!1||2===u))return w.abort();v="abort";for(e in{success:1,error:1,complete:1})w[e](l[e]);if(j=Ub(Pb,l,c,w)){if(w.readyState=1,i&&o.trigger("ajaxSend",[w,l]),2===u)return w;l.async&&l.timeout>0&&(h=a.setTimeout(function(){w.abort("timeout")},l.timeout));try{u=1,j.send(s,y)}catch(x){if(!(2>u))throw x;y(-1,x)}}else y(-1,"No Transport");function y(b,c,d,e){var k,s,t,v,x,y=c;2!==u&&(u=2,h&&a.clearTimeout(h),j=void 0,g=e||"",w.readyState=b>0?4:0,k=b>=200&&300>b||304===b,d&&(v=Wb(l,w,d)),v=Xb(l,v,w,k),k?(l.ifModified&&(x=w.getResponseHeader("Last-Modified"),x&&(n.lastModified[f]=x),x=w.getResponseHeader("etag"),x&&(n.etag[f]=x)),204===b||"HEAD"===l.type?y="nocontent":304===b?y="notmodified":(y=v.state,s=v.data,t=v.error,k=!t)):(t=y,!b&&y||(y="error",0>b&&(b=0))),w.status=b,w.statusText=(c||y)+"",k?p.resolveWith(m,[s,y,w]):p.rejectWith(m,[w,y,t]),w.statusCode(r),r=void 0,i&&o.trigger(k?"ajaxSuccess":"ajaxError",[w,l,k?s:t]),q.fireWith(m,[w,y]),i&&(o.trigger("ajaxComplete",[w,l]),--n.active||n.event.trigger("ajaxStop")))}return w},getJSON:function(a,b,c){return n.get(a,b,c,"json")},getScript:function(a,b){return n.get(a,void 0,b,"script")}}),n.each(["get","post"],function(a,b){n[b]=function(a,c,d,e){return n.isFunction(c)&&(e=e||d,d=c,c=void 0),n.ajax(n.extend({url:a,type:b,dataType:e,data:c,success:d},n.isPlainObject(a)&&a))}}),n._evalUrl=function(a){return n.ajax({url:a,type:"GET",dataType:"script",cache:!0,async:!1,global:!1,"throws":!0})},n.fn.extend({wrapAll:function(a){if(n.isFunction(a))return this.each(function(b){n(this).wrapAll(a.call(this,b))});if(this[0]){var b=n(a,this[0].ownerDocument).eq(0).clone(!0);this[0].parentNode&&b.insertBefore(this[0]),b.map(function(){var a=this;while(a.firstChild&&1===a.firstChild.nodeType)a=a.firstChild;return a}).append(this)}return this},wrapInner:function(a){return n.isFunction(a)?this.each(function(b){n(this).wrapInner(a.call(this,b))}):this.each(function(){var b=n(this),c=b.contents();c.length?c.wrapAll(a):b.append(a)})},wrap:function(a){var b=n.isFunction(a);return this.each(function(c){n(this).wrapAll(b?a.call(this,c):a)})},unwrap:function(){return this.parent().each(function(){n.nodeName(this,"body")||n(this).replaceWith(this.childNodes)}).end()}});function Yb(a){return a.style&&a.style.display||n.css(a,"display")}function Zb(a){if(!n.contains(a.ownerDocument||d,a))return!0;while(a&&1===a.nodeType){if("none"===Yb(a)||"hidden"===a.type)return!0;a=a.parentNode}return!1}n.expr.filters.hidden=function(a){return l.reliableHiddenOffsets()?a.offsetWidth<=0&&a.offsetHeight<=0&&!a.getClientRects().length:Zb(a)},n.expr.filters.visible=function(a){return!n.expr.filters.hidden(a)};var $b=/%20/g,_b=/\[\]$/,ac=/\r?\n/g,bc=/^(?:submit|button|image|reset|file)$/i,cc=/^(?:input|select|textarea|keygen)/i;function dc(a,b,c,d){var e;if(n.isArray(b))n.each(b,function(b,e){c||_b.test(a)?d(a,e):dc(a+"["+("object"==typeof e&&null!=e?b:"")+"]",e,c,d)});else if(c||"object"!==n.type(b))d(a,b);else for(e in b)dc(a+"["+e+"]",b[e],c,d)}n.param=function(a,b){var c,d=[],e=function(a,b){b=n.isFunction(b)?b():null==b?"":b,d[d.length]=encodeURIComponent(a)+"="+encodeURIComponent(b)};if(void 0===b&&(b=n.ajaxSettings&&n.ajaxSettings.traditional),n.isArray(a)||a.jquery&&!n.isPlainObject(a))n.each(a,function(){e(this.name,this.value)});else for(c in a)dc(c,a[c],b,e);return d.join("&").replace($b,"+")},n.fn.extend({serialize:function(){return n.param(this.serializeArray())},serializeArray:function(){return this.map(function(){var a=n.prop(this,"elements");return a?n.makeArray(a):this}).filter(function(){var a=this.type;return this.name&&!n(this).is(":disabled")&&cc.test(this.nodeName)&&!bc.test(a)&&(this.checked||!Z.test(a))}).map(function(a,b){var c=n(this).val();return null==c?null:n.isArray(c)?n.map(c,function(a){return{name:b.name,value:a.replace(ac,"\r\n")}}):{name:b.name,value:c.replace(ac,"\r\n")}}).get()}}),n.ajaxSettings.xhr=void 0!==a.ActiveXObject?function(){return this.isLocal?ic():d.documentMode>8?hc():/^(get|post|head|put|delete|options)$/i.test(this.type)&&hc()||ic()}:hc;var ec=0,fc={},gc=n.ajaxSettings.xhr();a.attachEvent&&a.attachEvent("onunload",function(){for(var a in fc)fc[a](void 0,!0)}),l.cors=!!gc&&"withCredentials"in gc,gc=l.ajax=!!gc,gc&&n.ajaxTransport(function(b){if(!b.crossDomain||l.cors){var c;return{send:function(d,e){var f,g=b.xhr(),h=++ec;if(g.open(b.type,b.url,b.async,b.username,b.password),b.xhrFields)for(f in b.xhrFields)g[f]=b.xhrFields[f];b.mimeType&&g.overrideMimeType&&g.overrideMimeType(b.mimeType),b.crossDomain||d["X-Requested-With"]||(d["X-Requested-With"]="XMLHttpRequest");for(f in d)void 0!==d[f]&&g.setRequestHeader(f,d[f]+"");g.send(b.hasContent&&b.data||null),c=function(a,d){var f,i,j;if(c&&(d||4===g.readyState))if(delete fc[h],c=void 0,g.onreadystatechange=n.noop,d)4!==g.readyState&&g.abort();else{j={},f=g.status,"string"==typeof g.responseText&&(j.text=g.responseText);try{i=g.statusText}catch(k){i=""}f||!b.isLocal||b.crossDomain?1223===f&&(f=204):f=j.text?200:404}j&&e(f,i,j,g.getAllResponseHeaders())},b.async?4===g.readyState?a.setTimeout(c):g.onreadystatechange=fc[h]=c:c()},abort:function(){c&&c(void 0,!0)}}}});function hc(){try{return new a.XMLHttpRequest}catch(b){}}function ic(){try{return new a.ActiveXObject("Microsoft.XMLHTTP")}catch(b){}}n.ajaxSetup({accepts:{script:"text/javascript, application/javascript, application/ecmascript, application/x-ecmascript"},contents:{script:/\b(?:java|ecma)script\b/},converters:{"text script":function(a){return n.globalEval(a),a}}}),n.ajaxPrefilter("script",function(a){void 0===a.cache&&(a.cache=!1),a.crossDomain&&(a.type="GET",a.global=!1)}),n.ajaxTransport("script",function(a){if(a.crossDomain){var b,c=d.head||n("head")[0]||d.documentElement;return{send:function(e,f){b=d.createElement("script"),b.async=!0,a.scriptCharset&&(b.charset=a.scriptCharset),b.src=a.url,b.onload=b.onreadystatechange=function(a,c){(c||!b.readyState||/loaded|complete/.test(b.readyState))&&(b.onload=b.onreadystatechange=null,b.parentNode&&b.parentNode.removeChild(b),b=null,c||f(200,"success"))},c.insertBefore(b,c.firstChild)},abort:function(){b&&b.onload(void 0,!0)}}}});var jc=[],kc=/(=)\?(?=&|$)|\?\?/;n.ajaxSetup({jsonp:"callback",jsonpCallback:function(){var a=jc.pop()||n.expando+"_"+Eb++;return this[a]=!0,a}}),n.ajaxPrefilter("json jsonp",function(b,c,d){var e,f,g,h=b.jsonp!==!1&&(kc.test(b.url)?"url":"string"==typeof b.data&&0===(b.contentType||"").indexOf("application/x-www-form-urlencoded")&&kc.test(b.data)&&"data");return h||"jsonp"===b.dataTypes[0]?(e=b.jsonpCallback=n.isFunction(b.jsonpCallback)?b.jsonpCallback():b.jsonpCallback,h?b[h]=b[h].replace(kc,"$1"+e):b.jsonp!==!1&&(b.url+=(Fb.test(b.url)?"&":"?")+b.jsonp+"="+e),b.converters["script json"]=function(){return g||n.error(e+" was not called"),g[0]},b.dataTypes[0]="json",f=a[e],a[e]=function(){g=arguments},d.always(function(){void 0===f?n(a).removeProp(e):a[e]=f,b[e]&&(b.jsonpCallback=c.jsonpCallback,jc.push(e)),g&&n.isFunction(f)&&f(g[0]),g=f=void 0}),"script"):void 0}),n.parseHTML=function(a,b,c){if(!a||"string"!=typeof a)return null;"boolean"==typeof b&&(c=b,b=!1),b=b||d;var e=x.exec(a),f=!c&&[];return e?[b.createElement(e[1])]:(e=ja([a],b,f),f&&f.length&&n(f).remove(),n.merge([],e.childNodes))};var lc=n.fn.load;n.fn.load=function(a,b,c){if("string"!=typeof a&&lc)return lc.apply(this,arguments);var d,e,f,g=this,h=a.indexOf(" ");return h>-1&&(d=n.trim(a.slice(h,a.length)),a=a.slice(0,h)),n.isFunction(b)?(c=b,b=void 0):b&&"object"==typeof b&&(e="POST"),g.length>0&&n.ajax({url:a,type:e||"GET",dataType:"html",data:b}).done(function(a){f=arguments,g.html(d?n("<div>").append(n.parseHTML(a)).find(d):a)}).always(c&&function(a,b){g.each(function(){c.apply(this,f||[a.responseText,b,a])})}),this},n.each(["ajaxStart","ajaxStop","ajaxComplete","ajaxError","ajaxSuccess","ajaxSend"],function(a,b){n.fn[b]=function(a){return this.on(b,a)}}),n.expr.filters.animated=function(a){return n.grep(n.timers,function(b){return a===b.elem}).length};function mc(a){return n.isWindow(a)?a:9===a.nodeType?a.defaultView||a.parentWindow:!1}n.offset={setOffset:function(a,b,c){var d,e,f,g,h,i,j,k=n.css(a,"position"),l=n(a),m={};"static"===k&&(a.style.position="relative"),h=l.offset(),f=n.css(a,"top"),i=n.css(a,"left"),j=("absolute"===k||"fixed"===k)&&n.inArray("auto",[f,i])>-1,j?(d=l.position(),g=d.top,e=d.left):(g=parseFloat(f)||0,e=parseFloat(i)||0),n.isFunction(b)&&(b=b.call(a,c,n.extend({},h))),null!=b.top&&(m.top=b.top-h.top+g),null!=b.left&&(m.left=b.left-h.left+e),"using"in b?b.using.call(a,m):l.css(m)}},n.fn.extend({offset:function(a){if(arguments.length)return void 0===a?this:this.each(function(b){n.offset.setOffset(this,a,b)});var b,c,d={top:0,left:0},e=this[0],f=e&&e.ownerDocument;if(f)return b=f.documentElement,n.contains(b,e)?("undefined"!=typeof e.getBoundingClientRect&&(d=e.getBoundingClientRect()),c=mc(f),{top:d.top+(c.pageYOffset||b.scrollTop)-(b.clientTop||0),left:d.left+(c.pageXOffset||b.scrollLeft)-(b.clientLeft||0)}):d},position:function(){if(this[0]){var a,b,c={top:0,left:0},d=this[0];return"fixed"===n.css(d,"position")?b=d.getBoundingClientRect():(a=this.offsetParent(),b=this.offset(),n.nodeName(a[0],"html")||(c=a.offset()),c.top+=n.css(a[0],"borderTopWidth",!0),c.left+=n.css(a[0],"borderLeftWidth",!0)),{top:b.top-c.top-n.css(d,"marginTop",!0),left:b.left-c.left-n.css(d,"marginLeft",!0)}}},offsetParent:function(){return this.map(function(){var a=this.offsetParent;while(a&&!n.nodeName(a,"html")&&"static"===n.css(a,"position"))a=a.offsetParent;return a||Qa})}}),n.each({scrollLeft:"pageXOffset",scrollTop:"pageYOffset"},function(a,b){var c=/Y/.test(b);n.fn[a]=function(d){return Y(this,function(a,d,e){var f=mc(a);return void 0===e?f?b in f?f[b]:f.document.documentElement[d]:a[d]:void(f?f.scrollTo(c?n(f).scrollLeft():e,c?e:n(f).scrollTop()):a[d]=e)},a,d,arguments.length,null)}}),n.each(["top","left"],function(a,b){n.cssHooks[b]=Ua(l.pixelPosition,function(a,c){return c?(c=Sa(a,b),Oa.test(c)?n(a).position()[b]+"px":c):void 0})}),n.each({Height:"height",Width:"width"},function(a,b){n.each({
padding:"inner"+a,content:b,"":"outer"+a},function(c,d){n.fn[d]=function(d,e){var f=arguments.length&&(c||"boolean"!=typeof d),g=c||(d===!0||e===!0?"margin":"border");return Y(this,function(b,c,d){var e;return n.isWindow(b)?b.document.documentElement["client"+a]:9===b.nodeType?(e=b.documentElement,Math.max(b.body["scroll"+a],e["scroll"+a],b.body["offset"+a],e["offset"+a],e["client"+a])):void 0===d?n.css(b,c,g):n.style(b,c,d,g)},b,f?d:void 0,f,null)}})}),n.fn.extend({bind:function(a,b,c){return this.on(a,null,b,c)},unbind:function(a,b){return this.off(a,null,b)},delegate:function(a,b,c,d){return this.on(b,a,c,d)},undelegate:function(a,b,c){return 1===arguments.length?this.off(a,"**"):this.off(b,a||"**",c)}}),n.fn.size=function(){return this.length},n.fn.andSelf=n.fn.addBack,"function"==typeof define&&define.amd&&define("jquery",[],function(){return n});var nc=a.jQuery,oc=a.$;return n.noConflict=function(b){return a.$===n&&(a.$=oc),b&&a.jQuery===n&&(a.jQuery=nc),n},b||(a.jQuery=a.$=n),n});
(function(c){var b,d,a;b=(function(){function e(h,f,g){var j;this.row=h;this.tree=f;this.settings=g;this.id=this.row.data(this.settings.nodeIdAttr);j=this.row.data(this.settings.parentIdAttr);if(j!=null&&j!==""){this.parentId=j}this.treeCell=c(this.row.children(this.settings.columnElType)[this.settings.column]);this.expander=c(this.settings.expanderTemplate);this.indenter=c(this.settings.indenterTemplate);this.children=[];this.initialized=false;this.treeCell.prepend(this.indenter)}e.prototype.addChild=function(f){return this.children.push(f)};e.prototype.ancestors=function(){var f,g;g=this;f=[];while(g=g.parentNode()){f.push(g)}return f};e.prototype.collapse=function(){if(this.collapsed()){return this}this.row.removeClass("expanded").addClass("collapsed");this._hideChildren();this.expander.attr("title",this.settings.stringExpand);if(this.initialized&&this.settings.onNodeCollapse!=null){this.settings.onNodeCollapse.apply(this)}return this};e.prototype.collapsed=function(){return this.row.hasClass("collapsed")};e.prototype.expand=function(){if(this.expanded()){return this}this.row.removeClass("collapsed").addClass("expanded");if(this.initialized&&this.settings.onNodeExpand!=null){this.settings.onNodeExpand.apply(this)}if(c(this.row).is(":visible")){this._showChildren()}this.expander.attr("title",this.settings.stringCollapse);return this};e.prototype.expanded=function(){return this.row.hasClass("expanded")};e.prototype.hide=function(){this._hideChildren();this.row.hide();return this};e.prototype.isBranchNode=function(){if(this.children.length>0||this.row.data(this.settings.branchAttr)===true){return true}else{return false}};e.prototype.updateBranchLeafClass=function(){this.row.removeClass("branch");this.row.removeClass("leaf");this.row.addClass(this.isBranchNode()?"branch":"leaf")};e.prototype.level=function(){return this.ancestors().length};e.prototype.parentNode=function(){if(this.parentId!=null){return this.tree[this.parentId]}else{return null}};e.prototype.removeChild=function(g){var f=c.inArray(g,this.children);return this.children.splice(f,1)};e.prototype.render=function(){var g,f=this.settings,h;if(f.expandable===true&&this.isBranchNode()){g=function(j){c(this).parents("table").treetable("node",c(this).parents("tr").data(f.nodeIdAttr)).toggle();return j.preventDefault()};this.indenter.html(this.expander);h=f.clickableNodeNames===true?this.treeCell:this.expander;h.off("click.treetable").on("click.treetable",g);h.off("keydown.treetable").on("keydown.treetable",function(j){if(j.keyCode==13){g.apply(this,[j])}})}this.indenter[0].style.paddingLeft=""+(this.level()*f.indent)+"px";return this};e.prototype.reveal=function(){if(this.parentId!=null){this.parentNode().reveal()}return this.expand()};e.prototype.setParent=function(f){if(this.parentId!=null){this.tree[this.parentId].removeChild(this)}this.parentId=f.id;this.row.data(this.settings.parentIdAttr,f.id);return f.addChild(this)};e.prototype.show=function(){if(!this.initialized){this._initialize()}this.row.show();if(this.expanded()){this._showChildren()}return this};e.prototype.toggle=function(){if(this.expanded()){this.collapse()}else{this.expand()}return this};e.prototype._hideChildren=function(){var k,j,g,h,f;h=this.children;f=[];for(j=0,g=h.length;j<g;j++){k=h[j];f.push(k.hide())}return f};e.prototype._initialize=function(){var f=this.settings;this.render();if(f.expandable===true&&f.initialState==="collapsed"){this.collapse()}else{this.expand()}if(f.onNodeInitialized!=null){f.onNodeInitialized.apply(this)}return this.initialized=true};e.prototype._showChildren=function(){var k,j,g,h,f;h=this.children;f=[];for(j=0,g=h.length;j<g;j++){k=h[j];f.push(k.show())}return f};return e})();d=(function(){function e(g,f){this.table=g;this.settings=f;this.tree={};this.nodes=[];this.roots=[]}e.prototype.collapseAll=function(){var h,k,g,j,f;j=this.nodes;f=[];for(k=0,g=j.length;k<g;k++){h=j[k];f.push(h.collapse())}return f};e.prototype.expandAll=function(){var h,k,g,j,f;j=this.nodes;f=[];for(k=0,g=j.length;k<g;k++){h=j[k];f.push(h.expand())}return f};e.prototype.findLastNode=function(f){if(f.children.length>0){return this.findLastNode(f.children[f.children.length-1])}else{return f}};e.prototype.loadRows=function(h){var g,j,f;if(h!=null){for(f=0;f<h.length;f++){j=c(h[f]);if(j.data(this.settings.nodeIdAttr)!=null){g=new b(j,this.tree,this.settings);this.nodes.push(g);this.tree[g.id]=g;if(g.parentId!=null&&this.tree[g.parentId]){this.tree[g.parentId].addChild(g)}else{this.roots.push(g)}}}}for(f=0;f<this.nodes.length;f++){g=this.nodes[f].updateBranchLeafClass()}return this};e.prototype.move=function(h,f){var g=h.parentNode();if(h!==f&&f.id!==h.parentId&&c.inArray(h,f.ancestors())===-1){h.setParent(f);this._moveRows(h,f);if(h.parentNode().children.length===1){h.parentNode().render()}}if(g){g.updateBranchLeafClass()}if(h.parentNode()){h.parentNode().updateBranchLeafClass()}h.updateBranchLeafClass();return this};e.prototype.removeNode=function(f){this.unloadBranch(f);f.row.remove();if(f.parentId!=null){f.parentNode().removeChild(f)}delete this.tree[f.id];this.nodes.splice(c.inArray(f,this.nodes),1);return this};e.prototype.render=function(){var g,j,f,h;h=this.roots;for(j=0,f=h.length;j<f;j++){g=h[j];g.show()}return this};e.prototype.sortBranch=function(g,f){g.children.sort(f);this._sortChildRows(g);return this};e.prototype.unloadBranch=function(h){var g=h.children.slice(0),f;for(f=0;f<g.length;f++){this.removeNode(g[f])}h.children=[];h.updateBranchLeafClass();return this};e.prototype._moveRows=function(j,f){var h=j.children,g;j.row.insertAfter(f.row);j.render();for(g=h.length-1;g>=0;g--){this._moveRows(h[g],j)}};e.prototype._sortChildRows=function(f){return this._moveRows(f,f)};return e})();a={init:function(e,g){var f;f=c.extend({branchAttr:"ttBranch",clickableNodeNames:false,column:0,columnElType:"td",expandable:false,expanderTemplate:"<a href='#'>&nbsp;</a>",indent:19,indenterTemplate:"<span class='indenter'></span>",initialState:"collapsed",nodeIdAttr:"ttId",parentIdAttr:"ttParentId",stringExpand:"Expand",stringCollapse:"Collapse",onInitialized:null,onNodeCollapse:null,onNodeExpand:null,onNodeInitialized:null},e);return this.each(function(){var j=c(this),h;if(g||j.data("treetable")===undefined){h=new d(this,f);h.loadRows(this.rows).render();j.addClass("treetable").data("treetable",h);if(f.onInitialized!=null){f.onInitialized.apply(h)}}return j})},destroy:function(){return this.each(function(){return c(this).removeData("treetable").removeClass("treetable")})},collapseAll:function(){this.data("treetable").collapseAll();return this},collapseNode:function(f){var e=this.data("treetable").tree[f];if(e){e.collapse()}else{throw new Error("Unknown node '"+f+"'")}return this},expandAll:function(){this.data("treetable").expandAll();return this},expandNode:function(f){var e=this.data("treetable").tree[f];if(e){if(!e.initialized){e._initialize()}e.expand()}else{throw new Error("Unknown node '"+f+"'")}return this},loadBranch:function(h,j){var f=this.data("treetable").settings,e=this.data("treetable").tree;j=c(j);if(h==null){this.append(j)}else{var g=this.data("treetable").findLastNode(h);j.insertAfter(g.row)}this.data("treetable").loadRows(j);j.filter("tr").each(function(){e[c(this).data(f.nodeIdAttr)].show()});if(h!=null){h.render().expand()}return this},move:function(h,g){var e,f;f=this.data("treetable").tree[h];e=this.data("treetable").tree[g];this.data("treetable").move(f,e);return this},node:function(e){return this.data("treetable").tree[e]},removeNode:function(f){var e=this.data("treetable").tree[f];if(e){this.data("treetable").removeNode(e)}else{throw new Error("Unknown node '"+f+"'")}return this},reveal:function(f){var e=this.data("treetable").tree[f];if(e){e.reveal()}else{throw new Error("Unknown node '"+f+"'")}return this},sortBranch:function(j,g){var h=this.data("treetable").settings,f,e;g=g||h.column;e=g;if(c.isNumeric(g)){e=function(m,k){var o,n,l;o=function(p){var q=p.row.find("td:eq("+g+")").text();return c.trim(q).toUpperCase()};n=o(m);l=o(k);if(n<l){return -1}if(n>l){return 1}return 0}}this.data("treetable").sortBranch(j,e);return this},unloadBranch:function(e){this.data("treetable").unloadBranch(e);return this}};c.fn.treetable=function(e){if(a[e]){return a[e].apply(this,Array.prototype.slice.call(arguments,1))}else{if(typeof e==="object"||!e){return a.init.apply(this,arguments)}else{return c.error("Method "+e+" does not exist on jQuery.treetable")}}};this.TreeTable||(this.TreeTable={});this.TreeTable.Node=b;this.TreeTable.Tree=d})(jQuery);
/*!
 * Bootstrap v3.3.7 (http://getbootstrap.com)
 * Copyright 2011-2016 Twitter, Inc.
 * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE)
 */
;
/*!
 * Generated using the Bootstrap Customizer (https://getbootstrap.com/customize/?id=8160adef040364fa8f688f6065765caf)
 * Config saved to config.json and https://gist.github.com/8160adef040364fa8f688f6065765caf
 */
;if("undefined"==typeof jQuery){throw new Error("Bootstrap's JavaScript requires jQuery")}+function(a){var b=a.fn.jquery.split(" ")[0].split(".");if(b[0]<2&&b[1]<9||1==b[0]&&9==b[1]&&b[2]<1||b[0]>3){throw new Error("Bootstrap's JavaScript requires jQuery version 1.9.1 or higher, but lower than version 4")}}(jQuery),+function(b){function c(g){return this.each(function(){var e=b(this),h=e.data("bs.alert");h||e.data("bs.alert",h=new f(this)),"string"==typeof g&&h[g].call(e)})}var a='[data-dismiss="alert"]',f=function(g){b(g).on("click",a,this.close)};f.VERSION="3.3.7",f.TRANSITION_DURATION=150,f.prototype.close=function(k){function h(){g.detach().trigger("closed.bs.alert").remove()}var l=b(this),j=l.attr("data-target");j||(j=l.attr("href"),j=j&&j.replace(/.*(?=#[^\s]*$)/,""));var g=b("#"===j?[]:j);k&&k.preventDefault(),g.length||(g=l.closest(".alert")),g.trigger(k=b.Event("close.bs.alert")),k.isDefaultPrevented()||(g.removeClass("in"),b.support.transition&&g.hasClass("fade")?g.one("bsTransitionEnd",h).emulateTransitionEnd(f.TRANSITION_DURATION):h())};var d=b.fn.alert;b.fn.alert=c,b.fn.alert.Constructor=f,b.fn.alert.noConflict=function(){return b.fn.alert=d,this},b(document).on("click.bs.alert.data-api",a,f.prototype.close)}(jQuery),+function(d){function h(l){var a=l.attr("data-target");a||(a=l.attr("href"),a=a&&/#[A-Za-z]/.test(a)&&a.replace(/.*(?=#[^\s]*$)/,""));var m=a&&d(a);return m&&m.length?m:l.parent()}function c(a){a&&3===a.which||(d(j).remove(),d(f).each(function(){var m=d(this),l=h(m),e={relatedTarget:this};l.hasClass("open")&&(a&&"click"==a.type&&/input|textarea/i.test(a.target.tagName)&&d.contains(l[0],a.target)||(l.trigger(a=d.Event("hide.bs.dropdown",e)),a.isDefaultPrevented()||(m.attr("aria-expanded","false"),l.removeClass("open").trigger(d.Event("hidden.bs.dropdown",e)))))}))}function k(a){return this.each(function(){var e=d(this),l=e.data("bs.dropdown");l||e.data("bs.dropdown",l=new b(this)),"string"==typeof a&&l[a].call(e)})}var j=".dropdown-backdrop",f='[data-toggle="dropdown"]',b=function(a){d(a).on("click.bs.dropdown",this.toggle)};b.VERSION="3.3.7",b.prototype.toggle=function(q){var p=d(this);if(!p.is(".disabled, :disabled")){var l=h(p),e=l.hasClass("open");if(c(),!e){"ontouchstart" in document.documentElement&&!l.closest(".navbar-nav").length&&d(document.createElement("div")).addClass("dropdown-backdrop").insertAfter(d(this)).on("click",c);var m={relatedTarget:this};if(l.trigger(q=d.Event("show.bs.dropdown",m)),q.isDefaultPrevented()){return}p.trigger("focus").attr("aria-expanded","true"),l.toggleClass("open").trigger(d.Event("shown.bs.dropdown",m))}return !1}},b.prototype.keydown=function(p){if(/(38|40|27|32)/.test(p.which)&&!/input|textarea/i.test(p.target.tagName)){var u=d(this);if(p.preventDefault(),p.stopPropagation(),!u.is(".disabled, :disabled")){var t=h(u),m=t.hasClass("open");if(!m&&27!=p.which||m&&27==p.which){return 27==p.which&&t.find(f).trigger("focus"),u.trigger("click")}var q=" li:not(.disabled):visible a",s=t.find(".dropdown-menu"+q);if(s.length){var e=s.index(p.target);38==p.which&&e>0&&e--,40==p.which&&e<s.length-1&&e++,~e||(e=0),s.eq(e).trigger("focus")}}}};var g=d.fn.dropdown;d.fn.dropdown=k,d.fn.dropdown.Constructor=b,d.fn.dropdown.noConflict=function(){return d.fn.dropdown=g,this},d(document).on("click.bs.dropdown.data-api",c).on("click.bs.dropdown.data-api",".dropdown form",function(a){a.stopPropagation()}).on("click.bs.dropdown.data-api",f,b.prototype.toggle).on("keydown.bs.dropdown.data-api",f,b.prototype.keydown).on("keydown.bs.dropdown.data-api",".dropdown-menu",b.prototype.keydown)}(jQuery),+function(b){function c(f,g){return this.each(function(){var j=b(this),h=j.data("bs.modal"),e=b.extend({},a.DEFAULTS,j.data(),"object"==typeof f&&f);h||j.data("bs.modal",h=new a(this,e)),"string"==typeof f?h[f](g):e.show&&h.show(g)})}var a=function(g,f){this.options=f,this.$body=b(document.body),this.$element=b(g),this.$dialog=this.$element.find(".modal-dialog"),this.$backdrop=null,this.isShown=null,this.originalBodyPad=null,this.scrollbarWidth=0,this.ignoreBackdropClick=!1,this.options.remote&&this.$element.find(".modal-content").load(this.options.remote,b.proxy(function(){this.$element.trigger("loaded.bs.modal")},this))};a.VERSION="3.3.7",a.TRANSITION_DURATION=300,a.BACKDROP_TRANSITION_DURATION=150,a.DEFAULTS={backdrop:!0,keyboard:!0,show:!0},a.prototype.toggle=function(e){return this.isShown?this.hide():this.show(e)},a.prototype.show=function(f){var h=this,g=b.Event("show.bs.modal",{relatedTarget:f});this.$element.trigger(g),this.isShown||g.isDefaultPrevented()||(this.isShown=!0,this.checkScrollbar(),this.setScrollbar(),this.$body.addClass("modal-open"),this.escape(),this.resize(),this.$element.on("click.dismiss.bs.modal",'[data-dismiss="modal"]',b.proxy(this.hide,this)),this.$dialog.on("mousedown.dismiss.bs.modal",function(){h.$element.one("mouseup.dismiss.bs.modal",function(j){b(j.target).is(h.$element)&&(h.ignoreBackdropClick=!0)})}),this.backdrop(function(){var j=b.support.transition&&h.$element.hasClass("fade");h.$element.parent().length||h.$element.appendTo(h.$body),h.$element.show().scrollTop(0),h.adjustDialog(),j&&h.$element[0].offsetWidth,h.$element.addClass("in"),h.enforceFocus();var e=b.Event("shown.bs.modal",{relatedTarget:f});j?h.$dialog.one("bsTransitionEnd",function(){h.$element.trigger("focus").trigger(e)}).emulateTransitionEnd(a.TRANSITION_DURATION):h.$element.trigger("focus").trigger(e)}))},a.prototype.hide=function(f){f&&f.preventDefault(),f=b.Event("hide.bs.modal"),this.$element.trigger(f),this.isShown&&!f.isDefaultPrevented()&&(this.isShown=!1,this.escape(),this.resize(),b(document).off("focusin.bs.modal"),this.$element.removeClass("in").off("click.dismiss.bs.modal").off("mouseup.dismiss.bs.modal"),this.$dialog.off("mousedown.dismiss.bs.modal"),b.support.transition&&this.$element.hasClass("fade")?this.$element.one("bsTransitionEnd",b.proxy(this.hideModal,this)).emulateTransitionEnd(a.TRANSITION_DURATION):this.hideModal())},a.prototype.enforceFocus=function(){b(document).off("focusin.bs.modal").on("focusin.bs.modal",b.proxy(function(e){document===e.target||this.$element[0]===e.target||this.$element.has(e.target).length||this.$element.trigger("focus")},this))},a.prototype.escape=function(){this.isShown&&this.options.keyboard?this.$element.on("keydown.dismiss.bs.modal",b.proxy(function(e){27==e.which&&this.hide()},this)):this.isShown||this.$element.off("keydown.dismiss.bs.modal")},a.prototype.resize=function(){this.isShown?b(window).on("resize.bs.modal",b.proxy(this.handleUpdate,this)):b(window).off("resize.bs.modal")},a.prototype.hideModal=function(){var e=this;this.$element.hide(),this.backdrop(function(){e.$body.removeClass("modal-open"),e.resetAdjustments(),e.resetScrollbar(),e.$element.trigger("hidden.bs.modal")})},a.prototype.removeBackdrop=function(){this.$backdrop&&this.$backdrop.remove(),this.$backdrop=null},a.prototype.backdrop=function(h){var k=this,j=this.$element.hasClass("fade")?"fade":"";if(this.isShown&&this.options.backdrop){var g=b.support.transition&&j;if(this.$backdrop=b(document.createElement("div")).addClass("modal-backdrop "+j).appendTo(this.$body),this.$element.on("click.dismiss.bs.modal",b.proxy(function(e){return this.ignoreBackdropClick?void (this.ignoreBackdropClick=!1):void (e.target===e.currentTarget&&("static"==this.options.backdrop?this.$element[0].focus():this.hide()))},this)),g&&this.$backdrop[0].offsetWidth,this.$backdrop.addClass("in"),!h){return}g?this.$backdrop.one("bsTransitionEnd",h).emulateTransitionEnd(a.BACKDROP_TRANSITION_DURATION):h()}else{if(!this.isShown&&this.$backdrop){this.$backdrop.removeClass("in");var f=function(){k.removeBackdrop(),h&&h()};b.support.transition&&this.$element.hasClass("fade")?this.$backdrop.one("bsTransitionEnd",f).emulateTransitionEnd(a.BACKDROP_TRANSITION_DURATION):f()}else{h&&h()}}},a.prototype.handleUpdate=function(){this.adjustDialog()},a.prototype.adjustDialog=function(){var e=this.$element[0].scrollHeight>document.documentElement.clientHeight;this.$element.css({paddingLeft:!this.bodyIsOverflowing&&e?this.scrollbarWidth:"",paddingRight:this.bodyIsOverflowing&&!e?this.scrollbarWidth:""})},a.prototype.resetAdjustments=function(){this.$element.css({paddingLeft:"",paddingRight:""})},a.prototype.checkScrollbar=function(){var f=window.innerWidth;if(!f){var g=document.documentElement.getBoundingClientRect();f=g.right-Math.abs(g.left)}this.bodyIsOverflowing=document.body.clientWidth<f,this.scrollbarWidth=this.measureScrollbar()},a.prototype.setScrollbar=function(){var e=parseInt(this.$body.css("padding-right")||0,10);this.originalBodyPad=document.body.style.paddingRight||"",this.bodyIsOverflowing&&this.$body.css("padding-right",e+this.scrollbarWidth)},a.prototype.resetScrollbar=function(){this.$body.css("padding-right",this.originalBodyPad)},a.prototype.measureScrollbar=function(){var f=document.createElement("div");f.className="modal-scrollbar-measure",this.$body.append(f);var g=f.offsetWidth-f.clientWidth;return this.$body[0].removeChild(f),g};var d=b.fn.modal;b.fn.modal=c,b.fn.modal.Constructor=a,b.fn.modal.noConflict=function(){return b.fn.modal=d,this},b(document).on("click.bs.modal.data-api",'[data-toggle="modal"]',function(f){var j=b(this),h=j.attr("href"),g=b(j.attr("data-target")||h&&h.replace(/.*(?=#[^\s]+$)/,"")),e=g.data("bs.modal")?"toggle":b.extend({remote:!/#/.test(h)&&h},g.data(),j.data());j.is("a")&&f.preventDefault(),g.one("show.bs.modal",function(k){k.isDefaultPrevented()||g.one("hidden.bs.modal",function(){j.is(":visible")&&j.trigger("focus")})}),c.call(g,e,this)})}(jQuery),+function(b){function c(h){var g,j=h.attr("data-target")||(g=h.attr("href"))&&g.replace(/.*(?=#[^\s]+$)/,"");return b(j)}function a(g){return this.each(function(){var e=b(this),j=e.data("bs.collapse"),h=b.extend({},f.DEFAULTS,e.data(),"object"==typeof g&&g);!j&&h.toggle&&/show|hide/.test(g)&&(h.toggle=!1),j||e.data("bs.collapse",j=new f(this,h)),"string"==typeof g&&j[g]()})}var f=function(h,g){this.$element=b(h),this.options=b.extend({},f.DEFAULTS,g),this.$trigger=b('[data-toggle="collapse"][href="#'+h.id+'"],[data-toggle="collapse"][data-target="#'+h.id+'"]'),this.transitioning=null,this.options.parent?this.$parent=this.getParent():this.addAriaAndCollapsedClass(this.$element,this.$trigger),this.options.toggle&&this.toggle()};f.VERSION="3.3.7",f.TRANSITION_DURATION=350,f.DEFAULTS={toggle:!0},f.prototype.dimension=function(){var e=this.$element.hasClass("width");return e?"width":"height"},f.prototype.show=function(){if(!this.transitioning&&!this.$element.hasClass("in")){var k,m=this.$parent&&this.$parent.children(".panel").children(".in, .collapsing");if(!(m&&m.length&&(k=m.data("bs.collapse"),k&&k.transitioning))){var h=b.Event("show.bs.collapse");if(this.$element.trigger(h),!h.isDefaultPrevented()){m&&m.length&&(a.call(m,"hide"),k||m.data("bs.collapse",null));var g=this.dimension();this.$element.removeClass("collapse").addClass("collapsing")[g](0).attr("aria-expanded",!0),this.$trigger.removeClass("collapsed").attr("aria-expanded",!0),this.transitioning=1;var j=function(){this.$element.removeClass("collapsing").addClass("collapse in")[g](""),this.transitioning=0,this.$element.trigger("shown.bs.collapse")};if(!b.support.transition){return j.call(this)}var l=b.camelCase(["scroll",g].join("-"));this.$element.one("bsTransitionEnd",b.proxy(j,this)).emulateTransitionEnd(f.TRANSITION_DURATION)[g](this.$element[0][l])}}}},f.prototype.hide=function(){if(!this.transitioning&&this.$element.hasClass("in")){var h=b.Event("hide.bs.collapse");if(this.$element.trigger(h),!h.isDefaultPrevented()){var g=this.dimension();this.$element[g](this.$element[g]())[0].offsetHeight,this.$element.addClass("collapsing").removeClass("collapse in").attr("aria-expanded",!1),this.$trigger.addClass("collapsed").attr("aria-expanded",!1),this.transitioning=1;var j=function(){this.transitioning=0,this.$element.removeClass("collapsing").addClass("collapse").trigger("hidden.bs.collapse")};return b.support.transition?void this.$element[g](0).one("bsTransitionEnd",b.proxy(j,this)).emulateTransitionEnd(f.TRANSITION_DURATION):j.call(this)}}},f.prototype.toggle=function(){this[this.$element.hasClass("in")?"hide":"show"]()},f.prototype.getParent=function(){return b(this.options.parent).find('[data-toggle="collapse"][data-parent="'+this.options.parent+'"]').each(b.proxy(function(e,h){var g=b(h);this.addAriaAndCollapsedClass(c(g),g)},this)).end()},f.prototype.addAriaAndCollapsedClass=function(h,j){var g=h.hasClass("in");h.attr("aria-expanded",g),j.toggleClass("collapsed",!g).attr("aria-expanded",g)};var d=b.fn.collapse;b.fn.collapse=a,b.fn.collapse.Constructor=f,b.fn.collapse.noConflict=function(){return b.fn.collapse=d,this},b(document).on("click.bs.collapse.data-api",'[data-toggle="collapse"]',function(k){var j=b(this);j.attr("data-target")||k.preventDefault();var g=c(j),e=g.data("bs.collapse"),h=e?"toggle":j.data();a.call(g,h)})}(jQuery),+function(a){function b(){var d=document.createElement("bootstrap"),f={WebkitTransition:"webkitTransitionEnd",MozTransition:"transitionend",OTransition:"oTransitionEnd otransitionend",transition:"transitionend"};for(var c in f){if(void 0!==d.style[c]){return{end:f[c]}}}return !1}a.fn.emulateTransitionEnd=function(d){var c=!1,g=this;a(this).one("bsTransitionEnd",function(){c=!0});var f=function(){c||a(g).trigger(a.support.transition.end)};return setTimeout(f,d),this},a(function(){a.support.transition=b(),a.support.transition&&(a.event.special.bsTransitionEnd={bindType:a.support.transition.end,delegateType:a.support.transition.end,handle:function(c){return a(c.target).is(this)?c.handleObj.handler.apply(this,arguments):void 0}})})}(jQuery);function openRuleDetailsDialog(d){var a=$('<button type="button" class="close btn btn-sm btn-default" data-dismiss="modal" aria-hidden="false" title="Close">&#x274c;</button>');var b=$('<div id="detail-modal" class="modal fade" tabindex="-1" role="dialog" aria-hidden="false"><div id="detail-modal-body" class="modal-body"></div></div>');$("body").prepend(b);var c=$("#rule-detail-"+d).clone();c.attr("id","");c.children(".panel-heading").append(a);a.css({"float":"right"});a.css({"margin-top":"-=23px"});$("#detail-modal-body").append(c);$("#detail-modal").on("hidden.bs.modal",function(f){$("#detail-modal").remove()});$("#detail-modal").modal();return false}function toggleRuleDisplay(b){var a=b.value;if(b.checked){$(".rule-overview-leaf-"+a).removeClass("rule-result-filtered");$(".rule-detail-"+a).removeClass("rule-result-filtered")}else{$(".rule-overview-leaf-"+a).addClass("rule-result-filtered");$(".rule-detail-"+a).addClass("rule-result-filtered")}stripeTreeTable()}function toggleResultDetails(b){var a=$("#result-details");if(a.is(":visible")){a.hide();$(b).html("Show all result details")}else{a.show();$(b).html("Hide all result details")}return false}function ruleSearchMatches(e,c){if(c.length==0){return true}var b=true;var d=e.children(".keywords").text().toLowerCase();var a;for(a=0;a<c.length;++a){if(d.indexOf(c[a].toLowerCase())<0){b=false;break}}return b}function ruleSearch(){var c=$("#search-input").val();var a=c.split(/[\s,\.;]+/);var b=0;$(".rule-detail").each(function(){var d=$(this).attr("id").substring(12);var e=$("#rule-overview-leaf-"+d);var f=$(this);if(ruleSearchMatches(f,a)){e.removeClass("search-no-match");f.removeClass("search-no-match");++b}else{e.addClass("search-no-match");f.addClass("search-no-match")}});if(!c){$("#search-matches").html("")}else{if(b>0){$("#search-matches").html(b.toString()+" rules match.")}else{$("#search-matches").html("No rules match your search criteria!")}}}var is_original=true;var original_treetable=null;$(document).ready(function(){$("#result-details").hide();$(".js-only").show();$(".form-group select").val("default");$(".toggle-rule-display").each(function(){toggleRuleDisplay(this)});original_treetable=$(".treetable").clone();$(".treetable").treetable({column:0,expandable:true,clickableNodeNames:true,initialState:"expanded",indent:0});is_original=true;stripeTreeTable()});function resetTreetable(){if(!is_original){$(".treetable").remove();$("#rule-overview").append(original_treetable.clone());$(".treetable").treetable({column:0,expandable:true,clickableNodeNames:true,initialState:"expanded",indent:0});$(".toggle-rule-display").each(function(){toggleRuleDisplay(this)});is_original=true}}function newGroupLine(a,c){var b=24;if(a.length>b){a=a.substring(0,b-1)+"â¦"}return'<tr class="rule-overview-inner-node" data-tt-id="'+c+'"><td colspan="3"><small>'+a+"</small> = <strong>"+c+"</strong></td></tr>"}var KeysEnum={DEFAULT:"default",SEVERITY:"severity",RESULT:"result",NIST:"NIST SP 800-53 ID",DISA_CCI:"DISA CCI",DISA_SRG:"DISA SRG",DISA_STIG_ID:"DISA STIG ID",PCI_DSS:"PCI DSS Requirement",CIS:"CIS Recommendation"};function getTargetGroupsList(f,d){switch(d){case KeysEnum.SEVERITY:var b=f.children(".rule-severity").text();return[b];case KeysEnum.RESULT:var a=f.children(".rule-result").text();return[a];default:try{var c=JSON.parse(f.attr("data-references"))}catch(e){return["unknown"]}if(!c.hasOwnProperty(d)){return["unknown"]}return c[d]}}function sortGroups(a,b){switch(b){case KeysEnum.SEVERITY:return["high","medium","low"];case KeysEnum.RESULT:return a.sort();default:return a.sort(function(e,d){var f=e.split(/[.()-]/);var g=d.split(/[.()-]/);var c=0;var j=Math.min(f.length,g.length);var h=/^[1-9][0-9]*$/;for(i=0;i<j&&c==0;i++){if(f[i].match(h)==null||f[i].match(h)==null){c=f[i].localeCompare(g[i])}else{c=parseInt(f[i])-parseInt(g[i])}}if(c==0){c=f.length-g.length}return c})}}function groupRulesBy(c){resetTreetable();if(c==KeysEnum.DEFAULT){return}var b={};$(".rule-overview-leaf").each(function(){$(this).children("td:first").css("padding-left","0px");var j=$(this).attr("data-tt-id");var g=getTargetGroupsList($(this),c);for(i=0;i<g.length;i++){var e=g[i];if(!b.hasOwnProperty(e)){b[e]=[newGroupLine(c,e)]}var h=$(this).clone();h.attr("data-tt-id",j+"copy"+i);h.attr("data-tt-parent-id",e);var f=h.wrap("<div>").parent().html();b[e].push(f)}});$(".treetable").remove();var a=sortGroups(Object.keys(b),c);var d="";for(i=0;i<a.length;i++){d+=b[a[i]].join("\n")}new_table='<table class="treetable table table-bordered"><thead><tr><th>Group</th> <th style="width: 120px; text-align: center">Severity</th><th style="width: 120px; text-align: center">Result</th></tr></thead><tbody>'+d+"</tbody></table>";$("#rule-overview").append(new_table);is_original=false;$(".treetable").treetable({column:0,expandable:true,clickableNodeNames:true,initialState:"expanded",indent:0});stripeTreeTable()}function stripeTreeTable(){var a=$(".rule-overview-leaf:not(.rule-result-filtered)");var b=false;$(a).each(function(){$(this).css("background-color",b?"#F9F9F9":"inherit");b=!b})};</script></head><body><nav class="navbar navbar-default"><div class="navbar-header" style="float: none"><a class="navbar-brand" href="#"><svg xmlns="http://www.w3.org/2000/svg" version="1.1" width="52" height="52" id="svg2"><g transform="matrix(0.75266991,0,0,0.75266991,-17.752968,-104.57468)" id="g32"><path d="m 24.7,173.5 c 0,-9 3.5,-17.5 9.9,-23.9 6.8,-6.8 15.7,-10.4 25,-10 8.6,0.3 16.9,3.9 22.9,9.8 6.4,6.4 9.9,14.9 10,23.8 0.1,9.1 -3.5,17.8 -10,24.3 -13.2,13.2 -34.7,13.1 -48,-0.1 -1.5,-1.5 -1.9,-4.2 0.2,-6.2 l 9,-9 c -2,-3.6 -4.9,-13.1 2.6,-20.7 7.6,-7.6 18.6,-6 24.4,-0.2 3.3,3.3 5.1,7.6 5.1,12.1 0.1,4.6 -1.8,9.1 -5.3,12.5 -4.2,4.2 -10.2,5.8 -16.1,4.4 -1.5,-0.4 -2.4,-1.9 -2.1,-3.4 0.4,-1.5 1.9,-2.4 3.4,-2.1 4.1,1 8,-0.1 10.9,-2.9 2.3,-2.3 3.6,-5.3 3.6,-8.4 0,0 0,-0.1 0,-0.1 0,-3 -1.3,-5.9 -3.5,-8.2 -3.9,-3.9 -11.3,-4.9 -16.5,0.2 -6.3,6.3 -1.6,14.1 -1.6,14.2 1.5,2.4 0.7,5 -0.9,6.3 l -8.4,8.4 c 9.9,8.9 27.2,11.2 39.1,-0.8 5.4,-5.4 8.4,-12.5 8.4,-20 0,-0.1 0,-0.2 0,-0.3 -0.1,-7.5 -3,-14.6 -8.4,-19.9 -5,-5 -11.9,-8 -19.1,-8.2 -7.8,-0.3 -15.2,2.7 -20.9,8.4 -8.7,8.7 -8.7,19 -7.9,24.3 0.3,2.4 1.1,4.9 2.2,7.3 0.6,1.4 0,3.1 -1.4,3.7 -1.4,0.6 -3.1,0 -3.7,-1.4 -1.3,-2.9 -2.2,-5.8 -2.6,-8.7 -0.3,-1.7 -0.4,-3.5 -0.4,-5.2 z" id="path34" style="fill:#12497f"></path></g></svg></a><div><h1>OpenSCAP Evaluation Report</h1></div></div></nav><div class="container"><div id="content"><div id="introduction"><div class="row"><h2>Guide to the Secure Configuration of SUSE Linux Enterprise 15</h2><blockquote>with profile <mark>Public Cloud Hardening for SUSE Linux Enterprise 15</mark><div class="col-md-12 well well-lg horizontal-scroll"><div class="description profile-description"><small>This profile contains configuration checks to be used to harden
SUSE Linux Enterprise 15 for use with public cloud providers.</small></div></div></blockquote><div class="col-md-12 well well-lg horizontal-scroll"><div class="front-matter">The SCAP Security Guide Project<br>

    <a href="https://www.open-scap.org/security-policies/scap-security-guide">https://www.open-scap.org/security-policies/scap-security-guide</a>
</div><div class="description">This guide presents a catalog of security-relevant
configuration settings for SUSE Linux Enterprise 15. It is a rendering of
content structured in the eXtensible Configuration Checklist Description Format (XCCDF)
in order to support security automation.  The SCAP content is
is available in the <code>scap-security-guide</code> package which is developed at

    <a href="https://www.open-scap.org/security-policies/scap-security-guide">https://www.open-scap.org/security-policies/scap-security-guide</a>.
<br><br>
Providing system administrators with such guidance informs them how to securely
configure systems under their control in a variety of network roles. Policy
makers and baseline creators can use this catalog of settings, with its
associated references to higher-level security control catalogs, in order to
assist them in security baseline creation. This guide is a <em>catalog, not a
checklist</em>, and satisfaction of every item is not likely to be possible or
sensible in many operational scenarios. However, the XCCDF format enables
granular selection and adjustment of settings, and their association with OVAL
and OCIL content provides an automated checking capability. Transformations of
this document, and its associated automated checking content, are capable of
providing baselines that meet a diverse set of policy objectives. Some example
XCCDF <em>Profiles</em>, which are selections of items that form checklists and
can be used as baselines, are available with this guide. They can be
processed, in an automated fashion, with tools that support the Security
Content Automation Protocol (SCAP). The DISA STIG, which provides required
settings for US Department of Defense systems, is one example of a baseline
created from this guidance.
</div><div class="top-spacer-10"><div class="alert alert-info">Do not attempt to implement any of the settings in
this guide without first testing them in a non-operational environment. The
creators of this guidance assume no responsibility whatsoever for its use by
other parties, and makes no guarantees, expressed or implied, about its
quality, reliability, or any other characteristic.
</div></div></div></div></div><div id="characteristics"><h2>Evaluation Characteristics</h2><div class="row"><div class="col-md-5 well well-lg horizontal-scroll"><table class="table table-bordered"><tr><th>Evaluation target</th><td>openqa-suse-de-3b72c31b4a85652c.hx3rjvb3hsvuzngwbiedo0hhec.dx.internal.cloudapp.net</td></tr><tr><th>Benchmark URL</th><td>#scap_org.open-scap_comp_ssg-sle15-xccdf.xml</td></tr><tr><th>Benchmark ID</th><td>xccdf_org.ssgproject.content_benchmark_SLE-15</td></tr><tr><th>Benchmark version</th><td>0.1.69</td></tr><tr><th>Profile ID</th><td>xccdf_org.ssgproject.content_profile_pcs-hardening</td></tr><tr><th>Started at</th><td>2023-10-10T09:45:06+00:00</td></tr><tr><th>Finished at</th><td>2023-10-10T09:45:07+00:00</td></tr><tr><th>Performed by</th><td>root</td></tr><tr><th>Test system</th><td>cpe:/a:redhat:openscap:1.3.6</td></tr></table></div><div class="col-md-3 horizontal-scroll"><h4>CPE Platforms</h4><ul class="list-group"><li class="list-group-item"><span class="label label-success" title="CPE platform cpe:/o:suse:linux_enterprise_desktop:15 was found applicable on the evaluated machine">cpe:/o:suse:linux_enterprise_desktop:15</span></li><li class="list-group-item"><span class="label label-success" title="CPE platform cpe:/o:suse:linux_enterprise_server:15 was found applicable on the evaluated machine">cpe:/o:suse:linux_enterprise_server:15</span></li></ul></div><div class="col-md-4 horizontal-scroll"><h4>Addresses</h4><ul class="list-group"><li class="list-group-item"><span class="label label-primary">IPv4</span>
                            Â 127.0.0.1</li><li class="list-group-item"><span class="label label-primary">IPv4</span>
                            Â 10.0.1.4</li><li class="list-group-item"><span class="label label-info">IPv6</span>
                            Â 0:0:0:0:0:0:0:1</li><li class="list-group-item"><span class="label label-info">IPv6</span>
                            Â fe80:0:0:0:6245:bdff:fe0a:183d</li><li class="list-group-item"><span class="label label-default">MAC</span>
                            Â 00:00:00:00:00:00</li><li class="list-group-item"><span class="label label-default">MAC</span>
                            Â 60:45:BD:0A:18:3D</li></ul></div></div></div><div id="compliance-and-scoring"><h2>Compliance and Scoring</h2><div class="alert alert-danger"><strong>The target system did not satisfy the conditions of 4 rules!</strong>
                    Please review rule results and consider applying remediation.
                </div><h3>Rule results</h3><div class="progress" title="Displays proportion of passed/fixed, failed/error, and other rules (in that order). There were $not_ignored_rules_count rules taken into account."><div class="progress-bar progress-bar-success" style="width: 97.5155279503106%">157 passed
                    </div><div class="progress-bar progress-bar-danger" style="width: 2.484472049689441%">4 failed
                    </div><div class="progress-bar progress-bar-warning" style="width: 0%">0 other
                    </div></div><h3>Severity of failed rules</h3><div class="progress" title="Displays proportion of high, medium, low, and other severity failed rules (in that order). There were 4 total failed rules."><div class="progress-bar progress-bar-success" style="width: 0%">0 other
                </div><div class="progress-bar progress-bar-info" style="width: 0%">0 low
                </div><div class="progress-bar progress-bar-warning" style="width: 100%">4 medium
                </div><div class="progress-bar progress-bar-danger" style="width: 0%">0 high
                </div></div><h3 title="As per the XCCDF specification">Score</h3><table class="table table-striped table-bordered"><thead><tr><th>Scoring system</th><th class="text-center">Score</th><th class="text-center">Maximum</th><th class="text-center" style="width: 40%">Percent</th></tr></thead><tbody><tr><td>urn:xccdf:scoring:default</td><td class="text-center">98.680557</td><td class="text-center">100.000000</td><td><div class="progress"><div class="progress-bar progress-bar-success" style="width: 98.680557%">98.68%</div><div class="progress-bar progress-bar-danger" style="width: 1.319443000000007%"></div></div></td></tr></tbody></table></div><div id="rule-overview"><h2>Rule Overview</h2><div class="form-group js-only hidden-print"><div class="row"><div title="Filter rules by their XCCDF result"><div class="col-sm-2 toggle-rule-display-success"><div class="checkbox"><label><input class="toggle-rule-display" type="checkbox" onclick="toggleRuleDisplay(this)" checked value="pass">pass</label></div><div class="checkbox"><label><input class="toggle-rule-display" type="checkbox" onclick="toggleRuleDisplay(this)" checked value="fixed">fixed</label></div><div class="checkbox"><label><input class="toggle-rule-display" type="checkbox" onclick="toggleRuleDisplay(this)" checked value="informational">informational</label></div></div><div class="col-sm-2 toggle-rule-display-danger"><div class="checkbox"><label><input class="toggle-rule-display" type="checkbox" onclick="toggleRuleDisplay(this)" checked value="fail">fail</label></div><div class="checkbox"><label><input class="toggle-rule-display" type="checkbox" onclick="toggleRuleDisplay(this)" checked value="error">error</label></div><div class="checkbox"><label><input class="toggle-rule-display" type="checkbox" onclick="toggleRuleDisplay(this)" checked value="unknown">unknown</label></div></div><div class="col-sm-2 toggle-rule-display-other"><div class="checkbox"><label><input class="toggle-rule-display" type="checkbox" onclick="toggleRuleDisplay(this)" checked value="notchecked">notchecked</label></div><div class="checkbox"><label><input class="toggle-rule-display" type="checkbox" onclick="toggleRuleDisplay(this)" checked value="notapplicable">notapplicable</label></div></div></div><div class="col-sm-6"><div class="input-group"><input type="text" class="form-control" placeholder="Search through XCCDF rules" id="search-input" oninput="ruleSearch()"><div class="input-group-btn"><button class="btn btn-default" onclick="ruleSearch()">Search</button></div></div><p id="search-matches"></p>
                    Group rules by:
                    <select name="groupby" onchange="groupRulesBy(value)"><option value="default" selected>Default</option><option value="severity">Severity</option><option value="result">Result</option><option disabled>ââââââââââ</option><option value="NIST SP 800-171">NIST SP 800-171</option><option value="NIST SP 800-53">NIST SP 800-53</option><option value="ANSSI">ANSSI</option><option value="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf</option><option value="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf</option><option value="https://public.cyber.mil/stigs/cci/">https://public.cyber.mil/stigs/cci/</option><option value="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=application-servers">https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=application-servers</option><option value="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os</option><option value="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux</option><option value="https://public.cyber.mil/stigs/srg-stig-tools/">https://public.cyber.mil/stigs/srg-stig-tools/</option><option value="https://www.cisecurity.org/benchmark/suse_linux/">https://www.cisecurity.org/benchmark/suse_linux/</option><option value="https://www.cisecurity.org/controls/">https://www.cisecurity.org/controls/</option><option value="https://www.cyber.gov.au/acsc/view-all-content/ism">https://www.cyber.gov.au/acsc/view-all-content/ism</option><option value="FBI CJIS">FBI CJIS</option><option value="HIPAA">HIPAA</option><option value="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu</option><option value="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat</option><option value="https://www.isaca.org/resources/cobit">https://www.isaca.org/resources/cobit</option><option value="ISO 27001-2013">ISO 27001-2013</option><option value="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx</option><option value="https://www.niap-ccevs.org/Profile/PP.cfm">https://www.niap-ccevs.org/Profile/PP.cfm</option><option value="PCI-DSS Requirement">PCI-DSS Requirement</option></select></div></div></div><table class="treetable table table-bordered"><thead><tr><th>Title</th><th style="width: 120px; text-align: center">Severity</th><th style="width: 120px; text-align: center">Result</th></tr></thead><tbody><tr data-tt-id="xccdf_org.ssgproject.content_benchmark_SLE-15" class="rule-overview-inner-node rule-overview-inner-node-id-xccdf_org.ssgproject.content_benchmark_SLE-15"><td colspan="3" style="padding-left: 0px"><strong>Guide to the Secure Configuration of SUSE Linux Enterprise 15</strong>Â <span class="badge">4x fail</span></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_system" class="rule-overview-inner-node rule-overview-inner-node-id-xccdf_org.ssgproject.content_group_system" data-tt-parent-id="xccdf_org.ssgproject.content_benchmark_SLE-15"><td colspan="3" style="padding-left: 19px"><strong>System Settings</strong>Â <span class="badge">2x fail</span></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_software" class="rule-overview-inner-node rule-overview-inner-node-id-xccdf_org.ssgproject.content_group_software" data-tt-parent-id="xccdf_org.ssgproject.content_group_system"><td colspan="3" style="padding-left: 38px">Installing and Maintaining Software<script>$(document).ready(function(){$('.treetable').treetable("collapseNode","xccdf_org.ssgproject.content_group_software");});</script></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_integrity" class="rule-overview-inner-node rule-overview-inner-node-id-xccdf_org.ssgproject.content_group_integrity" data-tt-parent-id="xccdf_org.ssgproject.content_group_software"><td colspan="3" style="padding-left: 57px">System and Software Integrity<script>$(document).ready(function(){$('.treetable').treetable("collapseNode","xccdf_org.ssgproject.content_group_integrity");});</script></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_software-integrity" class="rule-overview-inner-node rule-overview-inner-node-id-xccdf_org.ssgproject.content_group_software-integrity" data-tt-parent-id="xccdf_org.ssgproject.content_group_integrity"><td colspan="3" style="padding-left: 76px">Software Integrity Checking<script>$(document).ready(function(){$('.treetable').treetable("collapseNode","xccdf_org.ssgproject.content_group_software-integrity");});</script></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_aide" class="rule-overview-inner-node rule-overview-inner-node-id-xccdf_org.ssgproject.content_group_aide" data-tt-parent-id="xccdf_org.ssgproject.content_group_software-integrity"><td colspan="3" style="padding-left: 95px">Verify Integrity with AIDE<script>$(document).ready(function(){$('.treetable').treetable("collapseNode","xccdf_org.ssgproject.content_group_aide");});</script></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_aide_check_audit_tools" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_aide_check_audit_tools" id="rule-overview-leaf-id34292" data-tt-parent-id="xccdf_org.ssgproject.content_group_aide" data-references='{"NIST SP 800-53":["AU-9(3)","AU-9(3).1"],"https://public.cyber.mil/stigs/cci/":["CCI-001496"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000278-GPOS-00108"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux":["SLES-15-030630"],"https://public.cyber.mil/stigs/srg-stig-tools/":["SV-234962r622137_rule"]}'><td style="padding-left: 114px"><a href="#rule-detail-id34292" onclick="return openRuleDetailsDialog('id34292')">Configure AIDE to Verify the Audit Tools</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_aide_periodic_cron_checking" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_aide_periodic_cron_checking" id="rule-overview-leaf-id34293" data-tt-parent-id="xccdf_org.ssgproject.content_group_aide" data-references='{"NIST SP 800-53":["SI-6(d)"],"ANSSI":["BP28(R51)"],"https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf":["11.5.2"],"https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf":["DE.CM-1","DE.CM-7","PR.DS-1","PR.DS-6","PR.DS-8","PR.IP-1","PR.IP-3"],"https://public.cyber.mil/stigs/cci/":["CCI-001744","CCI-002699","CCI-002702"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000363-GPOS-00150","SRG-OS-000446-GPOS-00200","SRG-OS-000447-GPOS-00201"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux":["SLES-15-010420"],"https://public.cyber.mil/stigs/srg-stig-tools/":["SV-234851r622137_rule"],"https://www.cisecurity.org/benchmark/suse_linux/":["1.4.2"],"https://www.cisecurity.org/controls/":["1","11","12","13","14","15","16","2","3","5","7","8","9"],"FBI CJIS":["5.10.1.3"],"https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu":["SR 3.1","SR 3.3","SR 3.4","SR 3.8","SR 4.1","SR 6.2","SR 7.6"],"https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat":["4.3.4.3.2","4.3.4.3.3","4.3.4.4.4"],"https://www.isaca.org/resources/cobit":["APO01.06","BAI01.06","BAI02.01","BAI03.05","BAI06.01","BAI10.01","BAI10.02","BAI10.03","BAI10.05","DSS01.03","DSS03.05","DSS04.07","DSS05.02","DSS05.03","DSS05.05","DSS05.07","DSS06.02","DSS06.06"],"ISO 27001-2013":["A.11.2.4","A.12.1.2","A.12.2.1","A.12.4.1","A.12.5.1","A.12.6.2","A.14.1.2","A.14.1.3","A.14.2.2","A.14.2.3","A.14.2.4","A.14.2.7","A.15.2.1","A.8.2.3"],"PCI-DSS Requirement":["Req-11.5"]}'><td style="padding-left: 114px"><a href="#rule-detail-id34293" onclick="return openRuleDetailsDialog('id34293')">Configure Periodic Execution of AIDE</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_aide_verify_acls" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_aide_verify_acls" id="rule-overview-leaf-id34294" data-tt-parent-id="xccdf_org.ssgproject.content_group_aide" data-references='{"NIST SP 800-53":["SI-7","SI-7(1)","CM-6(a)"],"ANSSI":["BP28(R51)"],"https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf":["PR.DS-6","PR.DS-8"],"https://public.cyber.mil/stigs/cci/":["CCI-000366"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000480-GPOS-00227"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux":["SLES-15-040040"],"https://public.cyber.mil/stigs/srg-stig-tools/":["SV-234986r622137_rule"],"https://www.cisecurity.org/controls/":["2","3"],"https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu":["SR 3.1","SR 3.3","SR 3.4","SR 3.8"],"https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat":["4.3.4.4.4"],"https://www.isaca.org/resources/cobit":["APO01.06","BAI03.05","BAI06.01","DSS06.02"],"ISO 27001-2013":["A.11.2.4","A.12.2.1","A.12.5.1","A.14.1.2","A.14.1.3","A.14.2.4"]}'><td style="padding-left: 114px"><a href="#rule-detail-id34294" onclick="return openRuleDetailsDialog('id34294')">Configure AIDE to Verify Access Control Lists (ACLs)</a></td><td class="rule-severity" style="text-align: center">low</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_aide_verify_ext_attributes" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_aide_verify_ext_attributes" id="rule-overview-leaf-id34295" data-tt-parent-id="xccdf_org.ssgproject.content_group_aide" data-references='{"NIST SP 800-53":["SI-7","SI-7(1)","CM-6(a)"],"ANSSI":["BP28(R51)"],"https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf":["PR.DS-6","PR.DS-8"],"https://public.cyber.mil/stigs/cci/":["CCI-000366"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000480-GPOS-00227"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux":["SLES-15-040050"],"https://public.cyber.mil/stigs/srg-stig-tools/":["SV-234987r622137_rule"],"https://www.cisecurity.org/controls/":["2","3"],"https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu":["SR 3.1","SR 3.3","SR 3.4","SR 3.8"],"https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat":["4.3.4.4.4"],"https://www.isaca.org/resources/cobit":["APO01.06","BAI03.05","BAI06.01","DSS06.02"],"ISO 27001-2013":["A.11.2.4","A.12.2.1","A.12.5.1","A.14.1.2","A.14.1.3","A.14.2.4"]}'><td style="padding-left: 114px"><a href="#rule-detail-id34295" onclick="return openRuleDetailsDialog('id34295')">Configure AIDE to Verify Extended Attributes</a></td><td class="rule-severity" style="text-align: center">low</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_sudo" class="rule-overview-inner-node rule-overview-inner-node-id-xccdf_org.ssgproject.content_group_sudo" data-tt-parent-id="xccdf_org.ssgproject.content_group_software"><td colspan="3" style="padding-left: 57px">Sudo<script>$(document).ready(function(){$('.treetable').treetable("collapseNode","xccdf_org.ssgproject.content_group_sudo");});</script></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_sudo_add_use_pty" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_sudo_add_use_pty" id="rule-overview-leaf-id34296" data-tt-parent-id="xccdf_org.ssgproject.content_group_sudo" data-references='{"ANSSI":["BP28(R58)"],"https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf":["10.2.1.5"],"https://www.cisecurity.org/benchmark/suse_linux/":["1.3.2"],"PCI-DSS Requirement":["Req-10.2.5"]}'><td style="padding-left: 76px"><a href="#rule-detail-id34296" onclick="return openRuleDetailsDialog('id34296')">Ensure Only Users Logged In To Real tty Can Execute Sudo - sudo use_pty</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_sudo_custom_logfile" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_sudo_custom_logfile" id="rule-overview-leaf-id34297" data-tt-parent-id="xccdf_org.ssgproject.content_group_sudo" data-references='{"https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf":["10.2.1.5"],"https://www.cisecurity.org/benchmark/suse_linux/":["1.3.3"],"PCI-DSS Requirement":["Req-10.2.5"]}'><td style="padding-left: 76px"><a href="#rule-detail-id34297" onclick="return openRuleDetailsDialog('id34297')">Ensure Sudo Logfile Exists - sudo logfile</a></td><td class="rule-severity" style="text-align: center">low</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_updating" class="rule-overview-inner-node rule-overview-inner-node-id-xccdf_org.ssgproject.content_group_updating" data-tt-parent-id="xccdf_org.ssgproject.content_group_software"><td colspan="3" style="padding-left: 57px">Updating Software<script>$(document).ready(function(){$('.treetable').treetable("collapseNode","xccdf_org.ssgproject.content_group_updating");});</script></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_ensure_gpgcheck_globally_activated" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_ensure_gpgcheck_globally_activated" id="rule-overview-leaf-id34298" data-tt-parent-id="xccdf_org.ssgproject.content_group_updating" data-references='{"NIST SP 800-171":["3.4.8"],"NIST SP 800-53":["CM-5(3)","SI-7","SC-12","SC-12(3)","CM-6(a)","SA-12","SA-12(10)","CM-11(a)","CM-11(b)"],"ANSSI":["BP28(R15)"],"https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf":["6.3.3"],"https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf":["PR.DS-6","PR.DS-8","PR.IP-1"],"https://public.cyber.mil/stigs/cci/":["CCI-001749"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000366-GPOS-00153"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux":["SLES-15-010430"],"https://public.cyber.mil/stigs/srg-stig-tools/":["SV-234852r622137_rule"],"https://www.cisecurity.org/benchmark/suse_linux/":["1.2.3"],"https://www.cisecurity.org/controls/":["11","2","3","9"],"FBI CJIS":["5.10.4.1"],"HIPAA":["164.308(a)(1)(ii)(D)","164.312(b)","164.312(c)(1)","164.312(c)(2)","164.312(e)(2)(i)"],"https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu":["SR 3.1","SR 3.3","SR 3.4","SR 3.8","SR 7.6"],"https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat":["4.3.4.3.2","4.3.4.3.3","4.3.4.4.4"],"https://www.isaca.org/resources/cobit":["APO01.06","BAI03.05","BAI06.01","BAI10.01","BAI10.02","BAI10.03","BAI10.05","DSS06.02"],"ISO 27001-2013":["A.11.2.4","A.12.1.2","A.12.2.1","A.12.5.1","A.12.6.2","A.14.1.2","A.14.1.3","A.14.2.2","A.14.2.3","A.14.2.4"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FPT_TUD_EXT.1","FPT_TUD_EXT.2"],"PCI-DSS Requirement":["Req-6.2"]}'><td style="padding-left: 76px"><a href="#rule-detail-id34298" onclick="return openRuleDetailsDialog('id34298')">Ensure gpgcheck Enabled In Main zypper Configuration</a></td><td class="rule-severity" style="text-align: center">high</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_accounts" class="rule-overview-inner-node rule-overview-inner-node-id-xccdf_org.ssgproject.content_group_accounts" data-tt-parent-id="xccdf_org.ssgproject.content_group_system"><td colspan="3" style="padding-left: 38px"><strong>Account and Access Control</strong>Â <span class="badge">2x fail</span></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_accounts-banners" class="rule-overview-inner-node rule-overview-inner-node-id-xccdf_org.ssgproject.content_group_accounts-banners" data-tt-parent-id="xccdf_org.ssgproject.content_group_accounts"><td colspan="3" style="padding-left: 57px">Warning Banners for System Accesses<script>$(document).ready(function(){$('.treetable').treetable("collapseNode","xccdf_org.ssgproject.content_group_accounts-banners");});</script></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_banner_etc_issue" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_banner_etc_issue" id="rule-overview-leaf-id34299" data-tt-parent-id="xccdf_org.ssgproject.content_group_accounts-banners" data-references='{"NIST SP 800-171":["3.1.9"],"NIST SP 800-53":["AC-8(a)","AC-8(c)"],"https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf":["PR.AC-7"],"https://public.cyber.mil/stigs/cci/":["CCI-000048","CCI-000050","CCI-001384","CCI-001385","CCI-001386","CCI-001387","CCI-001388"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000023-GPOS-00006","SRG-OS-000228-GPOS-00088"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux":["SLES-15-010020"],"https://public.cyber.mil/stigs/srg-stig-tools/":["SV-234803r622137_rule"],"https://www.cisecurity.org/benchmark/suse_linux/":["1.8.1.2"],"https://www.cisecurity.org/controls/":["1","12","15","16"],"https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu":["SR 1.1","SR 1.10","SR 1.2","SR 1.5","SR 1.7","SR 1.8","SR 1.9"],"https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat":["4.3.3.6.1","4.3.3.6.2","4.3.3.6.3","4.3.3.6.4","4.3.3.6.5","4.3.3.6.6","4.3.3.6.7","4.3.3.6.8","4.3.3.6.9"],"https://www.isaca.org/resources/cobit":["DSS05.04","DSS05.10","DSS06.10"],"ISO 27001-2013":["A.18.1.4","A.9.2.1","A.9.2.4","A.9.3.1","A.9.4.2","A.9.4.3"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FMT_MOF_EXT.1"]}'><td style="padding-left: 76px"><a href="#rule-detail-id34299" onclick="return openRuleDetailsDialog('id34299')">Modify the System Login Banner</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_banner_etc_motd" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_banner_etc_motd" id="rule-overview-leaf-id34300" data-tt-parent-id="xccdf_org.ssgproject.content_group_accounts-banners" data-references='{"https://www.cisecurity.org/benchmark/suse_linux/":["1.8.1.1"]}'><td style="padding-left: 76px"><a href="#rule-detail-id34300" onclick="return openRuleDetailsDialog('id34300')">Modify the System Message of the Day Banner</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_file_groupowner_etc_issue" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_file_groupowner_etc_issue" id="rule-overview-leaf-id34301" data-tt-parent-id="xccdf_org.ssgproject.content_group_accounts-banners" data-references='{"https://www.cisecurity.org/benchmark/suse_linux/":["1.8.1.5"]}'><td style="padding-left: 76px"><a href="#rule-detail-id34301" onclick="return openRuleDetailsDialog('id34301')">Verify Group Ownership of System Login Banner</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_file_owner_etc_issue" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_file_owner_etc_issue" id="rule-overview-leaf-id34302" data-tt-parent-id="xccdf_org.ssgproject.content_group_accounts-banners" data-references='{"https://www.cisecurity.org/benchmark/suse_linux/":["1.8.1.5"]}'><td style="padding-left: 76px"><a href="#rule-detail-id34302" onclick="return openRuleDetailsDialog('id34302')">Verify ownership of System Login Banner</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_accounts-pam" class="rule-overview-inner-node rule-overview-inner-node-id-xccdf_org.ssgproject.content_group_accounts-pam" data-tt-parent-id="xccdf_org.ssgproject.content_group_accounts"><td colspan="3" style="padding-left: 57px">Protect Accounts by Configuring PAM<script>$(document).ready(function(){$('.treetable').treetable("collapseNode","xccdf_org.ssgproject.content_group_accounts-pam");});</script></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_locking_out_password_attempts" class="rule-overview-inner-node rule-overview-inner-node-id-xccdf_org.ssgproject.content_group_locking_out_password_attempts" data-tt-parent-id="xccdf_org.ssgproject.content_group_accounts-pam"><td colspan="3" style="padding-left: 76px">Set Lockouts for Failed Password Attempts<script>$(document).ready(function(){$('.treetable').treetable("collapseNode","xccdf_org.ssgproject.content_group_locking_out_password_attempts");});</script></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_accounts_password_pam_pwhistory_remember" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_accounts_password_pam_pwhistory_remember" id="rule-overview-leaf-id34303" data-tt-parent-id="xccdf_org.ssgproject.content_group_locking_out_password_attempts" data-references='{"https://public.cyber.mil/stigs/cci/":["CCI-000200"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000077-GPOS-00045"],"https://www.cisecurity.org/benchmark/suse_linux/":["5.3.3"]}'><td style="padding-left: 95px"><a href="#rule-detail-id34303" onclick="return openRuleDetailsDialog('id34303')">Limit Password Reuse</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_accounts_passwords_pam_faildelay_delay" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_accounts_passwords_pam_faildelay_delay" id="rule-overview-leaf-id34304" data-tt-parent-id="xccdf_org.ssgproject.content_group_locking_out_password_attempts" data-references='{"https://public.cyber.mil/stigs/cci/":["CCI-000366"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000480-GPOS-00226"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux":["SLES-15-040000"],"https://public.cyber.mil/stigs/srg-stig-tools/":["SV-234982r622137_rule"]}'><td style="padding-left: 95px"><a href="#rule-detail-id34304" onclick="return openRuleDetailsDialog('id34304')">Enforce Delay After Failed Logon Attempts</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_accounts_passwords_pam_tally2" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_accounts_passwords_pam_tally2" id="rule-overview-leaf-id34305" data-tt-parent-id="xccdf_org.ssgproject.content_group_locking_out_password_attempts" data-references='{"https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf":["8.3.4"],"https://public.cyber.mil/stigs/cci/":["CCI-000044"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000021-GPOS-00005"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux":["SLES-15-020010"],"https://public.cyber.mil/stigs/srg-stig-tools/":["SV-234867r622137_rule"],"https://www.cisecurity.org/benchmark/suse_linux/":["5.3.2"],"PCI-DSS Requirement":["Req-8.1.6"]}'><td style="padding-left: 95px"><a href="#rule-detail-id34305" onclick="return openRuleDetailsDialog('id34305')">Set Deny For Failed Password Attempts</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_password_quality" class="rule-overview-inner-node rule-overview-inner-node-id-xccdf_org.ssgproject.content_group_password_quality" data-tt-parent-id="xccdf_org.ssgproject.content_group_accounts-pam"><td colspan="3" style="padding-left: 76px">Set Password Quality Requirements<script>$(document).ready(function(){$('.treetable').treetable("collapseNode","xccdf_org.ssgproject.content_group_password_quality");});</script></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_password_quality_pamcracklib" class="rule-overview-inner-node rule-overview-inner-node-id-xccdf_org.ssgproject.content_group_password_quality_pamcracklib" data-tt-parent-id="xccdf_org.ssgproject.content_group_password_quality"><td colspan="3" style="padding-left: 95px">Set Password Quality Requirements, if using
pam_cracklib<script>$(document).ready(function(){$('.treetable').treetable("collapseNode","xccdf_org.ssgproject.content_group_password_quality_pamcracklib");});</script></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_cracklib_accounts_password_pam_dcredit" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_cracklib_accounts_password_pam_dcredit" id="rule-overview-leaf-id34306" data-tt-parent-id="xccdf_org.ssgproject.content_group_password_quality_pamcracklib" data-references='{"https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf":["8.3.6"],"https://public.cyber.mil/stigs/cci/":["CCI-000194"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000071-GPOS-00039"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux":["SLES-15-020150"],"https://public.cyber.mil/stigs/srg-stig-tools/":["SV-234884r622137_rule"],"https://www.cisecurity.org/benchmark/suse_linux/":["5.3.1"],"PCI-DSS Requirement":["Req-8.2.3"]}'><td style="padding-left: 114px"><a href="#rule-detail-id34306" onclick="return openRuleDetailsDialog('id34306')">Set Password Strength Minimum Digit Characters</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_cracklib_accounts_password_pam_difok" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_cracklib_accounts_password_pam_difok" id="rule-overview-leaf-id34307" data-tt-parent-id="xccdf_org.ssgproject.content_group_password_quality_pamcracklib" data-references='{"NIST SP 800-53":["IA-5(1).1(v)","IA-5(1)(b)"],"https://public.cyber.mil/stigs/cci/":["CCI-000195"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000072-GPOS-00040"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux":["SLES-15-020160"],"https://public.cyber.mil/stigs/srg-stig-tools/":["SV-234885r622137_rule"]}'><td style="padding-left: 114px"><a href="#rule-detail-id34307" onclick="return openRuleDetailsDialog('id34307')">Set Password Strength Minimum Different Characters</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_cracklib_accounts_password_pam_lcredit" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_cracklib_accounts_password_pam_lcredit" id="rule-overview-leaf-id34308" data-tt-parent-id="xccdf_org.ssgproject.content_group_password_quality_pamcracklib" data-references='{"NIST SP 800-53":["IA-5(1)(a)","IA-5(1).1(v)"],"https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf":["8.3.6"],"https://public.cyber.mil/stigs/cci/":["CCI-000193"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000070-GPOS-00038"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux":["SLES-15-020140"],"https://public.cyber.mil/stigs/srg-stig-tools/":["SV-234883r622137_rule"],"https://www.cisecurity.org/benchmark/suse_linux/":["5.3.1"],"PCI-DSS Requirement":["Req-8.2.3"]}'><td style="padding-left: 114px"><a href="#rule-detail-id34308" onclick="return openRuleDetailsDialog('id34308')">Set Password Strength Minimum Lowercase Characters</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_cracklib_accounts_password_pam_minlen" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_cracklib_accounts_password_pam_minlen" id="rule-overview-leaf-id34309" data-tt-parent-id="xccdf_org.ssgproject.content_group_password_quality_pamcracklib" data-references='{"https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf":["8.3.6"],"https://public.cyber.mil/stigs/cci/":["CCI-000205"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000078-GPOS-00046"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux":["SLES-15-020260"],"https://public.cyber.mil/stigs/srg-stig-tools/":["SV-234895r622137_rule"],"https://www.cisecurity.org/benchmark/suse_linux/":["5.3.1"],"PCI-DSS Requirement":["Req-8.2.3"]}'><td style="padding-left: 114px"><a href="#rule-detail-id34309" onclick="return openRuleDetailsDialog('id34309')">Set Password Minimum Length</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_cracklib_accounts_password_pam_ocredit" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_cracklib_accounts_password_pam_ocredit" id="rule-overview-leaf-id34310" data-tt-parent-id="xccdf_org.ssgproject.content_group_password_quality_pamcracklib" data-references='{"NIST SP 800-53":["IA-5(a)","IA-5(v)"],"https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf":["8.3.6"],"https://public.cyber.mil/stigs/cci/":["CCI-001619"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000266-GPOS-00101"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux":["SLES-15-020270"],"https://public.cyber.mil/stigs/srg-stig-tools/":["SV-234896r622137_rule"],"https://www.cisecurity.org/benchmark/suse_linux/":["5.3.1"],"PCI-DSS Requirement":["Req-8.2.3"]}'><td style="padding-left: 114px"><a href="#rule-detail-id34310" onclick="return openRuleDetailsDialog('id34310')">Set Password Strength Minimum Special Characters</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_cracklib_accounts_password_pam_retry" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_cracklib_accounts_password_pam_retry" id="rule-overview-leaf-id34311" data-tt-parent-id="xccdf_org.ssgproject.content_group_password_quality_pamcracklib" data-references='{"https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf":["8.3.4"],"https://public.cyber.mil/stigs/cci/":["CCI-000366"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000480-GPOS-00225"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux":["SLES-15-020290"],"https://public.cyber.mil/stigs/srg-stig-tools/":["SV-234897r622137_rule"],"https://www.cisecurity.org/benchmark/suse_linux/":["5.3.1"],"PCI-DSS Requirement":["Req-8.1.6","Req-8.1.7"]}'><td style="padding-left: 114px"><a href="#rule-detail-id34311" onclick="return openRuleDetailsDialog('id34311')">Set Password Retry Limit</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_cracklib_accounts_password_pam_ucredit" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_cracklib_accounts_password_pam_ucredit" id="rule-overview-leaf-id34312" data-tt-parent-id="xccdf_org.ssgproject.content_group_password_quality_pamcracklib" data-references='{"NIST SP 800-53":["IA-5(1)(a)","IA-5(1).1(v)"],"https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf":["8.3.6"],"https://public.cyber.mil/stigs/cci/":["CCI-000192"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000069-GPOS-00037"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux":["SLES-15-020130"],"https://public.cyber.mil/stigs/srg-stig-tools/":["SV-234882r622137_rule"],"https://www.cisecurity.org/benchmark/suse_linux/":["5.3.1"],"PCI-DSS Requirement":["Req-8.2.3"]}'><td style="padding-left: 114px"><a href="#rule-detail-id34312" onclick="return openRuleDetailsDialog('id34312')">Set Password Strength Minimum Uppercase Characters</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_set_password_hashing_algorithm" class="rule-overview-inner-node rule-overview-inner-node-id-xccdf_org.ssgproject.content_group_set_password_hashing_algorithm" data-tt-parent-id="xccdf_org.ssgproject.content_group_accounts-pam"><td colspan="3" style="padding-left: 76px">Set Password Hashing Algorithm<script>$(document).ready(function(){$('.treetable').treetable("collapseNode","xccdf_org.ssgproject.content_group_set_password_hashing_algorithm");});</script></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_set_password_hashing_algorithm_commonauth" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_set_password_hashing_algorithm_commonauth" id="rule-overview-leaf-id34313" data-tt-parent-id="xccdf_org.ssgproject.content_group_set_password_hashing_algorithm" data-references='{"NIST SP 800-53":["IA-7","IA-7.1"],"https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf":["8.3.2"],"https://public.cyber.mil/stigs/cci/":["CCI-000803"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000120-GPOS-00061"],"PCI-DSS Requirement":["Req-8.2.1"]}'><td style="padding-left: 95px"><a href="#rule-detail-id34313" onclick="return openRuleDetailsDialog('id34313')">Set PAM's Common Authentication Hashing Algorithm</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_set_password_hashing_algorithm_systemauth" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_set_password_hashing_algorithm_systemauth" id="rule-overview-leaf-id34314" data-tt-parent-id="xccdf_org.ssgproject.content_group_set_password_hashing_algorithm" data-references='{"NIST SP 800-171":["3.13.11"],"NIST SP 800-53":["IA-5(c)","IA-5(1)(c)","CM-6(a)"],"ANSSI":["BP28(R32)"],"https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf":["8.3.2"],"https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf":["PR.AC-1","PR.AC-6","PR.AC-7"],"https://public.cyber.mil/stigs/cci/":["CCI-000196","CCI-000803"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000073-GPOS-00041","SRG-OS-000120-GPOS-00061"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux":["SLES-15-020170"],"https://public.cyber.mil/stigs/srg-stig-tools/":["SV-234886r622137_rule"],"https://www.cisecurity.org/controls/":["1","12","15","16","5"],"https://www.cyber.gov.au/acsc/view-all-content/ism":["0418","1055","1402"],"FBI CJIS":["5.6.2.2"],"https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu":["SR 1.1","SR 1.10","SR 1.2","SR 1.3","SR 1.4","SR 1.5","SR 1.7","SR 1.8","SR 1.9","SR 2.1"],"https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat":["4.3.3.2.2","4.3.3.5.1","4.3.3.5.2","4.3.3.6.1","4.3.3.6.2","4.3.3.6.3","4.3.3.6.4","4.3.3.6.5","4.3.3.6.6","4.3.3.6.7","4.3.3.6.8","4.3.3.6.9","4.3.3.7.2","4.3.3.7.4"],"https://www.isaca.org/resources/cobit":["DSS05.04","DSS05.05","DSS05.07","DSS05.10","DSS06.03","DSS06.10"],"ISO 27001-2013":["A.18.1.4","A.7.1.1","A.9.2.1","A.9.2.2","A.9.2.3","A.9.2.4","A.9.2.6","A.9.3.1","A.9.4.2","A.9.4.3"],"PCI-DSS Requirement":["Req-8.2.1"]}'><td style="padding-left: 95px"><a href="#rule-detail-id34314" onclick="return openRuleDetailsDialog('id34314')">Set PAM''s Password Hashing Algorithm</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_display_login_attempts" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_display_login_attempts" id="rule-overview-leaf-id34315" data-tt-parent-id="xccdf_org.ssgproject.content_group_accounts-pam" data-references='{"NIST SP 800-53":["AC-9","AC-9(1)"],"https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf":["10.2.1.4"],"https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf":["PR.AC-7"],"https://public.cyber.mil/stigs/cci/":["CCI-000052"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000480-GPOS-00227"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux":["SLES-15-020080"],"https://public.cyber.mil/stigs/srg-stig-tools/":["SV-234873r622137_rule"],"https://www.cisecurity.org/controls/":["1","12","15","16"],"https://www.cyber.gov.au/acsc/view-all-content/ism":["0582","0584","05885","0586","0846","0957"],"FBI CJIS":["5.5.2"],"https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu":["SR 1.1","SR 1.10","SR 1.2","SR 1.5","SR 1.7","SR 1.8","SR 1.9"],"https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat":["4.3.3.6.1","4.3.3.6.2","4.3.3.6.3","4.3.3.6.4","4.3.3.6.5","4.3.3.6.6","4.3.3.6.7","4.3.3.6.8","4.3.3.6.9"],"https://www.isaca.org/resources/cobit":["DSS05.04","DSS05.10","DSS06.10"],"ISO 27001-2013":["A.18.1.4","A.9.2.1","A.9.2.4","A.9.3.1","A.9.4.2","A.9.4.3"],"PCI-DSS Requirement":["Req-10.2.4"]}'><td style="padding-left: 76px"><a href="#rule-detail-id34315" onclick="return openRuleDetailsDialog('id34315')">Ensure PAM Displays Last Logon/Access Notification</a></td><td class="rule-severity" style="text-align: center">low</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_accounts-physical" class="rule-overview-inner-node rule-overview-inner-node-id-xccdf_org.ssgproject.content_group_accounts-physical" data-tt-parent-id="xccdf_org.ssgproject.content_group_accounts"><td colspan="3" style="padding-left: 57px">Protect Physical Console Access<script>$(document).ready(function(){$('.treetable').treetable("collapseNode","xccdf_org.ssgproject.content_group_accounts-physical");});</script></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_screen_locking" class="rule-overview-inner-node rule-overview-inner-node-id-xccdf_org.ssgproject.content_group_screen_locking" data-tt-parent-id="xccdf_org.ssgproject.content_group_accounts-physical"><td colspan="3" style="padding-left: 76px">Configure Screen Locking<script>$(document).ready(function(){$('.treetable').treetable("collapseNode","xccdf_org.ssgproject.content_group_screen_locking");});</script></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_smart_card_login" class="rule-overview-inner-node rule-overview-inner-node-id-xccdf_org.ssgproject.content_group_smart_card_login" data-tt-parent-id="xccdf_org.ssgproject.content_group_screen_locking"><td colspan="3" style="padding-left: 95px">Hardware Tokens for Authentication<script>$(document).ready(function(){$('.treetable').treetable("collapseNode","xccdf_org.ssgproject.content_group_smart_card_login");});</script></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_smartcard_configure_ca" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_smartcard_configure_ca" id="rule-overview-leaf-id34316" data-tt-parent-id="xccdf_org.ssgproject.content_group_smart_card_login" data-references='{"https://public.cyber.mil/stigs/cci/":["CCI-000185","CCI-001991"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000066-GPOS-00034","SRG-OS-000384-GPOS-00167"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux":["SLES-15-010170"],"https://public.cyber.mil/stigs/srg-stig-tools/":["SV-234817r622137_rule"]}'><td style="padding-left: 114px"><a href="#rule-detail-id34316" onclick="return openRuleDetailsDialog('id34316')">Configure Smart Card Certificate Authority Validation</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_smartcard_configure_cert_checking" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_smartcard_configure_cert_checking" id="rule-overview-leaf-id34317" data-tt-parent-id="xccdf_org.ssgproject.content_group_smart_card_login" data-references='{"https://public.cyber.mil/stigs/cci/":["CCI-001948","CCI-001953","CCI-001954"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000375-GPOS-00160","SRG-OS-000376-GPOS-00161","SRG-OS-000377-GPOS-00162","SRG-OS-000384-GPOS-00167"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux":["SLES-15-010470"],"https://public.cyber.mil/stigs/srg-stig-tools/":["SV-234855r622137_rule"]}'><td style="padding-left: 114px"><a href="#rule-detail-id34317" onclick="return openRuleDetailsDialog('id34317')">Configure Smart Card Certificate Status Checking</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_disable_ctrlaltdel_burstaction" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_disable_ctrlaltdel_burstaction" id="rule-overview-leaf-id34318" data-tt-parent-id="xccdf_org.ssgproject.content_group_accounts-physical" data-references='{"NIST SP 800-171":["3.4.5"],"NIST SP 800-53":["CM-6(b)","CM-6.1(iv)"],"https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf":["PR.AC-4","PR.DS-5"],"https://public.cyber.mil/stigs/cci/":["CCI-000366"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000324-GPOS-00125","SRG-OS-000480-GPOS-00227"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux":["SLES-15-040062"],"https://public.cyber.mil/stigs/srg-stig-tools/":["SV-234990r622137_rule"],"https://www.cisecurity.org/controls/":["12","13","14","15","16","18","3","5"],"HIPAA":["164.308(a)(1)(ii)(B)","164.308(a)(7)(i)","164.308(a)(7)(ii)(A)","164.310(a)(1)","164.310(a)(2)(i)","164.310(a)(2)(ii)","164.310(a)(2)(iii)","164.310(b)","164.310(c)","164.310(d)(1)","164.310(d)(2)(iii)"],"https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu":["SR 2.1","SR 5.2"],"https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat":["4.3.3.7.3"],"https://www.isaca.org/resources/cobit":["APO01.06","DSS05.04","DSS05.07","DSS06.02"],"ISO 27001-2013":["A.10.1.1","A.11.1.4","A.11.1.5","A.11.2.1","A.13.1.1","A.13.1.3","A.13.2.1","A.13.2.3","A.13.2.4","A.14.1.2","A.14.1.3","A.6.1.2","A.7.1.1","A.7.1.2","A.7.3.1","A.8.2.2","A.8.2.3","A.9.1.1","A.9.1.2","A.9.2.3","A.9.4.1","A.9.4.4","A.9.4.5"],"https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx":["CIP-003-8 R5.1.1","CIP-003-8 R5.3","CIP-004-6 R2.3","CIP-007-3 R2.1","CIP-007-3 R2.2","CIP-007-3 R2.3","CIP-007-3 R5.1","CIP-007-3 R5.1.1","CIP-007-3 R5.1.2"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.2"]}'><td style="padding-left: 76px"><a href="#rule-detail-id34318" onclick="return openRuleDetailsDialog('id34318')">Disable Ctrl-Alt-Del Burst Action</a></td><td class="rule-severity" style="text-align: center">high</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_accounts-restrictions" class="rule-overview-inner-node rule-overview-inner-node-id-xccdf_org.ssgproject.content_group_accounts-restrictions" data-tt-parent-id="xccdf_org.ssgproject.content_group_accounts"><td colspan="3" style="padding-left: 57px"><strong>Protect Accounts by Restricting Password-Based Login</strong>Â <span class="badge">2x fail</span></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_account_expiration" class="rule-overview-inner-node rule-overview-inner-node-id-xccdf_org.ssgproject.content_group_account_expiration" data-tt-parent-id="xccdf_org.ssgproject.content_group_accounts-restrictions"><td colspan="3" style="padding-left: 76px">Set Account Expiration Parameters<script>$(document).ready(function(){$('.treetable').treetable("collapseNode","xccdf_org.ssgproject.content_group_account_expiration");});</script></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_account_disable_post_pw_expiration" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_account_disable_post_pw_expiration" id="rule-overview-leaf-id34319" data-tt-parent-id="xccdf_org.ssgproject.content_group_account_expiration" data-references='{"NIST SP 800-171":["3.5.6"],"NIST SP 800-53":["IA-4(e)","AC-2(3)","CM-6(a)"],"https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf":["8.2.6"],"https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf":["DE.CM-1","DE.CM-3","PR.AC-1","PR.AC-4","PR.AC-6","PR.AC-7"],"https://public.cyber.mil/stigs/cci/":["CCI-000017","CCI-000795"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000118-GPOS-00060"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux":["SLES-15-020050"],"https://public.cyber.mil/stigs/srg-stig-tools/":["SV-234871r622137_rule"],"https://www.cisecurity.org/benchmark/suse_linux/":["5.4.1.5"],"https://www.cisecurity.org/controls/":["1","12","13","14","15","16","18","3","5","7","8"],"FBI CJIS":["5.6.2.1.1"],"https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu":["SR 1.1","SR 1.10","SR 1.2","SR 1.3","SR 1.4","SR 1.5","SR 1.7","SR 1.8","SR 1.9","SR 2.1","SR 6.2"],"https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat":["4.3.3.2.2","4.3.3.5.1","4.3.3.5.2","4.3.3.6.1","4.3.3.6.2","4.3.3.6.3","4.3.3.6.4","4.3.3.6.5","4.3.3.6.6","4.3.3.6.7","4.3.3.6.8","4.3.3.6.9","4.3.3.7.2","4.3.3.7.3","4.3.3.7.4"],"https://www.isaca.org/resources/cobit":["DSS01.03","DSS03.05","DSS05.04","DSS05.05","DSS05.07","DSS05.10","DSS06.03","DSS06.10"],"ISO 27001-2013":["A.12.4.1","A.12.4.3","A.18.1.4","A.6.1.2","A.7.1.1","A.9.1.2","A.9.2.1","A.9.2.2","A.9.2.3","A.9.2.4","A.9.2.6","A.9.3.1","A.9.4.1","A.9.4.2","A.9.4.3","A.9.4.4","A.9.4.5"],"https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx":["CIP-004-6 R2.2.2","CIP-004-6 R2.2.3","CIP-007-3 R.1.3","CIP-007-3 R5","CIP-007-3 R5.1.1","CIP-007-3 R5.1.3","CIP-007-3 R5.2.1","CIP-007-3 R5.2.3"],"PCI-DSS Requirement":["Req-8.1.4"]}'><td style="padding-left: 95px"><a href="#rule-detail-id34319" onclick="return openRuleDetailsDialog('id34319')">Set Account Expiration Following Inactivity</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_password_expiration" class="rule-overview-inner-node rule-overview-inner-node-id-xccdf_org.ssgproject.content_group_password_expiration" data-tt-parent-id="xccdf_org.ssgproject.content_group_accounts-restrictions"><td colspan="3" style="padding-left: 76px"><strong>Set Password Expiration Parameters</strong>Â <span class="badge">2x fail</span></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_accounts_maximum_age_login_defs" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_accounts_maximum_age_login_defs" id="rule-overview-leaf-id34320" data-tt-parent-id="xccdf_org.ssgproject.content_group_password_expiration" data-references='{"NIST SP 800-171":["3.5.6"],"NIST SP 800-53":["IA-5(f)","IA-5(1)(d)","CM-6(a)"],"ANSSI":["BP28(R18)"],"https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf":["8.3.10.1"],"https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf":["PR.AC-1","PR.AC-6","PR.AC-7"],"https://public.cyber.mil/stigs/cci/":["CCI-000199"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000076-GPOS-00044"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux":["SLES-15-020220"],"https://public.cyber.mil/stigs/srg-stig-tools/":["SV-234891r622137_rule"],"https://www.cisecurity.org/benchmark/suse_linux/":["5.4.1.2"],"https://www.cisecurity.org/controls/":["1","12","15","16","5"],"https://www.cyber.gov.au/acsc/view-all-content/ism":["0418","1055","1402"],"FBI CJIS":["5.6.2.1"],"https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu":["SR 1.1","SR 1.10","SR 1.2","SR 1.3","SR 1.4","SR 1.5","SR 1.7","SR 1.8","SR 1.9","SR 2.1"],"https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat":["4.3.3.2.2","4.3.3.5.1","4.3.3.5.2","4.3.3.6.1","4.3.3.6.2","4.3.3.6.3","4.3.3.6.4","4.3.3.6.5","4.3.3.6.6","4.3.3.6.7","4.3.3.6.8","4.3.3.6.9","4.3.3.7.2","4.3.3.7.4"],"https://www.isaca.org/resources/cobit":["DSS05.04","DSS05.05","DSS05.07","DSS05.10","DSS06.03","DSS06.10"],"ISO 27001-2013":["A.18.1.4","A.7.1.1","A.9.2.1","A.9.2.2","A.9.2.3","A.9.2.4","A.9.2.6","A.9.3.1","A.9.4.2","A.9.4.3"],"PCI-DSS Requirement":["Req-8.2.4"]}'><td style="padding-left: 95px"><a href="#rule-detail-id34320" onclick="return openRuleDetailsDialog('id34320')">Set Password Maximum Age</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_accounts_minimum_age_login_defs" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_accounts_minimum_age_login_defs" id="rule-overview-leaf-id34321" data-tt-parent-id="xccdf_org.ssgproject.content_group_password_expiration" data-references='{"NIST SP 800-171":["3.5.8"],"NIST SP 800-53":["IA-5(1)(d)","IA-5(1).1(v)"],"https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf":["8.3.9"],"https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf":["PR.AC-1","PR.AC-6","PR.AC-7"],"https://public.cyber.mil/stigs/cci/":["CCI-000198"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000075-GPOS-00043"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux":["SLES-15-020200"],"https://public.cyber.mil/stigs/srg-stig-tools/":["SV-234889r622137_rule"],"https://www.cisecurity.org/benchmark/suse_linux/":["5.4.1.3"],"https://www.cisecurity.org/controls/":["1","12","15","16","5"],"https://www.cyber.gov.au/acsc/view-all-content/ism":["0418","1055","1402"],"FBI CJIS":["5.6.2.1.1"],"https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu":["SR 1.1","SR 1.10","SR 1.2","SR 1.3","SR 1.4","SR 1.5","SR 1.7","SR 1.8","SR 1.9","SR 2.1"],"https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat":["4.3.3.2.2","4.3.3.5.1","4.3.3.5.2","4.3.3.6.1","4.3.3.6.2","4.3.3.6.3","4.3.3.6.4","4.3.3.6.5","4.3.3.6.6","4.3.3.6.7","4.3.3.6.8","4.3.3.6.9","4.3.3.7.2","4.3.3.7.4"],"https://www.isaca.org/resources/cobit":["DSS05.04","DSS05.05","DSS05.07","DSS05.10","DSS06.03","DSS06.10"],"ISO 27001-2013":["A.18.1.4","A.7.1.1","A.9.2.1","A.9.2.2","A.9.2.3","A.9.2.4","A.9.2.6","A.9.3.1","A.9.4.2","A.9.4.3"]}'><td style="padding-left: 95px"><a href="#rule-detail-id34321" onclick="return openRuleDetailsDialog('id34321')">Set Password Minimum Age</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_accounts_password_set_max_life_existing" class="rule-overview-leaf rule-overview-leaf-fail rule-overview-needs-attention" id="rule-overview-leaf-id34322" data-tt-parent-id="xccdf_org.ssgproject.content_group_password_expiration" data-references='{"NIST SP 800-53":["IA-5(f)","IA-5(1)(d)","CM-6(a)"],"https://public.cyber.mil/stigs/cci/":["CCI-000199"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000076-GPOS-00044"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux":["SLES-15-020230"],"https://public.cyber.mil/stigs/srg-stig-tools/":["SV-234892r622137_rule"],"https://www.cisecurity.org/benchmark/suse_linux/":["5.4.1.2"]}'><td style="padding-left: 95px"><a href="#rule-detail-id34322" onclick="return openRuleDetailsDialog('id34322')">Set Existing Passwords Maximum Age</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-fail"><div><abbr title="The target system or system component did not satisfy at least one condition of the rule.">fail</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_accounts_password_set_min_life_existing" class="rule-overview-leaf rule-overview-leaf-fail rule-overview-needs-attention" id="rule-overview-leaf-id34323" data-tt-parent-id="xccdf_org.ssgproject.content_group_password_expiration" data-references='{"NIST SP 800-53":["IA-5(1).1(v)"],"https://public.cyber.mil/stigs/cci/":["CCI-000198"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000075-GPOS-00043"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux":["SLES-15-020210"],"https://public.cyber.mil/stigs/srg-stig-tools/":["SV-234890r622137_rule"],"https://www.cisecurity.org/benchmark/suse_linux/":["5.4.1.3"]}'><td style="padding-left: 95px"><a href="#rule-detail-id34323" onclick="return openRuleDetailsDialog('id34323')">Set Existing Passwords Minimum Age</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-fail"><div><abbr title="The target system or system component did not satisfy at least one condition of the rule.">fail</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_root_logins" class="rule-overview-inner-node rule-overview-inner-node-id-xccdf_org.ssgproject.content_group_root_logins" data-tt-parent-id="xccdf_org.ssgproject.content_group_accounts-restrictions"><td colspan="3" style="padding-left: 76px">Restrict Root Logins<script>$(document).ready(function(){$('.treetable').treetable("collapseNode","xccdf_org.ssgproject.content_group_root_logins");});</script></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_no_direct_root_logins" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_no_direct_root_logins" id="rule-overview-leaf-id34324" data-tt-parent-id="xccdf_org.ssgproject.content_group_root_logins" data-references='{"NIST SP 800-171":["3.1.1","3.1.6"],"NIST SP 800-53":["IA-2","CM-6(a)"],"ANSSI":["BP28(R19)"],"https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf":["8.6.1"],"https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf":["PR.AC-1","PR.AC-6","PR.AC-7"],"https://www.cisecurity.org/benchmark/suse_linux/":["5.5"],"https://www.cisecurity.org/controls/":["1","12","15","16","5"],"HIPAA":["164.308(a)(1)(ii)(B)","164.308(a)(7)(i)","164.308(a)(7)(ii)(A)","164.310(a)(1)","164.310(a)(2)(i)","164.310(a)(2)(ii)","164.310(a)(2)(iii)","164.310(b)","164.310(c)","164.310(d)(1)","164.310(d)(2)(iii)"],"https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu":["SR 1.1","SR 1.10","SR 1.2","SR 1.3","SR 1.4","SR 1.5","SR 1.7","SR 1.8","SR 1.9","SR 2.1"],"https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat":["4.3.3.2.2","4.3.3.5.1","4.3.3.5.2","4.3.3.6.1","4.3.3.6.2","4.3.3.6.3","4.3.3.6.4","4.3.3.6.5","4.3.3.6.6","4.3.3.6.7","4.3.3.6.8","4.3.3.6.9","4.3.3.7.2","4.3.3.7.4"],"https://www.isaca.org/resources/cobit":["DSS05.04","DSS05.05","DSS05.07","DSS05.10","DSS06.03","DSS06.10"],"ISO 27001-2013":["A.18.1.4","A.7.1.1","A.9.2.1","A.9.2.2","A.9.2.3","A.9.2.4","A.9.2.6","A.9.3.1","A.9.4.2","A.9.4.3"],"https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx":["CIP-003-8 R5.1.1","CIP-003-8 R5.3","CIP-004-6 R2.2.3","CIP-004-6 R2.3","CIP-007-3 R5.1","CIP-007-3 R5.1.2","CIP-007-3 R5.2","CIP-007-3 R5.3.1","CIP-007-3 R5.3.2","CIP-007-3 R5.3.3"]}'><td style="padding-left: 95px"><a href="#rule-detail-id34324" onclick="return openRuleDetailsDialog('id34324')">Direct root Logins Not Allowed</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_accounts-session" class="rule-overview-inner-node rule-overview-inner-node-id-xccdf_org.ssgproject.content_group_accounts-session" data-tt-parent-id="xccdf_org.ssgproject.content_group_accounts"><td colspan="3" style="padding-left: 57px">Secure Session Configuration Files for Login Accounts<script>$(document).ready(function(){$('.treetable').treetable("collapseNode","xccdf_org.ssgproject.content_group_accounts-session");});</script></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_user_umask" class="rule-overview-inner-node rule-overview-inner-node-id-xccdf_org.ssgproject.content_group_user_umask" data-tt-parent-id="xccdf_org.ssgproject.content_group_accounts-session"><td colspan="3" style="padding-left: 76px">Ensure that Users Have Sensible Umask Values<script>$(document).ready(function(){$('.treetable').treetable("collapseNode","xccdf_org.ssgproject.content_group_user_umask");});</script></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_accounts_umask_etc_login_defs" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_accounts_umask_etc_login_defs" id="rule-overview-leaf-id34325" data-tt-parent-id="xccdf_org.ssgproject.content_group_user_umask" data-references='{"NIST SP 800-53":["AC-6(1)","CM-6(a)"],"ANSSI":["BP28(R35)"],"https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf":["8.6.1"],"https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf":["PR.IP-1","PR.IP-2"],"https://public.cyber.mil/stigs/cci/":["CCI-000366"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000480-GPOS-00228"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux":["SLES-15-040420"],"https://public.cyber.mil/stigs/srg-stig-tools/":["SV-235030r622137_rule"],"https://www.cisecurity.org/benchmark/suse_linux/":["5.4.5"],"https://www.cisecurity.org/controls/":["11","18","3","9"],"https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu":["SR 7.6"],"https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat":["4.3.4.3.2","4.3.4.3.3"],"https://www.isaca.org/resources/cobit":["APO13.01","BAI03.01","BAI03.02","BAI03.03","BAI10.01","BAI10.02","BAI10.03","BAI10.05"],"ISO 27001-2013":["A.12.1.2","A.12.5.1","A.12.6.2","A.14.1.1","A.14.2.1","A.14.2.2","A.14.2.3","A.14.2.4","A.14.2.5","A.6.1.5"],"https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx":["CIP-003-8 R5.1.1","CIP-003-8 R5.3","CIP-004-6 R2.3","CIP-007-3 R2.1","CIP-007-3 R2.2","CIP-007-3 R2.3","CIP-007-3 R5.1","CIP-007-3 R5.1.1","CIP-007-3 R5.1.2"]}'><td style="padding-left: 95px"><a href="#rule-detail-id34325" onclick="return openRuleDetailsDialog('id34325')">Ensure the Default Umask is Set Correctly in login.defs</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_accounts_umask_etc_profile" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_accounts_umask_etc_profile" id="rule-overview-leaf-id34326" data-tt-parent-id="xccdf_org.ssgproject.content_group_user_umask" data-references='{"NIST SP 800-53":["AC-6(1)","CM-6(a)"],"ANSSI":["BP28(R35)"],"https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf":["8.6.1"],"https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf":["PR.IP-2"],"https://public.cyber.mil/stigs/cci/":["CCI-000366"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000480-GPOS-00228","SRG-OS-000480-GPOS-00227"],"https://www.cisecurity.org/benchmark/suse_linux/":["5.4.5"],"https://www.cisecurity.org/controls/":["18"],"https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat":["4.3.4.3.3"],"https://www.isaca.org/resources/cobit":["APO13.01","BAI03.01","BAI03.02","BAI03.03"],"ISO 27001-2013":["A.14.1.1","A.14.2.1","A.14.2.5","A.6.1.5"],"https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx":["CIP-003-8 R5.1.1","CIP-003-8 R5.3","CIP-004-6 R2.3","CIP-007-3 R2.1","CIP-007-3 R2.2","CIP-007-3 R2.3","CIP-007-3 R5.1","CIP-007-3 R5.1.1","CIP-007-3 R5.1.2"]}'><td style="padding-left: 95px"><a href="#rule-detail-id34326" onclick="return openRuleDetailsDialog('id34326')">Ensure the Default Umask is Set Correctly in /etc/profile</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_accounts_have_homedir_login_defs" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_accounts_have_homedir_login_defs" id="rule-overview-leaf-id34327" data-tt-parent-id="xccdf_org.ssgproject.content_group_accounts-session" data-references='{"https://public.cyber.mil/stigs/cci/":["CCI-000366"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000480-GPOS-00227"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux":["SLES-15-020110"],"https://public.cyber.mil/stigs/srg-stig-tools/":["SV-234880r622137_rule"]}'><td style="padding-left: 76px"><a href="#rule-detail-id34327" onclick="return openRuleDetailsDialog('id34327')">Ensure Home Directories are Created for New Users</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_accounts_tmout" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_accounts_tmout" id="rule-overview-leaf-id34328" data-tt-parent-id="xccdf_org.ssgproject.content_group_accounts-session" data-references='{"NIST SP 800-171":["3.1.11"],"NIST SP 800-53":["AC-12","SC-10","AC-2(5)","CM-6(a)"],"ANSSI":["BP28(R29)"],"https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf":["8.6.1"],"https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf":["PR.AC-7"],"https://public.cyber.mil/stigs/cci/":["CCI-000057","CCI-001133","CCI-002361"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000163-GPOS-00072","SRG-OS-000029-GPOS-00010"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux":["SLES-15-010130"],"https://public.cyber.mil/stigs/srg-stig-tools/":["SV-234813r622137_rule"],"https://www.cisecurity.org/benchmark/suse_linux/":["5.4.4"],"https://www.cisecurity.org/controls/":["1","12","15","16"],"https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu":["SR 1.1","SR 1.10","SR 1.2","SR 1.5","SR 1.7","SR 1.8","SR 1.9"],"https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat":["4.3.3.6.1","4.3.3.6.2","4.3.3.6.3","4.3.3.6.4","4.3.3.6.5","4.3.3.6.6","4.3.3.6.7","4.3.3.6.8","4.3.3.6.9"],"https://www.isaca.org/resources/cobit":["DSS05.04","DSS05.10","DSS06.10"],"ISO 27001-2013":["A.18.1.4","A.9.2.1","A.9.2.4","A.9.3.1","A.9.4.2","A.9.4.3"],"https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx":["CIP-004-6 R2.2.3","CIP-007-3 R5.1","CIP-007-3 R5.2","CIP-007-3 R5.3.1","CIP-007-3 R5.3.2","CIP-007-3 R5.3.3"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FMT_MOF_EXT.1"]}'><td style="padding-left: 76px"><a href="#rule-detail-id34328" onclick="return openRuleDetailsDialog('id34328')">Set Interactive Session Timeout</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_file_permissions_home_directories" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_file_permissions_home_directories" id="rule-overview-leaf-id34329" data-tt-parent-id="xccdf_org.ssgproject.content_group_accounts-session" data-references='{"https://public.cyber.mil/stigs/cci/":["CCI-000366"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000480-GPOS-00227"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux":["SLES-15-040090"],"https://public.cyber.mil/stigs/srg-stig-tools/":["SV-234993r622137_rule"],"https://www.cisecurity.org/benchmark/suse_linux/":["6.2.6"]}'><td style="padding-left: 76px"><a href="#rule-detail-id34329" onclick="return openRuleDetailsDialog('id34329')">All Interactive User Home Directories Must Have mode 0750 Or Less Permissive</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_auditing" class="rule-overview-inner-node rule-overview-inner-node-id-xccdf_org.ssgproject.content_group_auditing" data-tt-parent-id="xccdf_org.ssgproject.content_group_system"><td colspan="3" style="padding-left: 38px">System Accounting with auditd<script>$(document).ready(function(){$('.treetable').treetable("collapseNode","xccdf_org.ssgproject.content_group_auditing");});</script></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_auditd_configure_rules" class="rule-overview-inner-node rule-overview-inner-node-id-xccdf_org.ssgproject.content_group_auditd_configure_rules" data-tt-parent-id="xccdf_org.ssgproject.content_group_auditing"><td colspan="3" style="padding-left: 57px">Configure auditd Rules for Comprehensive Auditing<script>$(document).ready(function(){$('.treetable').treetable("collapseNode","xccdf_org.ssgproject.content_group_auditd_configure_rules");});</script></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_audit_dac_actions" class="rule-overview-inner-node rule-overview-inner-node-id-xccdf_org.ssgproject.content_group_audit_dac_actions" data-tt-parent-id="xccdf_org.ssgproject.content_group_auditd_configure_rules"><td colspan="3" style="padding-left: 76px">Record Events that Modify the System's Discretionary Access Controls<script>$(document).ready(function(){$('.treetable').treetable("collapseNode","xccdf_org.ssgproject.content_group_audit_dac_actions");});</script></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_chmod" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_chmod" id="rule-overview-leaf-id34330" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_dac_actions" data-references='{"NIST SP 800-171":["3.1.7"],"NIST SP 800-53":["AU-3","AU-3.1","AU-12(c)","AU-12.1(iv)","AU-12(a)","AU-12.1(ii)","MA-4(1)(a)"],"ANSSI":["BP28(R73)"],"https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf":["10.3.4"],"https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf":["DE.AE-3","DE.AE-5","DE.CM-1","DE.CM-3","DE.CM-7","ID.SC-4","PR.AC-3","PR.PT-1","PR.PT-4","RS.AN-1","RS.AN-4"],"https://public.cyber.mil/stigs/cci/":["CCI-000126","CCI-000130","CCI-000135","CCI-000169","CCI-000172","CCI-002884"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000037-GPOS-00015","SRG-OS-000042-GPOS-00020","SRG-OS-000062-GPOS-00031","SRG-OS-000392-GPOS-00172","SRG-OS-000462-GPOS-00206","SRG-OS-000471-GPOS-00215","SRG-OS-000064-GPOS-00033","SRG-OS-000466-GPOS-00210","SRG-OS-000458-GPOS-00203"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux":["SLES-15-030290"],"https://public.cyber.mil/stigs/srg-stig-tools/":["SV-234928r622137_rule"],"https://www.cisecurity.org/benchmark/suse_linux/":["4.1.9"],"https://www.cisecurity.org/controls/":["1","11","12","13","14","15","16","19","2","3","4","5","6","7","8","9"],"FBI CJIS":["5.4.1.1"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)(ii)(A)","164.308(a)(5)(ii)(C)","164.312(a)(2)(i)","164.312(b)","164.312(d)","164.312(e)"],"https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu":["SR 1.13","SR 2.10","SR 2.11","SR 2.12","SR 2.6","SR 2.8","SR 2.9","SR 3.1","SR 3.5","SR 3.8","SR 4.1","SR 4.3","SR 5.1","SR 5.2","SR 5.3","SR 6.1","SR 6.2","SR 7.1","SR 7.6"],"https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat":["4.2.3.10","4.3.2.6.7","4.3.3.3.9","4.3.3.5.8","4.3.3.6.6","4.3.4.4.7","4.3.4.5.6","4.3.4.5.7","4.3.4.5.8","4.4.2.1","4.4.2.2","4.4.2.4"],"https://www.isaca.org/resources/cobit":["APO10.01","APO10.03","APO10.04","APO10.05","APO11.04","APO12.06","APO13.01","BAI03.05","BAI08.02","DSS01.03","DSS01.04","DSS02.02","DSS02.04","DSS02.07","DSS03.01","DSS03.05","DSS05.02","DSS05.03","DSS05.04","DSS05.05","DSS05.07","MEA01.01","MEA01.02","MEA01.03","MEA01.04","MEA01.05","MEA02.01"],"ISO 27001-2013":["A.11.2.6","A.12.4.1","A.12.4.2","A.12.4.3","A.12.4.4","A.12.7.1","A.13.1.1","A.13.2.1","A.14.1.3","A.14.2.7","A.15.2.1","A.15.2.2","A.16.1.4","A.16.1.5","A.16.1.7","A.6.2.1","A.6.2.2"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"],"PCI-DSS Requirement":["Req-10.5.5"]}'><td style="padding-left: 95px"><a href="#rule-detail-id34330" onclick="return openRuleDetailsDialog('id34330')">Record Events that Modify the System's Discretionary Access Controls - chmod</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_chown" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_chown" id="rule-overview-leaf-id34331" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_dac_actions" data-references='{"NIST SP 800-171":["3.1.7"],"NIST SP 800-53":["AU-3","AU-3.1","AU-12(c)","AU-12.1(iv)","AU-12(a)","AU-12.1(ii)","MA-4(1)(a)"],"ANSSI":["BP28(R73)"],"https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf":["10.3.4"],"https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf":["DE.AE-3","DE.AE-5","DE.CM-1","DE.CM-3","DE.CM-7","ID.SC-4","PR.AC-3","PR.PT-1","PR.PT-4","RS.AN-1","RS.AN-4"],"https://public.cyber.mil/stigs/cci/":["CCI-000126","CCI-000130","CCI-000135","CCI-000169","CCI-000172","CCI-002884"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000037-GPOS-00015","SRG-OS-000042-GPOS-00020","SRG-OS-000062-GPOS-00031","SRG-OS-000392-GPOS-00172","SRG-OS-000462-GPOS-00206","SRG-OS-000471-GPOS-00215","SRG-OS-000064-GPOS-00033","SRG-OS-000466-GPOS-00210","SRG-OS-000458-GPOS-00203","SRG-OS-000474-GPOS-00219"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux":["SLES-15-030250"],"https://public.cyber.mil/stigs/srg-stig-tools/":["SV-234924r622137_rule"],"https://www.cisecurity.org/benchmark/suse_linux/":["4.1.9"],"https://www.cisecurity.org/controls/":["1","11","12","13","14","15","16","19","2","3","4","5","6","7","8","9"],"FBI CJIS":["5.4.1.1"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)(ii)(A)","164.308(a)(5)(ii)(C)","164.312(a)(2)(i)","164.312(b)","164.312(d)","164.312(e)"],"https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu":["SR 1.13","SR 2.10","SR 2.11","SR 2.12","SR 2.6","SR 2.8","SR 2.9","SR 3.1","SR 3.5","SR 3.8","SR 4.1","SR 4.3","SR 5.1","SR 5.2","SR 5.3","SR 6.1","SR 6.2","SR 7.1","SR 7.6"],"https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat":["4.2.3.10","4.3.2.6.7","4.3.3.3.9","4.3.3.5.8","4.3.3.6.6","4.3.4.4.7","4.3.4.5.6","4.3.4.5.7","4.3.4.5.8","4.4.2.1","4.4.2.2","4.4.2.4"],"https://www.isaca.org/resources/cobit":["APO10.01","APO10.03","APO10.04","APO10.05","APO11.04","APO12.06","APO13.01","BAI03.05","BAI08.02","DSS01.03","DSS01.04","DSS02.02","DSS02.04","DSS02.07","DSS03.01","DSS03.05","DSS05.02","DSS05.03","DSS05.04","DSS05.05","DSS05.07","MEA01.01","MEA01.02","MEA01.03","MEA01.04","MEA01.05","MEA02.01"],"ISO 27001-2013":["A.11.2.6","A.12.4.1","A.12.4.2","A.12.4.3","A.12.4.4","A.12.7.1","A.13.1.1","A.13.2.1","A.14.1.3","A.14.2.7","A.15.2.1","A.15.2.2","A.16.1.4","A.16.1.5","A.16.1.7","A.6.2.1","A.6.2.2"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"],"PCI-DSS Requirement":["Req-10.5.5"]}'><td style="padding-left: 95px"><a href="#rule-detail-id34331" onclick="return openRuleDetailsDialog('id34331')">Record Events that Modify the System's Discretionary Access Controls - chown</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_fchmod" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_fchmod" id="rule-overview-leaf-id34332" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_dac_actions" data-references='{"NIST SP 800-171":["3.1.7"],"NIST SP 800-53":["AU-3","AU-3.1","AU-12(c)","AU-12.1(iv)","AU-12(a)","AU-12.1(ii)","MA-4(1)(a)"],"ANSSI":["BP28(R73)"],"https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf":["10.3.4"],"https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf":["DE.AE-3","DE.AE-5","DE.CM-1","DE.CM-3","DE.CM-7","ID.SC-4","PR.AC-3","PR.PT-1","PR.PT-4","RS.AN-1","RS.AN-4"],"https://public.cyber.mil/stigs/cci/":["CCI-000126","CCI-000130","CCI-000135","CCI-000169","CCI-000172","CCI-002884"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000037-GPOS-00015","SRG-OS-000042-GPOS-00020","SRG-OS-000062-GPOS-00031","SRG-OS-000392-GPOS-00172","SRG-OS-000462-GPOS-00206","SRG-OS-000471-GPOS-00215","SRG-OS-000064-GPOS-00033","SRG-OS-000466-GPOS-00210","SRG-OS-000458-GPOS-00203"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux":["SLES-15-030290"],"https://public.cyber.mil/stigs/srg-stig-tools/":["SV-234928r622137_rule"],"https://www.cisecurity.org/benchmark/suse_linux/":["4.1.9"],"https://www.cisecurity.org/controls/":["1","11","12","13","14","15","16","19","2","3","4","5","6","7","8","9"],"FBI CJIS":["5.4.1.1"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)(ii)(A)","164.308(a)(5)(ii)(C)","164.312(a)(2)(i)","164.312(b)","164.312(d)","164.312(e)"],"https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu":["SR 1.13","SR 2.10","SR 2.11","SR 2.12","SR 2.6","SR 2.8","SR 2.9","SR 3.1","SR 3.5","SR 3.8","SR 4.1","SR 4.3","SR 5.1","SR 5.2","SR 5.3","SR 6.1","SR 6.2","SR 7.1","SR 7.6"],"https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat":["4.2.3.10","4.3.2.6.7","4.3.3.3.9","4.3.3.5.8","4.3.3.6.6","4.3.4.4.7","4.3.4.5.6","4.3.4.5.7","4.3.4.5.8","4.4.2.1","4.4.2.2","4.4.2.4"],"https://www.isaca.org/resources/cobit":["APO10.01","APO10.03","APO10.04","APO10.05","APO11.04","APO12.06","APO13.01","BAI03.05","BAI08.02","DSS01.03","DSS01.04","DSS02.02","DSS02.04","DSS02.07","DSS03.01","DSS03.05","DSS05.02","DSS05.03","DSS05.04","DSS05.05","DSS05.07","MEA01.01","MEA01.02","MEA01.03","MEA01.04","MEA01.05","MEA02.01"],"ISO 27001-2013":["A.11.2.6","A.12.4.1","A.12.4.2","A.12.4.3","A.12.4.4","A.12.7.1","A.13.1.1","A.13.2.1","A.14.1.3","A.14.2.7","A.15.2.1","A.15.2.2","A.16.1.4","A.16.1.5","A.16.1.7","A.6.2.1","A.6.2.2"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"],"PCI-DSS Requirement":["Req-10.5.5"]}'><td style="padding-left: 95px"><a href="#rule-detail-id34332" onclick="return openRuleDetailsDialog('id34332')">Record Events that Modify the System's Discretionary Access Controls - fchmod</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_fchmodat" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_fchmodat" id="rule-overview-leaf-id34333" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_dac_actions" data-references='{"NIST SP 800-171":["3.1.7"],"NIST SP 800-53":["AU-3","AU-3.1","AU-12(c)","AU-12.1(iv)","AU-12(a)","AU-12.1(ii)","MA-4(1)(a)"],"ANSSI":["BP28(R73)"],"https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf":["10.3.4"],"https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf":["DE.AE-3","DE.AE-5","DE.CM-1","DE.CM-3","DE.CM-7","ID.SC-4","PR.AC-3","PR.PT-1","PR.PT-4","RS.AN-1","RS.AN-4"],"https://public.cyber.mil/stigs/cci/":["CCI-000126","CCI-000130","CCI-000135","CCI-000169","CCI-000172","CCI-002884"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000037-GPOS-00015","SRG-OS-000042-GPOS-00020","SRG-OS-000062-GPOS-00031","SRG-OS-000392-GPOS-00172","SRG-OS-000462-GPOS-00206","SRG-OS-000471-GPOS-00215","SRG-OS-000064-GPOS-00033","SRG-OS-000466-GPOS-00210","SRG-OS-000458-GPOS-00203"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux":["SLES-15-030290"],"https://public.cyber.mil/stigs/srg-stig-tools/":["SV-234928r622137_rule"],"https://www.cisecurity.org/benchmark/suse_linux/":["4.1.9"],"https://www.cisecurity.org/controls/":["1","11","12","13","14","15","16","19","2","3","4","5","6","7","8","9"],"FBI CJIS":["5.4.1.1"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)(ii)(A)","164.308(a)(5)(ii)(C)","164.312(a)(2)(i)","164.312(b)","164.312(d)","164.312(e)"],"https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu":["SR 1.13","SR 2.10","SR 2.11","SR 2.12","SR 2.6","SR 2.8","SR 2.9","SR 3.1","SR 3.5","SR 3.8","SR 4.1","SR 4.3","SR 5.1","SR 5.2","SR 5.3","SR 6.1","SR 6.2","SR 7.1","SR 7.6"],"https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat":["4.2.3.10","4.3.2.6.7","4.3.3.3.9","4.3.3.5.8","4.3.3.6.6","4.3.4.4.7","4.3.4.5.6","4.3.4.5.7","4.3.4.5.8","4.4.2.1","4.4.2.2","4.4.2.4"],"https://www.isaca.org/resources/cobit":["APO10.01","APO10.03","APO10.04","APO10.05","APO11.04","APO12.06","APO13.01","BAI03.05","BAI08.02","DSS01.03","DSS01.04","DSS02.02","DSS02.04","DSS02.07","DSS03.01","DSS03.05","DSS05.02","DSS05.03","DSS05.04","DSS05.05","DSS05.07","MEA01.01","MEA01.02","MEA01.03","MEA01.04","MEA01.05","MEA02.01"],"ISO 27001-2013":["A.11.2.6","A.12.4.1","A.12.4.2","A.12.4.3","A.12.4.4","A.12.7.1","A.13.1.1","A.13.2.1","A.14.1.3","A.14.2.7","A.15.2.1","A.15.2.2","A.16.1.4","A.16.1.5","A.16.1.7","A.6.2.1","A.6.2.2"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"],"PCI-DSS Requirement":["Req-10.5.5"]}'><td style="padding-left: 95px"><a href="#rule-detail-id34333" onclick="return openRuleDetailsDialog('id34333')">Record Events that Modify the System's Discretionary Access Controls - fchmodat</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_fchown" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_fchown" id="rule-overview-leaf-id34334" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_dac_actions" data-references='{"NIST SP 800-171":["3.1.7"],"NIST SP 800-53":["AU-3","AU-3.1","AU-12(c)","AU-12.1(iv)","AU-12(a)","AU-12.1(ii)","MA-4(1)(a)"],"ANSSI":["BP28(R73)"],"https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf":["10.3.4"],"https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf":["DE.AE-3","DE.AE-5","DE.CM-1","DE.CM-3","DE.CM-7","ID.SC-4","PR.AC-3","PR.PT-1","PR.PT-4","RS.AN-1","RS.AN-4"],"https://public.cyber.mil/stigs/cci/":["CCI-000126","CCI-000130","CCI-000135","CCI-000169","CCI-000172","CCI-002884"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000037-GPOS-00015","SRG-OS-000042-GPOS-00020","SRG-OS-000062-GPOS-00031","SRG-OS-000392-GPOS-00172","SRG-OS-000462-GPOS-00206","SRG-OS-000471-GPOS-00215","SRG-OS-000064-GPOS-00033","SRG-OS-000466-GPOS-00210","SRG-OS-000458-GPOS-00203","SRG-OS-000474-GPOS-00219"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux":["SLES-15-030250"],"https://public.cyber.mil/stigs/srg-stig-tools/":["SV-234924r622137_rule"],"https://www.cisecurity.org/benchmark/suse_linux/":["4.1.9"],"https://www.cisecurity.org/controls/":["1","11","12","13","14","15","16","19","2","3","4","5","6","7","8","9"],"FBI CJIS":["5.4.1.1"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)(ii)(A)","164.308(a)(5)(ii)(C)","164.312(a)(2)(i)","164.312(b)","164.312(d)","164.312(e)"],"https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu":["SR 1.13","SR 2.10","SR 2.11","SR 2.12","SR 2.6","SR 2.8","SR 2.9","SR 3.1","SR 3.5","SR 3.8","SR 4.1","SR 4.3","SR 5.1","SR 5.2","SR 5.3","SR 6.1","SR 6.2","SR 7.1","SR 7.6"],"https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat":["4.2.3.10","4.3.2.6.7","4.3.3.3.9","4.3.3.5.8","4.3.3.6.6","4.3.4.4.7","4.3.4.5.6","4.3.4.5.7","4.3.4.5.8","4.4.2.1","4.4.2.2","4.4.2.4"],"https://www.isaca.org/resources/cobit":["APO10.01","APO10.03","APO10.04","APO10.05","APO11.04","APO12.06","APO13.01","BAI03.05","BAI08.02","DSS01.03","DSS01.04","DSS02.02","DSS02.04","DSS02.07","DSS03.01","DSS03.05","DSS05.02","DSS05.03","DSS05.04","DSS05.05","DSS05.07","MEA01.01","MEA01.02","MEA01.03","MEA01.04","MEA01.05","MEA02.01"],"ISO 27001-2013":["A.11.2.6","A.12.4.1","A.12.4.2","A.12.4.3","A.12.4.4","A.12.7.1","A.13.1.1","A.13.2.1","A.14.1.3","A.14.2.7","A.15.2.1","A.15.2.2","A.16.1.4","A.16.1.5","A.16.1.7","A.6.2.1","A.6.2.2"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"],"PCI-DSS Requirement":["Req-10.5.5"]}'><td style="padding-left: 95px"><a href="#rule-detail-id34334" onclick="return openRuleDetailsDialog('id34334')">Record Events that Modify the System's Discretionary Access Controls - fchown</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_fchownat" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_fchownat" id="rule-overview-leaf-id34335" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_dac_actions" data-references='{"NIST SP 800-171":["3.1.7"],"NIST SP 800-53":["AU-3","AU-3.1","AU-12(c)","AU-12.1(iv)","AU-12(a)","AU-12.1(ii)","MA-4(1)(a)"],"ANSSI":["BP28(R73)"],"https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf":["10.3.4"],"https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf":["DE.AE-3","DE.AE-5","DE.CM-1","DE.CM-3","DE.CM-7","ID.SC-4","PR.AC-3","PR.PT-1","PR.PT-4","RS.AN-1","RS.AN-4"],"https://public.cyber.mil/stigs/cci/":["CCI-000126","CCI-000130","CCI-000135","CCI-000169","CCI-000172","CCI-002884"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000037-GPOS-00015","SRG-OS-000042-GPOS-00020","SRG-OS-000062-GPOS-00031","SRG-OS-000392-GPOS-00172","SRG-OS-000462-GPOS-00206","SRG-OS-000471-GPOS-00215","SRG-OS-000064-GPOS-00033","SRG-OS-000466-GPOS-00210","SRG-OS-000458-GPOS-00203","SRG-OS-000474-GPOS-00219"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux":["SLES-15-030250"],"https://public.cyber.mil/stigs/srg-stig-tools/":["SV-234924r622137_rule"],"https://www.cisecurity.org/benchmark/suse_linux/":["4.1.9"],"https://www.cisecurity.org/controls/":["1","11","12","13","14","15","16","19","2","3","4","5","6","7","8","9"],"FBI CJIS":["5.4.1.1"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)(ii)(A)","164.308(a)(5)(ii)(C)","164.312(a)(2)(i)","164.312(b)","164.312(d)","164.312(e)"],"https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu":["SR 1.13","SR 2.10","SR 2.11","SR 2.12","SR 2.6","SR 2.8","SR 2.9","SR 3.1","SR 3.5","SR 3.8","SR 4.1","SR 4.3","SR 5.1","SR 5.2","SR 5.3","SR 6.1","SR 6.2","SR 7.1","SR 7.6"],"https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat":["4.2.3.10","4.3.2.6.7","4.3.3.3.9","4.3.3.5.8","4.3.3.6.6","4.3.4.4.7","4.3.4.5.6","4.3.4.5.7","4.3.4.5.8","4.4.2.1","4.4.2.2","4.4.2.4"],"https://www.isaca.org/resources/cobit":["APO10.01","APO10.03","APO10.04","APO10.05","APO11.04","APO12.06","APO13.01","BAI03.05","BAI08.02","DSS01.03","DSS01.04","DSS02.02","DSS02.04","DSS02.07","DSS03.01","DSS03.05","DSS05.02","DSS05.03","DSS05.04","DSS05.05","DSS05.07","MEA01.01","MEA01.02","MEA01.03","MEA01.04","MEA01.05","MEA02.01"],"ISO 27001-2013":["A.11.2.6","A.12.4.1","A.12.4.2","A.12.4.3","A.12.4.4","A.12.7.1","A.13.1.1","A.13.2.1","A.14.1.3","A.14.2.7","A.15.2.1","A.15.2.2","A.16.1.4","A.16.1.5","A.16.1.7","A.6.2.1","A.6.2.2"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"],"PCI-DSS Requirement":["Req-10.5.5"]}'><td style="padding-left: 95px"><a href="#rule-detail-id34335" onclick="return openRuleDetailsDialog('id34335')">Record Events that Modify the System's Discretionary Access Controls - fchownat</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_fremovexattr" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_fremovexattr" id="rule-overview-leaf-id34336" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_dac_actions" data-references='{"NIST SP 800-171":["3.1.7"],"NIST SP 800-53":["AU-12(a)","AU-12.1(ii)","AU-12(c)","AU-12.1(iv)","AU-3","AU-3.1","MA-4(1)(a)"],"ANSSI":["BP28(R73)"],"https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf":["10.3.4"],"https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf":["DE.AE-3","DE.AE-5","DE.CM-1","DE.CM-3","DE.CM-7","ID.SC-4","PR.AC-3","PR.PT-1","PR.PT-4","RS.AN-1","RS.AN-4"],"https://public.cyber.mil/stigs/cci/":["CCI-000130","CCI-000135","CCI-000169","CCI-000172","CCI-002884"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000037-GPOS-00015","SRG-OS-000042-GPOS-00020","SRG-OS-000062-GPOS-00031","SRG-OS-000392-GPOS-00172","SRG-OS-000458-GPOS-00203","SRG-OS-000462-GPOS-00206","SRG-OS-000463-GPOS-00207","SRG-OS-000471-GPOS-00215","SRG-OS-000474-GPOS-00219","SRG-OS-000466-GPOS-00210","SRG-OS-000468-GPOS-00212","SRG-OS-000064-GPOS-00033"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux":["SLES-15-030190"],"https://public.cyber.mil/stigs/srg-stig-tools/":["SV-234918r622137_rule"],"https://www.cisecurity.org/benchmark/suse_linux/":["4.1.9"],"https://www.cisecurity.org/controls/":["1","11","12","13","14","15","16","19","2","3","4","5","6","7","8","9"],"FBI CJIS":["5.4.1.1"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)(ii)(A)","164.308(a)(5)(ii)(C)","164.312(a)(2)(i)","164.312(b)","164.312(d)","164.312(e)"],"https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu":["SR 1.13","SR 2.10","SR 2.11","SR 2.12","SR 2.6","SR 2.8","SR 2.9","SR 3.1","SR 3.5","SR 3.8","SR 4.1","SR 4.3","SR 5.1","SR 5.2","SR 5.3","SR 6.1","SR 6.2","SR 7.1","SR 7.6"],"https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat":["4.2.3.10","4.3.2.6.7","4.3.3.3.9","4.3.3.5.8","4.3.3.6.6","4.3.4.4.7","4.3.4.5.6","4.3.4.5.7","4.3.4.5.8","4.4.2.1","4.4.2.2","4.4.2.4"],"https://www.isaca.org/resources/cobit":["APO10.01","APO10.03","APO10.04","APO10.05","APO11.04","APO12.06","APO13.01","BAI03.05","BAI08.02","DSS01.03","DSS01.04","DSS02.02","DSS02.04","DSS02.07","DSS03.01","DSS03.05","DSS05.02","DSS05.03","DSS05.04","DSS05.05","DSS05.07","MEA01.01","MEA01.02","MEA01.03","MEA01.04","MEA01.05","MEA02.01"],"ISO 27001-2013":["A.11.2.6","A.12.4.1","A.12.4.2","A.12.4.3","A.12.4.4","A.12.7.1","A.13.1.1","A.13.2.1","A.14.1.3","A.14.2.7","A.15.2.1","A.15.2.2","A.16.1.4","A.16.1.5","A.16.1.7","A.6.2.1","A.6.2.2"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"],"PCI-DSS Requirement":["Req-10.5.5"]}'><td style="padding-left: 95px"><a href="#rule-detail-id34336" onclick="return openRuleDetailsDialog('id34336')">Record Events that Modify the System's Discretionary Access Controls - fremovexattr</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_fsetxattr" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_fsetxattr" id="rule-overview-leaf-id34337" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_dac_actions" data-references='{"NIST SP 800-171":["3.1.7"],"NIST SP 800-53":["AU-12(a)","AU-12.1(ii)","AU-12(c)","AU-12.1(iv)","AU-3","AU-3.1","MA-4(1)(a)"],"ANSSI":["BP28(R73)"],"https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf":["10.3.4"],"https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf":["DE.AE-3","DE.AE-5","DE.CM-1","DE.CM-3","DE.CM-7","ID.SC-4","PR.AC-3","PR.PT-1","PR.PT-4","RS.AN-1","RS.AN-4"],"https://public.cyber.mil/stigs/cci/":["CCI-000126","CCI-000130","CCI-000135","CCI-000169","CCI-000172","CCI-002884"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000037-GPOS-00015","SRG-OS-000042-GPOS-00020","SRG-OS-000062-GPOS-00031","SRG-OS-000392-GPOS-00172","SRG-OS-000458-GPOS-00203","SRG-OS-000462-GPOS-00206","SRG-OS-000463-GPOS-00207","SRG-OS-000466-GPOS-00210","SRG-OS-000468-GPOS-00212","SRG-OS-000471-GPOS-00215","SRG-OS-000474-GPOS-00219","SRG-OS-000064-GPOS-00033"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux":["SLES-15-030190"],"https://public.cyber.mil/stigs/srg-stig-tools/":["SV-234918r622137_rule"],"https://www.cisecurity.org/benchmark/suse_linux/":["4.1.9"],"https://www.cisecurity.org/controls/":["1","11","12","13","14","15","16","19","2","3","4","5","6","7","8","9"],"FBI CJIS":["5.4.1.1"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)(ii)(A)","164.308(a)(5)(ii)(C)","164.312(a)(2)(i)","164.312(b)","164.312(d)","164.312(e)"],"https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu":["SR 1.13","SR 2.10","SR 2.11","SR 2.12","SR 2.6","SR 2.8","SR 2.9","SR 3.1","SR 3.5","SR 3.8","SR 4.1","SR 4.3","SR 5.1","SR 5.2","SR 5.3","SR 6.1","SR 6.2","SR 7.1","SR 7.6"],"https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat":["4.2.3.10","4.3.2.6.7","4.3.3.3.9","4.3.3.5.8","4.3.3.6.6","4.3.4.4.7","4.3.4.5.6","4.3.4.5.7","4.3.4.5.8","4.4.2.1","4.4.2.2","4.4.2.4"],"https://www.isaca.org/resources/cobit":["APO10.01","APO10.03","APO10.04","APO10.05","APO11.04","APO12.06","APO13.01","BAI03.05","BAI08.02","DSS01.03","DSS01.04","DSS02.02","DSS02.04","DSS02.07","DSS03.01","DSS03.05","DSS05.02","DSS05.03","DSS05.04","DSS05.05","DSS05.07","MEA01.01","MEA01.02","MEA01.03","MEA01.04","MEA01.05","MEA02.01"],"ISO 27001-2013":["A.11.2.6","A.12.4.1","A.12.4.2","A.12.4.3","A.12.4.4","A.12.7.1","A.13.1.1","A.13.2.1","A.14.1.3","A.14.2.7","A.15.2.1","A.15.2.2","A.16.1.4","A.16.1.5","A.16.1.7","A.6.2.1","A.6.2.2"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"],"PCI-DSS Requirement":["Req-10.5.5"]}'><td style="padding-left: 95px"><a href="#rule-detail-id34337" onclick="return openRuleDetailsDialog('id34337')">Record Events that Modify the System's Discretionary Access Controls - fsetxattr</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_lchown" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_lchown" id="rule-overview-leaf-id34338" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_dac_actions" data-references='{"NIST SP 800-171":["3.1.7"],"NIST SP 800-53":["AU-3","AU-3.1","AU-12(c)","AU-12.1(iv)","AU-12(a)","AU-12.1(ii)","MA-4(1)(a)"],"ANSSI":["BP28(R73)"],"https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf":["10.3.4"],"https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf":["DE.AE-3","DE.AE-5","DE.CM-1","DE.CM-3","DE.CM-7","ID.SC-4","PR.AC-3","PR.PT-1","PR.PT-4","RS.AN-1","RS.AN-4"],"https://public.cyber.mil/stigs/cci/":["CCI-000126","CCI-000130","CCI-000135","CCI-000169","CCI-000172","CCI-002884"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000037-GPOS-00015","SRG-OS-000042-GPOS-00020","SRG-OS-000062-GPOS-00031","SRG-OS-000392-GPOS-00172","SRG-OS-000462-GPOS-00206","SRG-OS-000471-GPOS-00215","SRG-OS-000064-GPOS-00033","SRG-OS-000466-GPOS-00210","SRG-OS-000458-GPOS-00203","SRG-OS-000474-GPOS-00219"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux":["SLES-15-030250"],"https://public.cyber.mil/stigs/srg-stig-tools/":["SV-234924r622137_rule"],"https://www.cisecurity.org/benchmark/suse_linux/":["4.1.9"],"https://www.cisecurity.org/controls/":["1","11","12","13","14","15","16","19","2","3","4","5","6","7","8","9"],"FBI CJIS":["5.4.1.1"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)(ii)(A)","164.308(a)(5)(ii)(C)","164.312(a)(2)(i)","164.312(b)","164.312(d)","164.312(e)"],"https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu":["SR 1.13","SR 2.10","SR 2.11","SR 2.12","SR 2.6","SR 2.8","SR 2.9","SR 3.1","SR 3.5","SR 3.8","SR 4.1","SR 4.3","SR 5.1","SR 5.2","SR 5.3","SR 6.1","SR 6.2","SR 7.1","SR 7.6"],"https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat":["4.2.3.10","4.3.2.6.7","4.3.3.3.9","4.3.3.5.8","4.3.3.6.6","4.3.4.4.7","4.3.4.5.6","4.3.4.5.7","4.3.4.5.8","4.4.2.1","4.4.2.2","4.4.2.4"],"https://www.isaca.org/resources/cobit":["APO10.01","APO10.03","APO10.04","APO10.05","APO11.04","APO12.06","APO13.01","BAI03.05","BAI08.02","DSS01.03","DSS01.04","DSS02.02","DSS02.04","DSS02.07","DSS03.01","DSS03.05","DSS05.02","DSS05.03","DSS05.04","DSS05.05","DSS05.07","MEA01.01","MEA01.02","MEA01.03","MEA01.04","MEA01.05","MEA02.01"],"ISO 27001-2013":["A.11.2.6","A.12.4.1","A.12.4.2","A.12.4.3","A.12.4.4","A.12.7.1","A.13.1.1","A.13.2.1","A.14.1.3","A.14.2.7","A.15.2.1","A.15.2.2","A.16.1.4","A.16.1.5","A.16.1.7","A.6.2.1","A.6.2.2"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"],"PCI-DSS Requirement":["Req-10.5.5"]}'><td style="padding-left: 95px"><a href="#rule-detail-id34338" onclick="return openRuleDetailsDialog('id34338')">Record Events that Modify the System's Discretionary Access Controls - lchown</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_lremovexattr" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_lremovexattr" id="rule-overview-leaf-id34339" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_dac_actions" data-references='{"NIST SP 800-171":["3.1.7"],"NIST SP 800-53":["AU-3","AU-3.1","AU-12(c)","AU-12.1(iv)","AU-12(a)","AU-12.1(ii)","MA-4(1)(a)"],"ANSSI":["BP28(R73)"],"https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf":["10.3.4"],"https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf":["DE.AE-3","DE.AE-5","DE.CM-1","DE.CM-3","DE.CM-7","ID.SC-4","PR.AC-3","PR.PT-1","PR.PT-4","RS.AN-1","RS.AN-4"],"https://public.cyber.mil/stigs/cci/":["CCI-000130","CCI-000135","CCI-000169","CCI-000172","CCI-002884"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000037-GPOS-00015","SRG-OS-000042-GPOS-00020","SRG-OS-000062-GPOS-00031","SRG-OS-000392-GPOS-00172","SRG-OS-000458-GPOS-00203","SRG-OS-000462-GPOS-00206","SRG-OS-000463-GPOS-00207","SRG-OS-000468-GPOS-00212","SRG-OS-000471-GPOS-00215","SRG-OS-000474-GPOS-00219","SRG-OS-000466-GPOS-00210","SRG-OS-000064-GPOS-00033"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux":["SLES-15-030190"],"https://public.cyber.mil/stigs/srg-stig-tools/":["SV-234918r622137_rule"],"https://www.cisecurity.org/benchmark/suse_linux/":["4.1.9"],"https://www.cisecurity.org/controls/":["1","11","12","13","14","15","16","19","2","3","4","5","6","7","8","9"],"FBI CJIS":["5.4.1.1"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)(ii)(A)","164.308(a)(5)(ii)(C)","164.312(a)(2)(i)","164.312(b)","164.312(d)","164.312(e)"],"https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu":["SR 1.13","SR 2.10","SR 2.11","SR 2.12","SR 2.6","SR 2.8","SR 2.9","SR 3.1","SR 3.5","SR 3.8","SR 4.1","SR 4.3","SR 5.1","SR 5.2","SR 5.3","SR 6.1","SR 6.2","SR 7.1","SR 7.6"],"https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat":["4.2.3.10","4.3.2.6.7","4.3.3.3.9","4.3.3.5.8","4.3.3.6.6","4.3.4.4.7","4.3.4.5.6","4.3.4.5.7","4.3.4.5.8","4.4.2.1","4.4.2.2","4.4.2.4"],"https://www.isaca.org/resources/cobit":["APO10.01","APO10.03","APO10.04","APO10.05","APO11.04","APO12.06","APO13.01","BAI03.05","BAI08.02","DSS01.03","DSS01.04","DSS02.02","DSS02.04","DSS02.07","DSS03.01","DSS03.05","DSS05.02","DSS05.03","DSS05.04","DSS05.05","DSS05.07","MEA01.01","MEA01.02","MEA01.03","MEA01.04","MEA01.05","MEA02.01"],"ISO 27001-2013":["A.11.2.6","A.12.4.1","A.12.4.2","A.12.4.3","A.12.4.4","A.12.7.1","A.13.1.1","A.13.2.1","A.14.1.3","A.14.2.7","A.15.2.1","A.15.2.2","A.16.1.4","A.16.1.5","A.16.1.7","A.6.2.1","A.6.2.2"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"],"PCI-DSS Requirement":["Req-10.5.5"]}'><td style="padding-left: 95px"><a href="#rule-detail-id34339" onclick="return openRuleDetailsDialog('id34339')">Record Events that Modify the System's Discretionary Access Controls - lremovexattr</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_lsetxattr" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_lsetxattr" id="rule-overview-leaf-id34340" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_dac_actions" data-references='{"NIST SP 800-171":["3.1.7"],"NIST SP 800-53":["AU-12(a)","AU-12.1(ii)","AU-12(c)","AU-12.1(iv)","AU-3","AU-3.1","MA-4(1)(a)"],"ANSSI":["BP28(R73)"],"https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf":["10.3.4"],"https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf":["DE.AE-3","DE.AE-5","DE.CM-1","DE.CM-3","DE.CM-7","ID.SC-4","PR.AC-3","PR.PT-1","PR.PT-4","RS.AN-1","RS.AN-4"],"https://public.cyber.mil/stigs/cci/":["CCI-000126","CCI-000130","CCI-000135","CCI-000169","CCI-000172","CCI-002884"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000037-GPOS-00015","SRG-OS-000042-GPOS-00020","SRG-OS-000062-GPOS-00031","SRG-OS-000392-GPOS-00172","SRG-OS-000458-GPOS-00203","SRG-OS-000462-GPOS-00206","SRG-OS-000463-GPOS-00207","SRG-OS-000466-GPOS-00210","SRG-OS-000468-GPOS-00212","SRG-OS-000471-GPOS-00215","SRG-OS-000474-GPOS-00219","SRG-OS-000064-GPOS-00033"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux":["SLES-15-030190"],"https://public.cyber.mil/stigs/srg-stig-tools/":["SV-234918r622137_rule"],"https://www.cisecurity.org/benchmark/suse_linux/":["4.1.9"],"https://www.cisecurity.org/controls/":["1","11","12","13","14","15","16","19","2","3","4","5","6","7","8","9"],"FBI CJIS":["5.4.1.1"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)(ii)(A)","164.308(a)(5)(ii)(C)","164.312(a)(2)(i)","164.312(b)","164.312(d)","164.312(e)"],"https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu":["SR 1.13","SR 2.10","SR 2.11","SR 2.12","SR 2.6","SR 2.8","SR 2.9","SR 3.1","SR 3.5","SR 3.8","SR 4.1","SR 4.3","SR 5.1","SR 5.2","SR 5.3","SR 6.1","SR 6.2","SR 7.1","SR 7.6"],"https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat":["4.2.3.10","4.3.2.6.7","4.3.3.3.9","4.3.3.5.8","4.3.3.6.6","4.3.4.4.7","4.3.4.5.6","4.3.4.5.7","4.3.4.5.8","4.4.2.1","4.4.2.2","4.4.2.4"],"https://www.isaca.org/resources/cobit":["APO10.01","APO10.03","APO10.04","APO10.05","APO11.04","APO12.06","APO13.01","BAI03.05","BAI08.02","DSS01.03","DSS01.04","DSS02.02","DSS02.04","DSS02.07","DSS03.01","DSS03.05","DSS05.02","DSS05.03","DSS05.04","DSS05.05","DSS05.07","MEA01.01","MEA01.02","MEA01.03","MEA01.04","MEA01.05","MEA02.01"],"ISO 27001-2013":["A.11.2.6","A.12.4.1","A.12.4.2","A.12.4.3","A.12.4.4","A.12.7.1","A.13.1.1","A.13.2.1","A.14.1.3","A.14.2.7","A.15.2.1","A.15.2.2","A.16.1.4","A.16.1.5","A.16.1.7","A.6.2.1","A.6.2.2"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"],"PCI-DSS Requirement":["Req-10.5.5"]}'><td style="padding-left: 95px"><a href="#rule-detail-id34340" onclick="return openRuleDetailsDialog('id34340')">Record Events that Modify the System's Discretionary Access Controls - lsetxattr</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_removexattr" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_removexattr" id="rule-overview-leaf-id34341" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_dac_actions" data-references='{"NIST SP 800-171":["3.1.7"],"NIST SP 800-53":["AU-12(a)","AU-12.1(ii)","AU-12(c)","AU-12.1(iv)","AU-3","AU-3.1","MA-4(1)(a)"],"ANSSI":["BP28(R73)"],"https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf":["10.3.4"],"https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf":["DE.AE-3","DE.AE-5","DE.CM-1","DE.CM-3","DE.CM-7","ID.SC-4","PR.AC-3","PR.PT-1","PR.PT-4","RS.AN-1","RS.AN-4"],"https://public.cyber.mil/stigs/cci/":["CCI-000130","CCI-000135","CCI-000169","CCI-000172","CCI-002884"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000037-GPOS-00015","SRG-OS-000042-GPOS-00020","SRG-OS-000062-GPOS-00031","SRG-OS-000392-GPOS-00172","SRG-OS-000458-GPOS-00203","SRG-OS-000462-GPOS-00206","SRG-OS-000463-GPOS-00207","SRG-OS-000468-GPOS-00212","SRG-OS-000471-GPOS-00215","SRG-OS-000474-GPOS-00219","SRG-OS-000466-GPOS-00210","SRG-OS-000064-GPOS-00033"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux":["SLES-15-030190"],"https://public.cyber.mil/stigs/srg-stig-tools/":["SV-234918r622137_rule"],"https://www.cisecurity.org/benchmark/suse_linux/":["4.1.9"],"https://www.cisecurity.org/controls/":["1","11","12","13","14","15","16","19","2","3","4","5","6","7","8","9"],"FBI CJIS":["5.4.1.1"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)(ii)(A)","164.308(a)(5)(ii)(C)","164.312(a)(2)(i)","164.312(b)","164.312(d)","164.312(e)"],"https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu":["SR 1.13","SR 2.10","SR 2.11","SR 2.12","SR 2.6","SR 2.8","SR 2.9","SR 3.1","SR 3.5","SR 3.8","SR 4.1","SR 4.3","SR 5.1","SR 5.2","SR 5.3","SR 6.1","SR 6.2","SR 7.1","SR 7.6"],"https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat":["4.2.3.10","4.3.2.6.7","4.3.3.3.9","4.3.3.5.8","4.3.3.6.6","4.3.4.4.7","4.3.4.5.6","4.3.4.5.7","4.3.4.5.8","4.4.2.1","4.4.2.2","4.4.2.4"],"https://www.isaca.org/resources/cobit":["APO10.01","APO10.03","APO10.04","APO10.05","APO11.04","APO12.06","APO13.01","BAI03.05","BAI08.02","DSS01.03","DSS01.04","DSS02.02","DSS02.04","DSS02.07","DSS03.01","DSS03.05","DSS05.02","DSS05.03","DSS05.04","DSS05.05","DSS05.07","MEA01.01","MEA01.02","MEA01.03","MEA01.04","MEA01.05","MEA02.01"],"ISO 27001-2013":["A.11.2.6","A.12.4.1","A.12.4.2","A.12.4.3","A.12.4.4","A.12.7.1","A.13.1.1","A.13.2.1","A.14.1.3","A.14.2.7","A.15.2.1","A.15.2.2","A.16.1.4","A.16.1.5","A.16.1.7","A.6.2.1","A.6.2.2"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"],"PCI-DSS Requirement":["Req-10.5.5"]}'><td style="padding-left: 95px"><a href="#rule-detail-id34341" onclick="return openRuleDetailsDialog('id34341')">Record Events that Modify the System's Discretionary Access Controls - removexattr</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_setxattr" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_setxattr" id="rule-overview-leaf-id34342" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_dac_actions" data-references='{"NIST SP 800-171":["3.1.7"],"NIST SP 800-53":["AU-3","AU-3.1","AU-12(c)","AU-12.1(iv)","AU-12(a)","AU-12.1(ii)","MA-4(1)(a)"],"ANSSI":["BP28(R73)"],"https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf":["10.3.4"],"https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf":["DE.AE-3","DE.AE-5","DE.CM-1","DE.CM-3","DE.CM-7","ID.SC-4","PR.AC-3","PR.PT-1","PR.PT-4","RS.AN-1","RS.AN-4"],"https://public.cyber.mil/stigs/cci/":["CCI-000126","CCI-000130","CCI-000135","CCI-000169","CCI-000172","CCI-002884"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000037-GPOS-00015","SRG-OS-000042-GPOS-00020","SRG-OS-000062-GPOS-00031","SRG-OS-000392-GPOS-00172","SRG-OS-000462-GPOS-00206","SRG-OS-000466-GPOS-00210","SRG-OS-000471-GPOS-00215","SRG-OS-000064-GPOS-00033","SRG-OS-000458-GPOS-00203"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux":["SLES-15-030190"],"https://public.cyber.mil/stigs/srg-stig-tools/":["SV-234918r622137_rule"],"https://www.cisecurity.org/benchmark/suse_linux/":["4.1.9"],"https://www.cisecurity.org/controls/":["1","11","12","13","14","15","16","19","2","3","4","5","6","7","8","9"],"FBI CJIS":["5.4.1.1"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)(ii)(A)","164.308(a)(5)(ii)(C)","164.312(a)(2)(i)","164.312(b)","164.312(d)","164.312(e)"],"https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu":["SR 1.13","SR 2.10","SR 2.11","SR 2.12","SR 2.6","SR 2.8","SR 2.9","SR 3.1","SR 3.5","SR 3.8","SR 4.1","SR 4.3","SR 5.1","SR 5.2","SR 5.3","SR 6.1","SR 6.2","SR 7.1","SR 7.6"],"https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat":["4.2.3.10","4.3.2.6.7","4.3.3.3.9","4.3.3.5.8","4.3.3.6.6","4.3.4.4.7","4.3.4.5.6","4.3.4.5.7","4.3.4.5.8","4.4.2.1","4.4.2.2","4.4.2.4"],"https://www.isaca.org/resources/cobit":["APO10.01","APO10.03","APO10.04","APO10.05","APO11.04","APO12.06","APO13.01","BAI03.05","BAI08.02","DSS01.03","DSS01.04","DSS02.02","DSS02.04","DSS02.07","DSS03.01","DSS03.05","DSS05.02","DSS05.03","DSS05.04","DSS05.05","DSS05.07","MEA01.01","MEA01.02","MEA01.03","MEA01.04","MEA01.05","MEA02.01"],"ISO 27001-2013":["A.11.2.6","A.12.4.1","A.12.4.2","A.12.4.3","A.12.4.4","A.12.7.1","A.13.1.1","A.13.2.1","A.14.1.3","A.14.2.7","A.15.2.1","A.15.2.2","A.16.1.4","A.16.1.5","A.16.1.7","A.6.2.1","A.6.2.2"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"],"PCI-DSS Requirement":["Req-10.5.5"]}'><td style="padding-left: 95px"><a href="#rule-detail-id34342" onclick="return openRuleDetailsDialog('id34342')">Record Events that Modify the System's Discretionary Access Controls - setxattr</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_umount" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_umount" id="rule-overview-leaf-id34343" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_dac_actions" data-references='{"https://public.cyber.mil/stigs/cci/":["CCI-000130","CCI-000169","CCI-000172","CCI-002884"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000037-GPOS-00015","SRG-OS-000062-GPOS-00031","SRG-OS-000392-GPOS-00172","SRG-OS-000462-GPOS-00206","SRG-OS-000471-GPOS-00215"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux":["SLES-15-030360"],"https://public.cyber.mil/stigs/srg-stig-tools/":["SV-234935r622137_rule"]}'><td style="padding-left: 95px"><a href="#rule-detail-id34343" onclick="return openRuleDetailsDialog('id34343')">Record Events that Modify the System's Discretionary Access Controls - umount</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_umount2" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_umount2" id="rule-overview-leaf-id34344" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_dac_actions" data-references='{"ANSSI":["BP28(R73)"],"https://public.cyber.mil/stigs/cci/":["CCI-000130","CCI-000169","CCI-000172","CCI-002884"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000037-GPOS-00015","SRG-OS-000062-GPOS-00031","SRG-OS-000392-GPOS-00172","SRG-OS-000462-GPOS-00206","SRG-OS-000471-GPOS-00215"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux":["SLES-15-030360"],"https://public.cyber.mil/stigs/srg-stig-tools/":["SV-234935r622137_rule"]}'><td style="padding-left: 95px"><a href="#rule-detail-id34344" onclick="return openRuleDetailsDialog('id34344')">Record Events that Modify the System's Discretionary Access Controls - umount2</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_audit_execution_acl_commands" class="rule-overview-inner-node rule-overview-inner-node-id-xccdf_org.ssgproject.content_group_audit_execution_acl_commands" data-tt-parent-id="xccdf_org.ssgproject.content_group_auditd_configure_rules"><td colspan="3" style="padding-left: 76px">Record Execution Attempts to Run ACL Privileged Commands<script>$(document).ready(function(){$('.treetable').treetable("collapseNode","xccdf_org.ssgproject.content_group_audit_execution_acl_commands");});</script></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_execution_chacl" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_execution_chacl" id="rule-overview-leaf-id34345" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_execution_acl_commands" data-references='{"https://public.cyber.mil/stigs/cci/":["CCI-000130","CCI-000135","CCI-000169","CCI-000172","CCI-002884"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000037-GPOS-00015","SRG-OS-000042-GPOS-00020","SRG-OS-000062-GPOS-00031","SRG-OS-000392-GPOS-00172","SRG-OS-000462-GPOS-00206","SRG-OS-000471-GPOS-00215","SRG-OS-000466-GPOS-00210"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux":["SLES-15-030440"],"https://public.cyber.mil/stigs/srg-stig-tools/":["SV-234943r622137_rule"]}'><td style="padding-left: 95px"><a href="#rule-detail-id34345" onclick="return openRuleDetailsDialog('id34345')">Record Any Attempts to Run chacl</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_execution_chmod" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_execution_chmod" id="rule-overview-leaf-id34346" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_execution_acl_commands" data-references='{"https://public.cyber.mil/stigs/cci/":["CCI-000130","CCI-000169","CCI-000172","CCI-002884"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000037-GPOS-00015","SRG-OS-000062-GPOS-00031","SRG-OS-000392-GPOS-00172","SRG-OS-000462-GPOS-00206","SRG-OS-000471-GPOS-00215"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux":["SLES-15-030420"],"https://public.cyber.mil/stigs/srg-stig-tools/":["SV-234941r622137_rule"]}'><td style="padding-left: 95px"><a href="#rule-detail-id34346" onclick="return openRuleDetailsDialog('id34346')">Record Any Attempts to Run chmod</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_execution_setfacl" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_execution_setfacl" id="rule-overview-leaf-id34347" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_execution_acl_commands" data-references='{"https://public.cyber.mil/stigs/cci/":["CCI-000130","CCI-000135","CCI-000169","CCI-000172","CCI-002884"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000037-GPOS-00015","SRG-OS-000042-GPOS-00020","SRG-OS-000062-GPOS-00031","SRG-OS-000392-GPOS-00172","SRG-OS-000462-GPOS-00206","SRG-OS-000471-GPOS-00215"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux":["SLES-15-030430"],"https://public.cyber.mil/stigs/srg-stig-tools/":["SV-234942r622137_rule"]}'><td style="padding-left: 95px"><a href="#rule-detail-id34347" onclick="return openRuleDetailsDialog('id34347')">Record Any Attempts to Run setfacl</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_audit_execution_selinux_commands" class="rule-overview-inner-node rule-overview-inner-node-id-xccdf_org.ssgproject.content_group_audit_execution_selinux_commands" data-tt-parent-id="xccdf_org.ssgproject.content_group_auditd_configure_rules"><td colspan="3" style="padding-left: 76px">Record Execution Attempts to Run SELinux Privileged Commands<script>$(document).ready(function(){$('.treetable').treetable("collapseNode","xccdf_org.ssgproject.content_group_audit_execution_selinux_commands");});</script></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_execution_chcon" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_execution_chcon" id="rule-overview-leaf-id34348" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_execution_selinux_commands" data-references='{"NIST SP 800-171":["3.1.7"],"NIST SP 800-53":["AU-3","AU-3.1","AU-12(a)","AU-12.1(ii)AU-12.1(iv)","MA-4(1)(a)"],"https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf":["DE.CM-1","DE.CM-3","DE.CM-7","ID.SC-4","PR.PT-1"],"https://public.cyber.mil/stigs/cci/":["CCI-000130","CCI-000135","CCI-000169","CCI-000172","CCI-002884"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000037-GPOS-00015","SRG-OS-000042-GPOS-00020","SRG-OS-000062-GPOS-00031","SRG-OS-000392-GPOS-00172","SRG-OS-000462-GPOS-00206","SRG-OS-000468-GPOS-00212","SRG-OS-000471-GPOS-00215","SRG-OS-000463-GPOS-00207","SRG-OS-000465-GPOS-00209"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux":["SLES-15-030450"],"https://public.cyber.mil/stigs/srg-stig-tools/":["SV-234944r622137_rule"],"https://www.cisecurity.org/controls/":["1","12","13","14","15","16","2","3","5","6","7","8","9"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)(ii)(A)","164.308(a)(5)(ii)(C)","164.312(a)(2)(i)","164.312(b)","164.312(d)","164.312(e)"],"https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu":["SR 2.10","SR 2.11","SR 2.12","SR 2.8","SR 2.9","SR 6.1","SR 6.2"],"https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat":["4.3.2.6.7","4.3.3.3.9","4.3.3.5.8","4.3.4.4.7","4.4.2.1","4.4.2.2","4.4.2.4"],"https://www.isaca.org/resources/cobit":["APO10.01","APO10.03","APO10.04","APO10.05","APO11.04","BAI03.05","DSS01.03","DSS03.05","DSS05.02","DSS05.04","DSS05.05","DSS05.07","MEA01.01","MEA01.02","MEA01.03","MEA01.04","MEA01.05","MEA02.01"],"ISO 27001-2013":["A.12.4.1","A.12.4.2","A.12.4.3","A.12.4.4","A.12.7.1","A.14.2.7","A.15.2.1","A.15.2.2"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"]}'><td style="padding-left: 95px"><a href="#rule-detail-id34348" onclick="return openRuleDetailsDialog('id34348')">Record Any Attempts to Run chcon</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_execution_rm" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_execution_rm" id="rule-overview-leaf-id34349" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_execution_selinux_commands" data-references='{"https://public.cyber.mil/stigs/cci/":["CCI-000130","CCI-000169","CCI-000172","CCI-002884"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000037-GPOS-00015","SRG-OS-000062-GPOS-00031","SRG-OS-000392-GPOS-00172","SRG-OS-000462-GPOS-00206","SRG-OS-000471-GPOS-00215"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux":["SLES-15-030460"],"https://public.cyber.mil/stigs/srg-stig-tools/":["SV-234945r622137_rule"]}'><td style="padding-left: 95px"><a href="#rule-detail-id34349" onclick="return openRuleDetailsDialog('id34349')">Record Any Attempts to Run rm</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_audit_file_deletion_events" class="rule-overview-inner-node rule-overview-inner-node-id-xccdf_org.ssgproject.content_group_audit_file_deletion_events" data-tt-parent-id="xccdf_org.ssgproject.content_group_auditd_configure_rules"><td colspan="3" style="padding-left: 76px">Record File Deletion Events by User<script>$(document).ready(function(){$('.treetable').treetable("collapseNode","xccdf_org.ssgproject.content_group_audit_file_deletion_events");});</script></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_file_deletion_events_rename" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_file_deletion_events_rename" id="rule-overview-leaf-id34350" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_file_deletion_events" data-references='{"NIST SP 800-171":["3.1.7"],"NIST SP 800-53":["AU-2(d)","AU-12(c)","CM-6(a)"],"ANSSI":["BP28(R73)"],"https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf":["10.2.1.7"],"https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf":["DE.AE-3","DE.AE-5","DE.CM-1","DE.CM-3","DE.CM-7","ID.SC-4","PR.AC-3","PR.MA-2","PR.PT-1","PR.PT-4","RS.AN-1","RS.AN-4"],"https://public.cyber.mil/stigs/cci/":["CCI-000130","CCI-000135","CCI-000169","CCI-000172","CCI-000366","CCI-002884"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000037-GPOS-00015","SRG-OS-000042-GPOS-00020","SRG-OS-000062-GPOS-00031","SRG-OS-000392-GPOS-00172","SRG-OS-000462-GPOS-00206","SRG-OS-000471-GPOS-00215","SRG-OS-000466-GPOS-00210","SRG-OS-000467-GPOS-00211","SRG-OS-000468-GPOS-00212"],"https://www.cisecurity.org/benchmark/suse_linux/":["4.1.13"],"https://www.cisecurity.org/controls/":["1","11","12","13","14","15","16","19","2","3","4","5","6","7","8","9"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)(ii)(A)","164.308(a)(5)(ii)(C)","164.312(a)(2)(i)","164.312(b)","164.312(d)","164.312(e)"],"https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu":["SR 1.13","SR 2.10","SR 2.11","SR 2.12","SR 2.6","SR 2.8","SR 2.9","SR 3.1","SR 3.5","SR 3.8","SR 4.1","SR 4.3","SR 5.1","SR 5.2","SR 5.3","SR 6.1","SR 6.2","SR 7.1","SR 7.6"],"https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat":["4.2.3.10","4.3.2.6.7","4.3.3.3.9","4.3.3.5.8","4.3.3.6.5","4.3.3.6.6","4.3.3.6.7","4.3.3.6.8","4.3.4.4.7","4.3.4.5.6","4.3.4.5.7","4.3.4.5.8","4.4.2.1","4.4.2.2","4.4.2.4"],"https://www.isaca.org/resources/cobit":["APO10.01","APO10.03","APO10.04","APO10.05","APO11.04","APO12.06","APO13.01","BAI03.05","BAI08.02","DSS01.03","DSS01.04","DSS02.02","DSS02.04","DSS02.07","DSS03.01","DSS03.05","DSS05.02","DSS05.03","DSS05.04","DSS05.05","DSS05.07","MEA01.01","MEA01.02","MEA01.03","MEA01.04","MEA01.05","MEA02.01"],"ISO 27001-2013":["A.11.2.4","A.11.2.6","A.12.4.1","A.12.4.2","A.12.4.3","A.12.4.4","A.12.7.1","A.13.1.1","A.13.2.1","A.14.1.3","A.14.2.7","A.15.1.1","A.15.2.1","A.15.2.2","A.16.1.4","A.16.1.5","A.16.1.7","A.6.2.1","A.6.2.2"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"],"PCI-DSS Requirement":["Req-10.2.7"]}'><td style="padding-left: 95px"><a href="#rule-detail-id34350" onclick="return openRuleDetailsDialog('id34350')">Ensure auditd Collects File Deletion Events by User - rename</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_file_deletion_events_renameat" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_file_deletion_events_renameat" id="rule-overview-leaf-id34351" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_file_deletion_events" data-references='{"NIST SP 800-171":["3.1.7"],"NIST SP 800-53":["AU-2(d)","AU-12(c)","CM-6(a)"],"ANSSI":["BP28(R73)"],"https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf":["10.2.1.7"],"https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf":["DE.AE-3","DE.AE-5","DE.CM-1","DE.CM-3","DE.CM-7","ID.SC-4","PR.AC-3","PR.MA-2","PR.PT-1","PR.PT-4","RS.AN-1","RS.AN-4"],"https://public.cyber.mil/stigs/cci/":["CCI-000130","CCI-000135","CCI-000169","CCI-000172","CCI-000366","CCI-002884"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000037-GPOS-00015","SRG-OS-000042-GPOS-00020","SRG-OS-000062-GPOS-00031","SRG-OS-000392-GPOS-00172","SRG-OS-000462-GPOS-00206","SRG-OS-000471-GPOS-00215","SRG-OS-000466-GPOS-00210","SRG-OS-000467-GPOS-00211","SRG-OS-000468-GPOS-00212"],"https://www.cisecurity.org/benchmark/suse_linux/":["4.1.13"],"https://www.cisecurity.org/controls/":["1","11","12","13","14","15","16","19","2","3","4","5","6","7","8","9"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)(ii)(A)","164.308(a)(5)(ii)(C)","164.312(a)(2)(i)","164.312(b)","164.312(d)","164.312(e)"],"https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu":["SR 1.13","SR 2.10","SR 2.11","SR 2.12","SR 2.6","SR 2.8","SR 2.9","SR 3.1","SR 3.5","SR 3.8","SR 4.1","SR 4.3","SR 5.1","SR 5.2","SR 5.3","SR 6.1","SR 6.2","SR 7.1","SR 7.6"],"https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat":["4.2.3.10","4.3.2.6.7","4.3.3.3.9","4.3.3.5.8","4.3.3.6.5","4.3.3.6.6","4.3.3.6.7","4.3.3.6.8","4.3.4.4.7","4.3.4.5.6","4.3.4.5.7","4.3.4.5.8","4.4.2.1","4.4.2.2","4.4.2.4"],"https://www.isaca.org/resources/cobit":["APO10.01","APO10.03","APO10.04","APO10.05","APO11.04","APO12.06","APO13.01","BAI03.05","BAI08.02","DSS01.03","DSS01.04","DSS02.02","DSS02.04","DSS02.07","DSS03.01","DSS03.05","DSS05.02","DSS05.03","DSS05.04","DSS05.05","DSS05.07","MEA01.01","MEA01.02","MEA01.03","MEA01.04","MEA01.05","MEA02.01"],"ISO 27001-2013":["A.11.2.4","A.11.2.6","A.12.4.1","A.12.4.2","A.12.4.3","A.12.4.4","A.12.7.1","A.13.1.1","A.13.2.1","A.14.1.3","A.14.2.7","A.15.1.1","A.15.2.1","A.15.2.2","A.16.1.4","A.16.1.5","A.16.1.7","A.6.2.1","A.6.2.2"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"],"PCI-DSS Requirement":["Req-10.2.7"]}'><td style="padding-left: 95px"><a href="#rule-detail-id34351" onclick="return openRuleDetailsDialog('id34351')">Ensure auditd Collects File Deletion Events by User - renameat</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_file_deletion_events_unlink" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_file_deletion_events_unlink" id="rule-overview-leaf-id34352" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_file_deletion_events" data-references='{"NIST SP 800-171":["3.1.7"],"NIST SP 800-53":["AU-2(d)","AU-12(c)","CM-6(a)"],"ANSSI":["BP28(R73)"],"https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf":["10.2.1.7"],"https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf":["DE.AE-3","DE.AE-5","DE.CM-1","DE.CM-3","DE.CM-7","ID.SC-4","PR.AC-3","PR.MA-2","PR.PT-1","PR.PT-4","RS.AN-1","RS.AN-4"],"https://public.cyber.mil/stigs/cci/":["CCI-000130","CCI-000135","CCI-000169","CCI-000172","CCI-000366","CCI-002884"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000037-GPOS-00015","SRG-OS-000042-GPOS-00020","SRG-OS-000062-GPOS-00031","SRG-OS-000392-GPOS-00172","SRG-OS-000462-GPOS-00206","SRG-OS-000471-GPOS-00215","SRG-OS-000466-GPOS-00210","SRG-OS-000467-GPOS-00211","SRG-OS-000468-GPOS-00212"],"https://www.cisecurity.org/benchmark/suse_linux/":["4.1.13"],"https://www.cisecurity.org/controls/":["1","11","12","13","14","15","16","19","2","3","4","5","6","7","8","9"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)(ii)(A)","164.308(a)(5)(ii)(C)","164.312(a)(2)(i)","164.312(b)","164.312(d)","164.312(e)"],"https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu":["SR 1.13","SR 2.10","SR 2.11","SR 2.12","SR 2.6","SR 2.8","SR 2.9","SR 3.1","SR 3.5","SR 3.8","SR 4.1","SR 4.3","SR 5.1","SR 5.2","SR 5.3","SR 6.1","SR 6.2","SR 7.1","SR 7.6"],"https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat":["4.2.3.10","4.3.2.6.7","4.3.3.3.9","4.3.3.5.8","4.3.3.6.5","4.3.3.6.6","4.3.3.6.7","4.3.3.6.8","4.3.4.4.7","4.3.4.5.6","4.3.4.5.7","4.3.4.5.8","4.4.2.1","4.4.2.2","4.4.2.4"],"https://www.isaca.org/resources/cobit":["APO10.01","APO10.03","APO10.04","APO10.05","APO11.04","APO12.06","APO13.01","BAI03.05","BAI08.02","DSS01.03","DSS01.04","DSS02.02","DSS02.04","DSS02.07","DSS03.01","DSS03.05","DSS05.02","DSS05.03","DSS05.04","DSS05.05","DSS05.07","MEA01.01","MEA01.02","MEA01.03","MEA01.04","MEA01.05","MEA02.01"],"ISO 27001-2013":["A.11.2.4","A.11.2.6","A.12.4.1","A.12.4.2","A.12.4.3","A.12.4.4","A.12.7.1","A.13.1.1","A.13.2.1","A.14.1.3","A.14.2.7","A.15.1.1","A.15.2.1","A.15.2.2","A.16.1.4","A.16.1.5","A.16.1.7","A.6.2.1","A.6.2.2"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"],"PCI-DSS Requirement":["Req-10.2.7"]}'><td style="padding-left: 95px"><a href="#rule-detail-id34352" onclick="return openRuleDetailsDialog('id34352')">Ensure auditd Collects File Deletion Events by User - unlink</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_file_deletion_events_unlinkat" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_file_deletion_events_unlinkat" id="rule-overview-leaf-id34353" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_file_deletion_events" data-references='{"NIST SP 800-171":["3.1.7"],"NIST SP 800-53":["AU-2(d)","AU-12(c)","CM-6(a)"],"ANSSI":["BP28(R73)"],"https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf":["10.2.1.7"],"https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf":["DE.AE-3","DE.AE-5","DE.CM-1","DE.CM-3","DE.CM-7","ID.SC-4","PR.AC-3","PR.MA-2","PR.PT-1","PR.PT-4","RS.AN-1","RS.AN-4"],"https://public.cyber.mil/stigs/cci/":["CCI-000130","CCI-000135","CCI-000169","CCI-000172","CCI-000366","CCI-002884"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000037-GPOS-00015","SRG-OS-000042-GPOS-00020","SRG-OS-000062-GPOS-00031","SRG-OS-000392-GPOS-00172","SRG-OS-000462-GPOS-00206","SRG-OS-000471-GPOS-00215","SRG-OS-000466-GPOS-00210","SRG-OS-000467-GPOS-00211","SRG-OS-000468-GPOS-00212"],"https://www.cisecurity.org/benchmark/suse_linux/":["4.1.13"],"https://www.cisecurity.org/controls/":["1","11","12","13","14","15","16","19","2","3","4","5","6","7","8","9"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)(ii)(A)","164.308(a)(5)(ii)(C)","164.312(a)(2)(i)","164.312(b)","164.312(d)","164.312(e)"],"https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu":["SR 1.13","SR 2.10","SR 2.11","SR 2.12","SR 2.6","SR 2.8","SR 2.9","SR 3.1","SR 3.5","SR 3.8","SR 4.1","SR 4.3","SR 5.1","SR 5.2","SR 5.3","SR 6.1","SR 6.2","SR 7.1","SR 7.6"],"https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat":["4.2.3.10","4.3.2.6.7","4.3.3.3.9","4.3.3.5.8","4.3.3.6.5","4.3.3.6.6","4.3.3.6.7","4.3.3.6.8","4.3.4.4.7","4.3.4.5.6","4.3.4.5.7","4.3.4.5.8","4.4.2.1","4.4.2.2","4.4.2.4"],"https://www.isaca.org/resources/cobit":["APO10.01","APO10.03","APO10.04","APO10.05","APO11.04","APO12.06","APO13.01","BAI03.05","BAI08.02","DSS01.03","DSS01.04","DSS02.02","DSS02.04","DSS02.07","DSS03.01","DSS03.05","DSS05.02","DSS05.03","DSS05.04","DSS05.05","DSS05.07","MEA01.01","MEA01.02","MEA01.03","MEA01.04","MEA01.05","MEA02.01"],"ISO 27001-2013":["A.11.2.4","A.11.2.6","A.12.4.1","A.12.4.2","A.12.4.3","A.12.4.4","A.12.7.1","A.13.1.1","A.13.2.1","A.14.1.3","A.14.2.7","A.15.1.1","A.15.2.1","A.15.2.2","A.16.1.4","A.16.1.5","A.16.1.7","A.6.2.1","A.6.2.2"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"],"PCI-DSS Requirement":["Req-10.2.7"]}'><td style="padding-left: 95px"><a href="#rule-detail-id34353" onclick="return openRuleDetailsDialog('id34353')">Ensure auditd Collects File Deletion Events by User - unlinkat</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_audit_file_modification" class="rule-overview-inner-node rule-overview-inner-node-id-xccdf_org.ssgproject.content_group_audit_file_modification" data-tt-parent-id="xccdf_org.ssgproject.content_group_auditd_configure_rules"><td colspan="3" style="padding-left: 76px">Record Unauthorized Access Attempts Events to Files (unsuccessful)<script>$(document).ready(function(){$('.treetable').treetable("collapseNode","xccdf_org.ssgproject.content_group_audit_file_modification");});</script></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_creat" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_creat" id="rule-overview-leaf-id34354" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_file_modification" data-references='{"NIST SP 800-171":["3.1.7"],"NIST SP 800-53":["AU-3","AU-3.1","AU-12(a)","AU-12.1(ii)","AU-12(c)","AU-12.1(iv)","MA-4(1)(a)"],"ANSSI":["BP28(R73)"],"https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf":["10.2.1.1","10.2.1.4"],"https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf":["DE.AE-3","DE.AE-5","DE.CM-1","DE.CM-3","DE.CM-7","ID.SC-4","PR.AC-3","PR.PT-1","PR.PT-4","RS.AN-1","RS.AN-4"],"https://public.cyber.mil/stigs/cci/":["CCI-000130","CCI-000135","CCI-000169","CCI-000172","CCI-002884"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000037-GPOS-00015","SRG-OS-000042-GPOS-00020","SRG-OS-000062-GPOS-00031","SRG-OS-000392-GPOS-00172","SRG-OS-000462-GPOS-00206","SRG-OS-000471-GPOS-00215","SRG-OS-000064-GPOS-00033","SRG-OS-000458-GPOS-00203","SRG-OS-000461-GPOS-00205"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux":["SLES-15-030150"],"https://public.cyber.mil/stigs/srg-stig-tools/":["SV-234914r622137_rule"],"https://www.cisecurity.org/benchmark/suse_linux/":["4.1.10"],"https://www.cisecurity.org/controls/":["1","11","12","13","14","15","16","19","2","3","4","5","6","7","8","9"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)(ii)(A)","164.308(a)(5)(ii)(C)","164.312(a)(2)(i)","164.312(b)","164.312(d)","164.312(e)"],"https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu":["SR 1.13","SR 2.10","SR 2.11","SR 2.12","SR 2.6","SR 2.8","SR 2.9","SR 3.1","SR 3.5","SR 3.8","SR 4.1","SR 4.3","SR 5.1","SR 5.2","SR 5.3","SR 6.1","SR 6.2","SR 7.1","SR 7.6"],"https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat":["4.2.3.10","4.3.2.6.7","4.3.3.3.9","4.3.3.5.8","4.3.3.6.6","4.3.4.4.7","4.3.4.5.6","4.3.4.5.7","4.3.4.5.8","4.4.2.1","4.4.2.2","4.4.2.4"],"https://www.isaca.org/resources/cobit":["APO10.01","APO10.03","APO10.04","APO10.05","APO11.04","APO12.06","APO13.01","BAI03.05","BAI08.02","DSS01.03","DSS01.04","DSS02.02","DSS02.04","DSS02.07","DSS03.01","DSS03.05","DSS05.02","DSS05.03","DSS05.04","DSS05.05","DSS05.07","MEA01.01","MEA01.02","MEA01.03","MEA01.04","MEA01.05","MEA02.01"],"ISO 27001-2013":["A.11.2.6","A.12.4.1","A.12.4.2","A.12.4.3","A.12.4.4","A.12.7.1","A.13.1.1","A.13.2.1","A.14.1.3","A.14.2.7","A.15.2.1","A.15.2.2","A.16.1.4","A.16.1.5","A.16.1.7","A.6.2.1","A.6.2.2"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"],"PCI-DSS Requirement":["Req-10.2.4","Req-10.2.1"]}'><td style="padding-left: 95px"><a href="#rule-detail-id34354" onclick="return openRuleDetailsDialog('id34354')">Record Unsuccessful Access Attempts to Files - creat</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_ftruncate" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_ftruncate" id="rule-overview-leaf-id34355" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_file_modification" data-references='{"NIST SP 800-171":["3.1.7"],"NIST SP 800-53":["AU-3","AU-3.1","AU-12(c)","AU-12.1(iv)","AU-12(a)","AU-12.1(ii)","MA-4(1)(a)"],"ANSSI":["BP28(R73)"],"https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf":["10.2.1.1","10.2.1.4"],"https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf":["DE.AE-3","DE.AE-5","DE.CM-1","DE.CM-3","DE.CM-7","ID.SC-4","PR.AC-3","PR.PT-1","PR.PT-4","RS.AN-1","RS.AN-4"],"https://public.cyber.mil/stigs/cci/":["CCI-000130","CCI-000135","CCI-000169","CCI-000172","CCI-002884"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000037-GPOS-00015","SRG-OS-000042-GPOS-00020","SRG-OS-000062-GPOS-00031","SRG-OS-000392-GPOS-00172","SRG-OS-000462-GPOS-00206","SRG-OS-000471-GPOS-00215","SRG-OS-000064-GPOS-00033","SRG-OS-000458-GPOS-00203","SRG-OS-000461-GPOS-00205"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux":["SLES-15-030150"],"https://public.cyber.mil/stigs/srg-stig-tools/":["SV-234914r622137_rule"],"https://www.cisecurity.org/benchmark/suse_linux/":["4.1.10"],"https://www.cisecurity.org/controls/":["1","11","12","13","14","15","16","19","2","3","4","5","6","7","8","9"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)(ii)(A)","164.308(a)(5)(ii)(C)","164.312(a)(2)(i)","164.312(b)","164.312(d)","164.312(e)"],"https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu":["SR 1.13","SR 2.10","SR 2.11","SR 2.12","SR 2.6","SR 2.8","SR 2.9","SR 3.1","SR 3.5","SR 3.8","SR 4.1","SR 4.3","SR 5.1","SR 5.2","SR 5.3","SR 6.1","SR 6.2","SR 7.1","SR 7.6"],"https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat":["4.2.3.10","4.3.2.6.7","4.3.3.3.9","4.3.3.5.8","4.3.3.6.6","4.3.4.4.7","4.3.4.5.6","4.3.4.5.7","4.3.4.5.8","4.4.2.1","4.4.2.2","4.4.2.4"],"https://www.isaca.org/resources/cobit":["APO10.01","APO10.03","APO10.04","APO10.05","APO11.04","APO12.06","APO13.01","BAI03.05","BAI08.02","DSS01.03","DSS01.04","DSS02.02","DSS02.04","DSS02.07","DSS03.01","DSS03.05","DSS05.02","DSS05.03","DSS05.04","DSS05.05","DSS05.07","MEA01.01","MEA01.02","MEA01.03","MEA01.04","MEA01.05","MEA02.01"],"ISO 27001-2013":["A.11.2.6","A.12.4.1","A.12.4.2","A.12.4.3","A.12.4.4","A.12.7.1","A.13.1.1","A.13.2.1","A.14.1.3","A.14.2.7","A.15.2.1","A.15.2.2","A.16.1.4","A.16.1.5","A.16.1.7","A.6.2.1","A.6.2.2"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"],"PCI-DSS Requirement":["Req-10.2.4","Req-10.2.1"]}'><td style="padding-left: 95px"><a href="#rule-detail-id34355" onclick="return openRuleDetailsDialog('id34355')">Record Unsuccessful Access Attempts to Files - ftruncate</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_open" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_open" id="rule-overview-leaf-id34356" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_file_modification" data-references='{"NIST SP 800-171":["3.1.7"],"NIST SP 800-53":["AU-12(c)","AU-12.1(iv)","AU-12(a)","AU-12.1(ii)","AU-3","AU-3.1","MA-4(1)(a)"],"ANSSI":["BP28(R73)"],"https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf":["10.2.1.1","10.2.1.4"],"https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf":["DE.AE-3","DE.AE-5","DE.CM-1","DE.CM-3","DE.CM-7","ID.SC-4","PR.AC-3","PR.PT-1","PR.PT-4","RS.AN-1","RS.AN-4"],"https://public.cyber.mil/stigs/cci/":["CCI-000130","CCI-000135","CCI-000169","CCI-000172","CCI-002884"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000037-GPOS-00015","SRG-OS-000042-GPOS-00020","SRG-OS-000062-GPOS-00031","SRG-OS-000392-GPOS-00172","SRG-OS-000462-GPOS-00206","SRG-OS-000471-GPOS-00215","SRG-OS-000064-GPOS-00033","SRG-OS-000458-GPOS-00203","SRG-OS-000461-GPOS-00205"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux":["SLES-15-030150"],"https://public.cyber.mil/stigs/srg-stig-tools/":["SV-234914r622137_rule"],"https://www.cisecurity.org/benchmark/suse_linux/":["4.1.10"],"https://www.cisecurity.org/controls/":["1","11","12","13","14","15","16","19","2","3","4","5","6","7","8","9"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)(ii)(A)","164.308(a)(5)(ii)(C)","164.312(a)(2)(i)","164.312(b)","164.312(d)","164.312(e)"],"https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu":["SR 1.13","SR 2.10","SR 2.11","SR 2.12","SR 2.6","SR 2.8","SR 2.9","SR 3.1","SR 3.5","SR 3.8","SR 4.1","SR 4.3","SR 5.1","SR 5.2","SR 5.3","SR 6.1","SR 6.2","SR 7.1","SR 7.6"],"https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat":["4.2.3.10","4.3.2.6.7","4.3.3.3.9","4.3.3.5.8","4.3.3.6.6","4.3.4.4.7","4.3.4.5.6","4.3.4.5.7","4.3.4.5.8","4.4.2.1","4.4.2.2","4.4.2.4"],"https://www.isaca.org/resources/cobit":["APO10.01","APO10.03","APO10.04","APO10.05","APO11.04","APO12.06","APO13.01","BAI03.05","BAI08.02","DSS01.03","DSS01.04","DSS02.02","DSS02.04","DSS02.07","DSS03.01","DSS03.05","DSS05.02","DSS05.03","DSS05.04","DSS05.05","DSS05.07","MEA01.01","MEA01.02","MEA01.03","MEA01.04","MEA01.05","MEA02.01"],"ISO 27001-2013":["A.11.2.6","A.12.4.1","A.12.4.2","A.12.4.3","A.12.4.4","A.12.7.1","A.13.1.1","A.13.2.1","A.14.1.3","A.14.2.7","A.15.2.1","A.15.2.2","A.16.1.4","A.16.1.5","A.16.1.7","A.6.2.1","A.6.2.2"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"],"PCI-DSS Requirement":["Req-10.2.4","Req-10.2.1"]}'><td style="padding-left: 95px"><a href="#rule-detail-id34356" onclick="return openRuleDetailsDialog('id34356')">Record Unsuccessful Access Attempts to Files - open</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_open_by_handle_at" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_open_by_handle_at" id="rule-overview-leaf-id34357" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_file_modification" data-references='{"NIST SP 800-171":["3.1.7"],"NIST SP 800-53":["AU-3","AU-3.1","AU-12(c)","AU-12.1(iv)","AU-12(a)","AU-12.1(ii)","MA-4(1)(a)"],"https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf":["10.2.1.1","10.2.1.4"],"https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf":["DE.AE-3","DE.AE-5","DE.CM-1","DE.CM-3","DE.CM-7","ID.SC-4","PR.AC-3","PR.PT-1","PR.PT-4","RS.AN-1","RS.AN-4"],"https://public.cyber.mil/stigs/cci/":["CCI-000130","CCI-000135","CCI-000169","CCI-000172","CCI-002884"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000037-GPOS-00015","SRG-OS-000042-GPOS-00020","SRG-OS-000062-GPOS-00031","SRG-OS-000392-GPOS-00172","SRG-OS-000462-GPOS-00206","SRG-OS-000471-GPOS-00215","SRG-OS-000064-GPOS-00033","SRG-OS-000458-GPOS-00203","SRG-OS-000461-GPOS-00205"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux":["SLES-15-030150"],"https://public.cyber.mil/stigs/srg-stig-tools/":["SV-234914r622137_rule"],"https://www.cisecurity.org/controls/":["1","11","12","13","14","15","16","19","2","3","4","5","6","7","8","9"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)(ii)(A)","164.308(a)(5)(ii)(C)","164.312(a)(2)(i)","164.312(b)","164.312(d)","164.312(e)"],"https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu":["SR 1.13","SR 2.10","SR 2.11","SR 2.12","SR 2.6","SR 2.8","SR 2.9","SR 3.1","SR 3.5","SR 3.8","SR 4.1","SR 4.3","SR 5.1","SR 5.2","SR 5.3","SR 6.1","SR 6.2","SR 7.1","SR 7.6"],"https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat":["4.2.3.10","4.3.2.6.7","4.3.3.3.9","4.3.3.5.8","4.3.3.6.6","4.3.4.4.7","4.3.4.5.6","4.3.4.5.7","4.3.4.5.8","4.4.2.1","4.4.2.2","4.4.2.4"],"https://www.isaca.org/resources/cobit":["APO10.01","APO10.03","APO10.04","APO10.05","APO11.04","APO12.06","APO13.01","BAI03.05","BAI08.02","DSS01.03","DSS01.04","DSS02.02","DSS02.04","DSS02.07","DSS03.01","DSS03.05","DSS05.02","DSS05.03","DSS05.04","DSS05.05","DSS05.07","MEA01.01","MEA01.02","MEA01.03","MEA01.04","MEA01.05","MEA02.01"],"ISO 27001-2013":["A.11.2.6","A.12.4.1","A.12.4.2","A.12.4.3","A.12.4.4","A.12.7.1","A.13.1.1","A.13.2.1","A.14.1.3","A.14.2.7","A.15.2.1","A.15.2.2","A.16.1.4","A.16.1.5","A.16.1.7","A.6.2.1","A.6.2.2"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"],"PCI-DSS Requirement":["Req-10.2.4","Req-10.2.1"]}'><td style="padding-left: 95px"><a href="#rule-detail-id34357" onclick="return openRuleDetailsDialog('id34357')">Record Unsuccessful Access Attempts to Files - open_by_handle_at</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_openat" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_openat" id="rule-overview-leaf-id34358" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_file_modification" data-references='{"NIST SP 800-171":["3.1.7"],"NIST SP 800-53":["AU-12(a)","AU-12.1(ii)","AU-12(c)","AU-12.1(iv)","AU-3","AU-3.1","MA-4(1)(a)"],"ANSSI":["BP28(R73)"],"https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf":["10.2.1.1","10.2.1.4"],"https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf":["DE.AE-3","DE.AE-5","DE.CM-1","DE.CM-3","DE.CM-7","ID.SC-4","PR.AC-3","PR.PT-1","PR.PT-4","RS.AN-1","RS.AN-4"],"https://public.cyber.mil/stigs/cci/":["CCI-000130","CCI-000135","CCI-000169","CCI-000172","CCI-002884"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000037-GPOS-00015","SRG-OS-000042-GPOS-00020","SRG-OS-000062-GPOS-00031","SRG-OS-000392-GPOS-00172","SRG-OS-000462-GPOS-00206","SRG-OS-000471-GPOS-00215","SRG-OS-000064-GPOS-00033","SRG-OS-000458-GPOS-00203","SRG-OS-000461-GPOS-00205"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux":["SLES-15-030150"],"https://public.cyber.mil/stigs/srg-stig-tools/":["SV-234914r622137_rule"],"https://www.cisecurity.org/benchmark/suse_linux/":["4.1.10"],"https://www.cisecurity.org/controls/":["1","11","12","13","14","15","16","19","2","3","4","5","6","7","8","9"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)(ii)(A)","164.308(a)(5)(ii)(C)","164.312(a)(2)(i)","164.312(b)","164.312(d)","164.312(e)"],"https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu":["SR 1.13","SR 2.10","SR 2.11","SR 2.12","SR 2.6","SR 2.8","SR 2.9","SR 3.1","SR 3.5","SR 3.8","SR 4.1","SR 4.3","SR 5.1","SR 5.2","SR 5.3","SR 6.1","SR 6.2","SR 7.1","SR 7.6"],"https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat":["4.2.3.10","4.3.2.6.7","4.3.3.3.9","4.3.3.5.8","4.3.3.6.6","4.3.4.4.7","4.3.4.5.6","4.3.4.5.7","4.3.4.5.8","4.4.2.1","4.4.2.2","4.4.2.4"],"https://www.isaca.org/resources/cobit":["APO10.01","APO10.03","APO10.04","APO10.05","APO11.04","APO12.06","APO13.01","BAI03.05","BAI08.02","DSS01.03","DSS01.04","DSS02.02","DSS02.04","DSS02.07","DSS03.01","DSS03.05","DSS05.02","DSS05.03","DSS05.04","DSS05.05","DSS05.07","MEA01.01","MEA01.02","MEA01.03","MEA01.04","MEA01.05","MEA02.01"],"ISO 27001-2013":["A.11.2.6","A.12.4.1","A.12.4.2","A.12.4.3","A.12.4.4","A.12.7.1","A.13.1.1","A.13.2.1","A.14.1.3","A.14.2.7","A.15.2.1","A.15.2.2","A.16.1.4","A.16.1.5","A.16.1.7","A.6.2.1","A.6.2.2"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"],"PCI-DSS Requirement":["Req-10.2.4","Req-10.2.1"]}'><td style="padding-left: 95px"><a href="#rule-detail-id34358" onclick="return openRuleDetailsDialog('id34358')">Record Unsuccessful Access Attempts to Files - openat</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_rename" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_rename" id="rule-overview-leaf-id34359" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_file_modification" data-references='{"NIST SP 800-171":["3.1.7"],"NIST SP 800-53":["AU-12(c)","AU-12.1(iv)"],"https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf":["10.2.1.1","10.2.1.4"],"https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf":["DE.AE-3","DE.AE-5","DE.CM-1","DE.CM-3","DE.CM-7","ID.SC-4","PR.AC-3","PR.PT-1","PR.PT-4","RS.AN-1","RS.AN-4"],"https://public.cyber.mil/stigs/cci/":["CCI-000172","CCI-002884"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000064-GPOS-00033","SRG-OS-000392-GPOS-00172","SRG-OS-000458-GPOS-00203","SRG-OS-000461-GPOS-00205","SRG-OS-000468-GPOS-00212"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux":["SLES-15-030740"],"https://public.cyber.mil/stigs/srg-stig-tools/":["SV-234973r622137_rule"],"https://www.cisecurity.org/controls/":["1","11","12","13","14","15","16","19","2","3","4","5","6","7","8","9"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)(ii)(A)","164.308(a)(5)(ii)(C)","164.312(a)(2)(i)","164.312(b)","164.312(d)","164.312(e)"],"https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu":["SR 1.13","SR 2.10","SR 2.11","SR 2.12","SR 2.6","SR 2.8","SR 2.9","SR 3.1","SR 3.5","SR 3.8","SR 4.1","SR 4.3","SR 5.1","SR 5.2","SR 5.3","SR 6.1","SR 6.2","SR 7.1","SR 7.6"],"https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat":["4.2.3.10","4.3.2.6.7","4.3.3.3.9","4.3.3.5.8","4.3.3.6.6","4.3.4.4.7","4.3.4.5.6","4.3.4.5.7","4.3.4.5.8","4.4.2.1","4.4.2.2","4.4.2.4"],"https://www.isaca.org/resources/cobit":["APO10.01","APO10.03","APO10.04","APO10.05","APO11.04","APO12.06","APO13.01","BAI03.05","BAI08.02","DSS01.03","DSS01.04","DSS02.02","DSS02.04","DSS02.07","DSS03.01","DSS03.05","DSS05.02","DSS05.03","DSS05.04","DSS05.05","DSS05.07","MEA01.01","MEA01.02","MEA01.03","MEA01.04","MEA01.05","MEA02.01"],"ISO 27001-2013":["A.11.2.6","A.12.4.1","A.12.4.2","A.12.4.3","A.12.4.4","A.12.7.1","A.13.1.1","A.13.2.1","A.14.1.3","A.14.2.7","A.15.2.1","A.15.2.2","A.16.1.4","A.16.1.5","A.16.1.7","A.6.2.1","A.6.2.2"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"],"PCI-DSS Requirement":["Req-10.2.4","Req-10.2.1"]}'><td style="padding-left: 95px"><a href="#rule-detail-id34359" onclick="return openRuleDetailsDialog('id34359')">Record Unsuccessful Delete Attempts to Files - rename</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_renameat" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_renameat" id="rule-overview-leaf-id34360" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_file_modification" data-references='{"NIST SP 800-171":["3.1.7"],"NIST SP 800-53":["AU-12(c)","AU-12.1(iv)"],"https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf":["10.2.1.1","10.2.1.4"],"https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf":["DE.AE-3","DE.AE-5","DE.CM-1","DE.CM-3","DE.CM-7","ID.SC-4","PR.AC-3","PR.PT-1","PR.PT-4","RS.AN-1","RS.AN-4"],"https://public.cyber.mil/stigs/cci/":["CCI-000172","CCI-002884"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000064-GPOS-00033","SRG-OS-000392-GPOS-00172","SRG-OS-000458-GPOS-00203","SRG-OS-000461-GPOS-00205","SRG-OS-000468-GPOS-00212"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux":["SLES-15-030740"],"https://public.cyber.mil/stigs/srg-stig-tools/":["SV-234973r622137_rule"],"https://www.cisecurity.org/controls/":["1","11","12","13","14","15","16","19","2","3","4","5","6","7","8","9"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)(ii)(A)","164.308(a)(5)(ii)(C)","164.312(a)(2)(i)","164.312(b)","164.312(d)","164.312(e)"],"https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu":["SR 1.13","SR 2.10","SR 2.11","SR 2.12","SR 2.6","SR 2.8","SR 2.9","SR 3.1","SR 3.5","SR 3.8","SR 4.1","SR 4.3","SR 5.1","SR 5.2","SR 5.3","SR 6.1","SR 6.2","SR 7.1","SR 7.6"],"https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat":["4.2.3.10","4.3.2.6.7","4.3.3.3.9","4.3.3.5.8","4.3.3.6.6","4.3.4.4.7","4.3.4.5.6","4.3.4.5.7","4.3.4.5.8","4.4.2.1","4.4.2.2","4.4.2.4"],"https://www.isaca.org/resources/cobit":["APO10.01","APO10.03","APO10.04","APO10.05","APO11.04","APO12.06","APO13.01","BAI03.05","BAI08.02","DSS01.03","DSS01.04","DSS02.02","DSS02.04","DSS02.07","DSS03.01","DSS03.05","DSS05.02","DSS05.03","DSS05.04","DSS05.05","DSS05.07","MEA01.01","MEA01.02","MEA01.03","MEA01.04","MEA01.05","MEA02.01"],"ISO 27001-2013":["A.11.2.6","A.12.4.1","A.12.4.2","A.12.4.3","A.12.4.4","A.12.7.1","A.13.1.1","A.13.2.1","A.14.1.3","A.14.2.7","A.15.2.1","A.15.2.2","A.16.1.4","A.16.1.5","A.16.1.7","A.6.2.1","A.6.2.2"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"],"PCI-DSS Requirement":["Req-10.2.4","Req-10.2.1"]}'><td style="padding-left: 95px"><a href="#rule-detail-id34360" onclick="return openRuleDetailsDialog('id34360')">Record Unsuccessful Delete Attempts to Files - renameat</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_renameat2" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_renameat2" id="rule-overview-leaf-id34361" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_file_modification" data-references='{"NIST SP 800-53":["AU-12(c)","AU-12.1(iv)"],"https://public.cyber.mil/stigs/cci/":["CCI-000172"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000468-GPOS-00212"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux":["SLES-15-030740"],"https://public.cyber.mil/stigs/srg-stig-tools/":["SV-234973r622137_rule"]}'><td style="padding-left: 95px"><a href="#rule-detail-id34361" onclick="return openRuleDetailsDialog('id34361')">Record Unsuccessful Delete Attempts to Files - renameat2</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_truncate" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_truncate" id="rule-overview-leaf-id34362" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_file_modification" data-references='{"NIST SP 800-171":["3.1.7"],"NIST SP 800-53":["AU-2(d)","AU-12(c)","CM-6(a)"],"ANSSI":["BP28(R73)"],"https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf":["10.2.1.1","10.2.1.4"],"https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf":["DE.AE-3","DE.AE-5","DE.CM-1","DE.CM-3","DE.CM-7","ID.SC-4","PR.AC-3","PR.PT-1","PR.PT-4","RS.AN-1","RS.AN-4"],"https://public.cyber.mil/stigs/cci/":["CCI-000130","CCI-000135","CCI-000169","CCI-000172","CCI-002884"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000037-GPOS-00015","SRG-OS-000042-GPOS-00020","SRG-OS-000062-GPOS-00031","SRG-OS-000392-GPOS-00172","SRG-OS-000462-GPOS-00206","SRG-OS-000471-GPOS-00215","SRG-OS-000064-GPOS-00033","SRG-OS-000458-GPOS-00203","SRG-OS-000461-GPOS-00205"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux":["SLES-15-030150"],"https://public.cyber.mil/stigs/srg-stig-tools/":["SV-234914r622137_rule"],"https://www.cisecurity.org/benchmark/suse_linux/":["4.1.10"],"https://www.cisecurity.org/controls/":["1","11","12","13","14","15","16","19","2","3","4","5","6","7","8","9"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)(ii)(A)","164.308(a)(5)(ii)(C)","164.312(a)(2)(i)","164.312(b)","164.312(d)","164.312(e)"],"https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu":["SR 1.13","SR 2.10","SR 2.11","SR 2.12","SR 2.6","SR 2.8","SR 2.9","SR 3.1","SR 3.5","SR 3.8","SR 4.1","SR 4.3","SR 5.1","SR 5.2","SR 5.3","SR 6.1","SR 6.2","SR 7.1","SR 7.6"],"https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat":["4.2.3.10","4.3.2.6.7","4.3.3.3.9","4.3.3.5.8","4.3.3.6.6","4.3.4.4.7","4.3.4.5.6","4.3.4.5.7","4.3.4.5.8","4.4.2.1","4.4.2.2","4.4.2.4"],"https://www.isaca.org/resources/cobit":["APO10.01","APO10.03","APO10.04","APO10.05","APO11.04","APO12.06","APO13.01","BAI03.05","BAI08.02","DSS01.03","DSS01.04","DSS02.02","DSS02.04","DSS02.07","DSS03.01","DSS03.05","DSS05.02","DSS05.03","DSS05.04","DSS05.05","DSS05.07","MEA01.01","MEA01.02","MEA01.03","MEA01.04","MEA01.05","MEA02.01"],"ISO 27001-2013":["A.11.2.6","A.12.4.1","A.12.4.2","A.12.4.3","A.12.4.4","A.12.7.1","A.13.1.1","A.13.2.1","A.14.1.3","A.14.2.7","A.15.2.1","A.15.2.2","A.16.1.4","A.16.1.5","A.16.1.7","A.6.2.1","A.6.2.2"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"],"PCI-DSS Requirement":["Req-10.2.4","Req-10.2.1"]}'><td style="padding-left: 95px"><a href="#rule-detail-id34362" onclick="return openRuleDetailsDialog('id34362')">Record Unsuccessful Access Attempts to Files - truncate</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_unlink" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_unlink" id="rule-overview-leaf-id34363" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_file_modification" data-references='{"NIST SP 800-171":["3.1.7"],"NIST SP 800-53":["AU-12(c)","AU-12.1(iv)"],"https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf":["10.2.1.1","10.2.1.4"],"https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf":["DE.AE-3","DE.AE-5","DE.CM-1","DE.CM-3","DE.CM-7","ID.SC-4","PR.AC-3","PR.PT-1","PR.PT-4","RS.AN-1","RS.AN-4"],"https://public.cyber.mil/stigs/cci/":["CCI-000172","CCI-002884"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000064-GPOS-00033","SRG-OS-000392-GPOS-00172","SRG-OS-000458-GPOS-00203","SRG-OS-000461-GPOS-00205","SRG-OS-000468-GPOS-00212"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux":["SLES-15-030740"],"https://public.cyber.mil/stigs/srg-stig-tools/":["SV-234973r622137_rule"],"https://www.cisecurity.org/controls/":["1","11","12","13","14","15","16","19","2","3","4","5","6","7","8","9"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)(ii)(A)","164.308(a)(5)(ii)(C)","164.312(a)(2)(i)","164.312(b)","164.312(d)","164.312(e)"],"https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu":["SR 1.13","SR 2.10","SR 2.11","SR 2.12","SR 2.6","SR 2.8","SR 2.9","SR 3.1","SR 3.5","SR 3.8","SR 4.1","SR 4.3","SR 5.1","SR 5.2","SR 5.3","SR 6.1","SR 6.2","SR 7.1","SR 7.6"],"https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat":["4.2.3.10","4.3.2.6.7","4.3.3.3.9","4.3.3.5.8","4.3.3.6.6","4.3.4.4.7","4.3.4.5.6","4.3.4.5.7","4.3.4.5.8","4.4.2.1","4.4.2.2","4.4.2.4"],"https://www.isaca.org/resources/cobit":["APO10.01","APO10.03","APO10.04","APO10.05","APO11.04","APO12.06","APO13.01","BAI03.05","BAI08.02","DSS01.03","DSS01.04","DSS02.02","DSS02.04","DSS02.07","DSS03.01","DSS03.05","DSS05.02","DSS05.03","DSS05.04","DSS05.05","DSS05.07","MEA01.01","MEA01.02","MEA01.03","MEA01.04","MEA01.05","MEA02.01"],"ISO 27001-2013":["A.11.2.6","A.12.4.1","A.12.4.2","A.12.4.3","A.12.4.4","A.12.7.1","A.13.1.1","A.13.2.1","A.14.1.3","A.14.2.7","A.15.2.1","A.15.2.2","A.16.1.4","A.16.1.5","A.16.1.7","A.6.2.1","A.6.2.2"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"],"PCI-DSS Requirement":["Req-10.2.4","Req-10.2.1"]}'><td style="padding-left: 95px"><a href="#rule-detail-id34363" onclick="return openRuleDetailsDialog('id34363')">Record Unsuccessful Delete Attempts to Files - unlink</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_unlinkat" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_unlinkat" id="rule-overview-leaf-id34364" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_file_modification" data-references='{"NIST SP 800-171":["3.1.7"],"NIST SP 800-53":["AU-12(c)","AU-12.1(iv)"],"https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf":["10.2.1.1","10.2.1.4"],"https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf":["DE.AE-3","DE.AE-5","DE.CM-1","DE.CM-3","DE.CM-7","ID.SC-4","PR.AC-3","PR.PT-1","PR.PT-4","RS.AN-1","RS.AN-4"],"https://public.cyber.mil/stigs/cci/":["CCI-000172","CCI-002884"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000064-GPOS-00033","SRG-OS-000392-GPOS-00172","SRG-OS-000458-GPOS-00203","SRG-OS-000461-GPOS-00205","SRG-OS-000468-GPOS-00212"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux":["SLES-15-030740"],"https://public.cyber.mil/stigs/srg-stig-tools/":["SV-234973r622137_rule"],"https://www.cisecurity.org/controls/":["1","11","12","13","14","15","16","19","2","3","4","5","6","7","8","9"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)(ii)(A)","164.308(a)(5)(ii)(C)","164.312(a)(2)(i)","164.312(b)","164.312(d)","164.312(e)"],"https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu":["SR 1.13","SR 2.10","SR 2.11","SR 2.12","SR 2.6","SR 2.8","SR 2.9","SR 3.1","SR 3.5","SR 3.8","SR 4.1","SR 4.3","SR 5.1","SR 5.2","SR 5.3","SR 6.1","SR 6.2","SR 7.1","SR 7.6"],"https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat":["4.2.3.10","4.3.2.6.7","4.3.3.3.9","4.3.3.5.8","4.3.3.6.6","4.3.4.4.7","4.3.4.5.6","4.3.4.5.7","4.3.4.5.8","4.4.2.1","4.4.2.2","4.4.2.4"],"https://www.isaca.org/resources/cobit":["APO10.01","APO10.03","APO10.04","APO10.05","APO11.04","APO12.06","APO13.01","BAI03.05","BAI08.02","DSS01.03","DSS01.04","DSS02.02","DSS02.04","DSS02.07","DSS03.01","DSS03.05","DSS05.02","DSS05.03","DSS05.04","DSS05.05","DSS05.07","MEA01.01","MEA01.02","MEA01.03","MEA01.04","MEA01.05","MEA02.01"],"ISO 27001-2013":["A.11.2.6","A.12.4.1","A.12.4.2","A.12.4.3","A.12.4.4","A.12.7.1","A.13.1.1","A.13.2.1","A.14.1.3","A.14.2.7","A.15.2.1","A.15.2.2","A.16.1.4","A.16.1.5","A.16.1.7","A.6.2.1","A.6.2.2"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"],"PCI-DSS Requirement":["Req-10.2.4","Req-10.2.1"]}'><td style="padding-left: 95px"><a href="#rule-detail-id34364" onclick="return openRuleDetailsDialog('id34364')">Record Unsuccessful Delete Attempts to Files - unlinkat</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_audit_kernel_module_loading" class="rule-overview-inner-node rule-overview-inner-node-id-xccdf_org.ssgproject.content_group_audit_kernel_module_loading" data-tt-parent-id="xccdf_org.ssgproject.content_group_auditd_configure_rules"><td colspan="3" style="padding-left: 76px">Record Information on Kernel Modules Loading and Unloading<script>$(document).ready(function(){$('.treetable').treetable("collapseNode","xccdf_org.ssgproject.content_group_audit_kernel_module_loading");});</script></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_kernel_module_loading_delete" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_kernel_module_loading_delete" id="rule-overview-leaf-id34365" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_kernel_module_loading" data-references='{"NIST SP 800-171":["3.1.7"],"NIST SP 800-53":["AU-3","AU-3.1","AU-12(a)","AU-12.1(ii)","AU-12.1(iv)","MA-4(1)(a)"],"ANSSI":["BP28(R73)"],"https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf":["10.2.1.7"],"https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf":["DE.AE-3","DE.AE-5","DE.CM-1","DE.CM-3","DE.CM-7","ID.SC-4","PR.AC-3","PR.PT-1","PR.PT-4","RS.AN-1","RS.AN-4"],"https://public.cyber.mil/stigs/cci/":["CCI-000130","CCI-000135","CCI-000169","CCI-000172","CCI-002884"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000037-GPOS-00015","SRG-OS-000042-GPOS-00020","SRG-OS-000062-GPOS-00031","SRG-OS-000392-GPOS-00172","SRG-OS-000462-GPOS-00206","SRG-OS-000471-GPOS-00215","SRG-OS-000471-GPOS-00216","SRG-OS-000477-GPOS-00222"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux":["SLES-15-030520"],"https://public.cyber.mil/stigs/srg-stig-tools/":["SV-234951r622137_rule"],"https://www.cisecurity.org/benchmark/suse_linux/":["4.1.16"],"https://www.cisecurity.org/controls/":["1","11","12","13","14","15","16","19","2","3","4","5","6","7","8","9"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)(ii)(A)","164.308(a)(5)(ii)(C)","164.312(a)(2)(i)","164.312(b)","164.312(d)","164.312(e)"],"https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu":["SR 1.13","SR 2.10","SR 2.11","SR 2.12","SR 2.6","SR 2.8","SR 2.9","SR 3.1","SR 3.5","SR 3.8","SR 4.1","SR 4.3","SR 5.1","SR 5.2","SR 5.3","SR 6.1","SR 6.2","SR 7.1","SR 7.6"],"https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat":["4.2.3.10","4.3.2.6.7","4.3.3.3.9","4.3.3.5.8","4.3.3.6.6","4.3.4.4.7","4.3.4.5.6","4.3.4.5.7","4.3.4.5.8","4.4.2.1","4.4.2.2","4.4.2.4"],"https://www.isaca.org/resources/cobit":["APO10.01","APO10.03","APO10.04","APO10.05","APO11.04","APO12.06","APO13.01","BAI03.05","BAI08.02","DSS01.03","DSS01.04","DSS02.02","DSS02.04","DSS02.07","DSS03.01","DSS03.05","DSS05.02","DSS05.03","DSS05.04","DSS05.05","DSS05.07","MEA01.01","MEA01.02","MEA01.03","MEA01.04","MEA01.05","MEA02.01"],"ISO 27001-2013":["A.11.2.6","A.12.4.1","A.12.4.2","A.12.4.3","A.12.4.4","A.12.7.1","A.13.1.1","A.13.2.1","A.14.1.3","A.14.2.7","A.15.2.1","A.15.2.2","A.16.1.4","A.16.1.5","A.16.1.7","A.6.2.1","A.6.2.2"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"],"PCI-DSS Requirement":["Req-10.2.7"]}'><td style="padding-left: 95px"><a href="#rule-detail-id34365" onclick="return openRuleDetailsDialog('id34365')">Ensure auditd Collects Information on Kernel Module Unloading - delete_module</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_kernel_module_loading_finit" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_kernel_module_loading_finit" id="rule-overview-leaf-id34366" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_kernel_module_loading" data-references='{"NIST SP 800-171":["3.1.7"],"NIST SP 800-53":["AU-3","AU-3.1","AU-12(a)","AU-12.1(ii)","AU-12.1(iv)","MA-4(1)(a)"],"ANSSI":["BP28(R73)"],"https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf":["10.2.1.7"],"https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf":["DE.AE-3","DE.AE-5","DE.CM-1","DE.CM-3","DE.CM-7","ID.SC-4","PR.AC-3","PR.PT-1","PR.PT-4","RS.AN-1","RS.AN-4"],"https://public.cyber.mil/stigs/cci/":["CCI-000130","CCI-000135","CCI-000169","CCI-000172","CCI-002884"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000037-GPOS-00015","SRG-OS-000042-GPOS-00020","SRG-OS-000062-GPOS-00031","SRG-OS-000392-GPOS-00172","SRG-OS-000462-GPOS-00206","SRG-OS-000471-GPOS-00215","SRG-OS-000471-GPOS-00216","SRG-OS-000477-GPOS-00222"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux":["SLES-15-030530"],"https://public.cyber.mil/stigs/srg-stig-tools/":["SV-234952r622137_rule"],"https://www.cisecurity.org/controls/":["1","11","12","13","14","15","16","19","2","3","4","5","6","7","8","9"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)(ii)(A)","164.308(a)(5)(ii)(C)","164.312(a)(2)(i)","164.312(b)","164.312(d)","164.312(e)"],"https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu":["SR 1.13","SR 2.10","SR 2.11","SR 2.12","SR 2.6","SR 2.8","SR 2.9","SR 3.1","SR 3.5","SR 3.8","SR 4.1","SR 4.3","SR 5.1","SR 5.2","SR 5.3","SR 6.1","SR 6.2","SR 7.1","SR 7.6"],"https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat":["4.2.3.10","4.3.2.6.7","4.3.3.3.9","4.3.3.5.8","4.3.3.6.6","4.3.4.4.7","4.3.4.5.6","4.3.4.5.7","4.3.4.5.8","4.4.2.1","4.4.2.2","4.4.2.4"],"https://www.isaca.org/resources/cobit":["APO10.01","APO10.03","APO10.04","APO10.05","APO11.04","APO12.06","APO13.01","BAI03.05","BAI08.02","DSS01.03","DSS01.04","DSS02.02","DSS02.04","DSS02.07","DSS03.01","DSS03.05","DSS05.02","DSS05.03","DSS05.04","DSS05.05","DSS05.07","MEA01.01","MEA01.02","MEA01.03","MEA01.04","MEA01.05","MEA02.01"],"ISO 27001-2013":["A.11.2.6","A.12.4.1","A.12.4.2","A.12.4.3","A.12.4.4","A.12.7.1","A.13.1.1","A.13.2.1","A.14.1.3","A.14.2.7","A.15.2.1","A.15.2.2","A.16.1.4","A.16.1.5","A.16.1.7","A.6.2.1","A.6.2.2"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"],"PCI-DSS Requirement":["Req-10.2.7"]}'><td style="padding-left: 95px"><a href="#rule-detail-id34366" onclick="return openRuleDetailsDialog('id34366')">Ensure auditd Collects Information on Kernel Module Loading and Unloading - finit_module</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_kernel_module_loading_init" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_kernel_module_loading_init" id="rule-overview-leaf-id34367" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_kernel_module_loading" data-references='{"NIST SP 800-171":["3.1.7"],"NIST SP 800-53":["AU-3","AU-3.1","AU-12(a)","AU-12.1(ii)","AU-12.1(iv)","MA-4(1)(a)"],"ANSSI":["BP28(R73)"],"https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf":["10.2.1.7"],"https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf":["DE.AE-3","DE.AE-5","DE.CM-1","DE.CM-3","DE.CM-7","ID.SC-4","PR.AC-3","PR.PT-1","PR.PT-4","RS.AN-1","RS.AN-4"],"https://public.cyber.mil/stigs/cci/":["CCI-000130","CCI-000135","CCI-000169","CCI-000172","CCI-002884"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000037-GPOS-00015","SRG-OS-000042-GPOS-00020","SRG-OS-000062-GPOS-00031","SRG-OS-000392-GPOS-00172","SRG-OS-000462-GPOS-00206","SRG-OS-000471-GPOS-00215","SRG-OS-000471-GPOS-00216","SRG-OS-000477-GPOS-00222"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux":["SLES-15-030530"],"https://public.cyber.mil/stigs/srg-stig-tools/":["SV-234952r622137_rule"],"https://www.cisecurity.org/benchmark/suse_linux/":["4.1.16"],"https://www.cisecurity.org/controls/":["1","11","12","13","14","15","16","19","2","3","4","5","6","7","8","9"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)(ii)(A)","164.308(a)(5)(ii)(C)","164.312(a)(2)(i)","164.312(b)","164.312(d)","164.312(e)"],"https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu":["SR 1.13","SR 2.10","SR 2.11","SR 2.12","SR 2.6","SR 2.8","SR 2.9","SR 3.1","SR 3.5","SR 3.8","SR 4.1","SR 4.3","SR 5.1","SR 5.2","SR 5.3","SR 6.1","SR 6.2","SR 7.1","SR 7.6"],"https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat":["4.2.3.10","4.3.2.6.7","4.3.3.3.9","4.3.3.5.8","4.3.3.6.6","4.3.4.4.7","4.3.4.5.6","4.3.4.5.7","4.3.4.5.8","4.4.2.1","4.4.2.2","4.4.2.4"],"https://www.isaca.org/resources/cobit":["APO10.01","APO10.03","APO10.04","APO10.05","APO11.04","APO12.06","APO13.01","BAI03.05","BAI08.02","DSS01.03","DSS01.04","DSS02.02","DSS02.04","DSS02.07","DSS03.01","DSS03.05","DSS05.02","DSS05.03","DSS05.04","DSS05.05","DSS05.07","MEA01.01","MEA01.02","MEA01.03","MEA01.04","MEA01.05","MEA02.01"],"ISO 27001-2013":["A.11.2.6","A.12.4.1","A.12.4.2","A.12.4.3","A.12.4.4","A.12.7.1","A.13.1.1","A.13.2.1","A.14.1.3","A.14.2.7","A.15.2.1","A.15.2.2","A.16.1.4","A.16.1.5","A.16.1.7","A.6.2.1","A.6.2.2"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"],"PCI-DSS Requirement":["Req-10.2.7"]}'><td style="padding-left: 95px"><a href="#rule-detail-id34367" onclick="return openRuleDetailsDialog('id34367')">Ensure auditd Collects Information on Kernel Module Loading - init_module</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_audit_login_events" class="rule-overview-inner-node rule-overview-inner-node-id-xccdf_org.ssgproject.content_group_audit_login_events" data-tt-parent-id="xccdf_org.ssgproject.content_group_auditd_configure_rules"><td colspan="3" style="padding-left: 76px">Record Attempts to Alter Logon and Logout Events<script>$(document).ready(function(){$('.treetable').treetable("collapseNode","xccdf_org.ssgproject.content_group_audit_login_events");});</script></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_login_events_faillock" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_login_events_faillock" id="rule-overview-leaf-id34368" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_login_events" data-references='{"NIST SP 800-171":["3.1.7"],"NIST SP 800-53":["AU-2(d)","AU-12(c)","AC-6(9)","CM-6(a)"],"ANSSI":["BP28(R73)"],"https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf":["10.2.1.3"],"https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf":["DE.AE-3","DE.AE-5","DE.CM-1","DE.CM-3","DE.CM-7","ID.SC-4","PR.AC-3","PR.PT-1","PR.PT-4","RS.AN-1","RS.AN-4"],"https://public.cyber.mil/stigs/cci/":["CCI-000126","CCI-000172","CCI-002884"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000392-GPOS-00172","SRG-OS-000470-GPOS-00214","SRG-OS-000473-GPOS-00218"],"https://www.cisecurity.org/benchmark/suse_linux/":["4.1.7"],"https://www.cisecurity.org/controls/":["1","11","12","13","14","15","16","19","2","3","4","5","6","7","8","9"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)(ii)(A)","164.308(a)(5)(ii)(C)","164.312(a)(2)(i)","164.312(b)","164.312(d)","164.312(e)"],"https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu":["SR 1.13","SR 2.10","SR 2.11","SR 2.12","SR 2.6","SR 2.8","SR 2.9","SR 3.1","SR 3.5","SR 3.8","SR 4.1","SR 4.3","SR 5.1","SR 5.2","SR 5.3","SR 6.1","SR 6.2","SR 7.1","SR 7.6"],"https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat":["4.2.3.10","4.3.2.6.7","4.3.3.3.9","4.3.3.5.8","4.3.3.6.6","4.3.4.4.7","4.3.4.5.6","4.3.4.5.7","4.3.4.5.8","4.4.2.1","4.4.2.2","4.4.2.4"],"https://www.isaca.org/resources/cobit":["APO10.01","APO10.03","APO10.04","APO10.05","APO11.04","APO12.06","APO13.01","BAI03.05","BAI08.02","DSS01.03","DSS01.04","DSS02.02","DSS02.04","DSS02.07","DSS03.01","DSS03.05","DSS05.02","DSS05.03","DSS05.04","DSS05.05","DSS05.07","MEA01.01","MEA01.02","MEA01.03","MEA01.04","MEA01.05","MEA02.01"],"ISO 27001-2013":["A.11.2.6","A.12.4.1","A.12.4.2","A.12.4.3","A.12.4.4","A.12.7.1","A.13.1.1","A.13.2.1","A.14.1.3","A.14.2.7","A.15.2.1","A.15.2.2","A.16.1.4","A.16.1.5","A.16.1.7","A.6.2.1","A.6.2.2"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"],"PCI-DSS Requirement":["Req-10.2.3"]}'><td style="padding-left: 95px"><a href="#rule-detail-id34368" onclick="return openRuleDetailsDialog('id34368')">Record Attempts to Alter Logon and Logout Events - faillock</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_login_events_lastlog" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_login_events_lastlog" id="rule-overview-leaf-id34369" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_login_events" data-references='{"NIST SP 800-171":["3.1.7"],"NIST SP 800-53":["AU-2(d)","AU-12(c)","AC-6(9)","CM-6(a)"],"ANSSI":["BP28(R73)"],"https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf":["10.2.1.3"],"https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf":["DE.AE-3","DE.AE-5","DE.CM-1","DE.CM-3","DE.CM-7","ID.SC-4","PR.AC-3","PR.PT-1","PR.PT-4","RS.AN-1","RS.AN-4"],"https://public.cyber.mil/stigs/cci/":["CCI-000126","CCI-000130","CCI-000135","CCI-000169","CCI-000172","CCI-002884"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000037-GPOS-00015","SRG-OS-000042-GPOS-00020","SRG-OS-000062-GPOS-00031","SRG-OS-000392-GPOS-00172","SRG-OS-000462-GPOS-00206","SRG-OS-000471-GPOS-00215","SRG-OS-000473-GPOS-00218","SRG-OS-000470-GPOS-00214"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux":["SLES-15-030480"],"https://public.cyber.mil/stigs/srg-stig-tools/":["SV-234947r622137_rule"],"https://www.cisecurity.org/benchmark/suse_linux/":["4.1.7"],"https://www.cisecurity.org/controls/":["1","11","12","13","14","15","16","19","2","3","4","5","6","7","8","9"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)(ii)(A)","164.308(a)(5)(ii)(C)","164.312(a)(2)(i)","164.312(b)","164.312(d)","164.312(e)"],"https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu":["SR 1.13","SR 2.10","SR 2.11","SR 2.12","SR 2.6","SR 2.8","SR 2.9","SR 3.1","SR 3.5","SR 3.8","SR 4.1","SR 4.3","SR 5.1","SR 5.2","SR 5.3","SR 6.1","SR 6.2","SR 7.1","SR 7.6"],"https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat":["4.2.3.10","4.3.2.6.7","4.3.3.3.9","4.3.3.5.8","4.3.3.6.6","4.3.4.4.7","4.3.4.5.6","4.3.4.5.7","4.3.4.5.8","4.4.2.1","4.4.2.2","4.4.2.4"],"https://www.isaca.org/resources/cobit":["APO10.01","APO10.03","APO10.04","APO10.05","APO11.04","APO12.06","APO13.01","BAI03.05","BAI08.02","DSS01.03","DSS01.04","DSS02.02","DSS02.04","DSS02.07","DSS03.01","DSS03.05","DSS05.02","DSS05.03","DSS05.04","DSS05.05","DSS05.07","MEA01.01","MEA01.02","MEA01.03","MEA01.04","MEA01.05","MEA02.01"],"ISO 27001-2013":["A.11.2.6","A.12.4.1","A.12.4.2","A.12.4.3","A.12.4.4","A.12.7.1","A.13.1.1","A.13.2.1","A.14.1.3","A.14.2.7","A.15.2.1","A.15.2.2","A.16.1.4","A.16.1.5","A.16.1.7","A.6.2.1","A.6.2.2"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"],"PCI-DSS Requirement":["Req-10.2.3"]}'><td style="padding-left: 95px"><a href="#rule-detail-id34369" onclick="return openRuleDetailsDialog('id34369')">Record Attempts to Alter Logon and Logout Events - lastlog</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_login_events_tallylog" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_login_events_tallylog" id="rule-overview-leaf-id34370" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_login_events" data-references='{"NIST SP 800-171":["3.1.7"],"NIST SP 800-53":["AU-2(d)","AU-12(c)","AC-6(9)","CM-6(a)"],"https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf":["10.2.1.3"],"https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf":["DE.AE-3","DE.AE-5","DE.CM-1","DE.CM-3","DE.CM-7","ID.SC-4","PR.AC-3","PR.PT-1","PR.PT-4","RS.AN-1","RS.AN-4"],"https://public.cyber.mil/stigs/cci/":["CCI-000172","CCI-002884","CCI-000126"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000392-GPOS-00172","SRG-OS-000470-GPOS-00214","SRG-OS-000473-GPOS-00218"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux":["SLES-15-030470"],"https://public.cyber.mil/stigs/srg-stig-tools/":["SV-234946r622137_rule"],"https://www.cisecurity.org/benchmark/suse_linux/":["4.1.7"],"https://www.cisecurity.org/controls/":["1","11","12","13","14","15","16","19","2","3","4","5","6","7","8","9"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)(ii)(A)","164.308(a)(5)(ii)(C)","164.312(a)(2)(i)","164.312(b)","164.312(d)","164.312(e)"],"https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu":["SR 1.13","SR 2.10","SR 2.11","SR 2.12","SR 2.6","SR 2.8","SR 2.9","SR 3.1","SR 3.5","SR 3.8","SR 4.1","SR 4.3","SR 5.1","SR 5.2","SR 5.3","SR 6.1","SR 6.2","SR 7.1","SR 7.6"],"https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat":["4.2.3.10","4.3.2.6.7","4.3.3.3.9","4.3.3.5.8","4.3.3.6.6","4.3.4.4.7","4.3.4.5.6","4.3.4.5.7","4.3.4.5.8","4.4.2.1","4.4.2.2","4.4.2.4"],"https://www.isaca.org/resources/cobit":["APO10.01","APO10.03","APO10.04","APO10.05","APO11.04","APO12.06","APO13.01","BAI03.05","BAI08.02","DSS01.03","DSS01.04","DSS02.02","DSS02.04","DSS02.07","DSS03.01","DSS03.05","DSS05.02","DSS05.03","DSS05.04","DSS05.05","DSS05.07","MEA01.01","MEA01.02","MEA01.03","MEA01.04","MEA01.05","MEA02.01"],"ISO 27001-2013":["A.11.2.6","A.12.4.1","A.12.4.2","A.12.4.3","A.12.4.4","A.12.7.1","A.13.1.1","A.13.2.1","A.14.1.3","A.14.2.7","A.15.2.1","A.15.2.2","A.16.1.4","A.16.1.5","A.16.1.7","A.6.2.1","A.6.2.2"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"],"PCI-DSS Requirement":["Req-10.2.3"]}'><td style="padding-left: 95px"><a href="#rule-detail-id34370" onclick="return openRuleDetailsDialog('id34370')">Record Attempts to Alter Logon and Logout Events - tallylog</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_audit_privileged_commands" class="rule-overview-inner-node rule-overview-inner-node-id-xccdf_org.ssgproject.content_group_audit_privileged_commands" data-tt-parent-id="xccdf_org.ssgproject.content_group_auditd_configure_rules"><td colspan="3" style="padding-left: 76px">Record Information on the Use of Privileged Commands<script>$(document).ready(function(){$('.treetable').treetable("collapseNode","xccdf_org.ssgproject.content_group_audit_privileged_commands");});</script></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_chage" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_chage" id="rule-overview-leaf-id34371" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_privileged_commands" data-references='{"NIST SP 800-171":["3.1.7"],"NIST SP 800-53":["AC-2(4)","AU-2(d)","AU-12(c)","AC-6(9)","CM-6(a)"],"https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf":["DE.CM-1","DE.CM-3","DE.CM-7","ID.SC-4","PR.PT-1"],"https://public.cyber.mil/stigs/cci/":["CCI-000130","CCI-000135","CCI-000169","CCI-000172","CCI-002884"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=application-servers":["SRG-APP-000029-CTR-000085"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000037-GPOS-00015","SRG-OS-000042-GPOS-00020","SRG-OS-000062-GPOS-00031","SRG-OS-000392-GPOS-00172","SRG-OS-000462-GPOS-00206","SRG-OS-000468-GPOS-00212","SRG-OS-000471-GPOS-00215"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux":["SLES-15-030120"],"https://public.cyber.mil/stigs/srg-stig-tools/":["SV-234911r622137_rule"],"https://www.cisecurity.org/controls/":["1","12","13","14","15","16","2","3","5","6","7","8","9"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)(ii)(A)","164.308(a)(5)(ii)(C)","164.312(a)(2)(i)","164.312(b)","164.312(d)","164.312(e)"],"https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu":["SR 2.10","SR 2.11","SR 2.12","SR 2.8","SR 2.9","SR 6.1","SR 6.2"],"https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat":["4.3.2.6.7","4.3.3.3.9","4.3.3.5.8","4.3.4.4.7","4.4.2.1","4.4.2.2","4.4.2.4"],"https://www.isaca.org/resources/cobit":["APO10.01","APO10.03","APO10.04","APO10.05","APO11.04","BAI03.05","DSS01.03","DSS03.05","DSS05.02","DSS05.04","DSS05.05","DSS05.07","MEA01.01","MEA01.02","MEA01.03","MEA01.04","MEA01.05","MEA02.01"],"ISO 27001-2013":["A.12.4.1","A.12.4.2","A.12.4.3","A.12.4.4","A.12.7.1","A.14.2.7","A.15.2.1","A.15.2.2"],"https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx":["CIP-004-6 R2.2.2","CIP-004-6 R2.2.3","CIP-007-3 R.1.3","CIP-007-3 R5","CIP-007-3 R5.1.1","CIP-007-3 R5.1.3","CIP-007-3 R5.2.1","CIP-007-3 R5.2.3"]}'><td style="padding-left: 95px"><a href="#rule-detail-id34371" onclick="return openRuleDetailsDialog('id34371')">Ensure auditd Collects Information on the Use of Privileged Commands - chage</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_chfn" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_chfn" id="rule-overview-leaf-id34372" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_privileged_commands" data-references='{"NIST SP 800-53":["AU-3","AU-12(a)","AU-12(c)","MA-4(1)(a)"],"https://public.cyber.mil/stigs/cci/":["CCI-000130","CCI-000169","CCI-000172","CCI-002884"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux":["SLES-15-030340"],"https://public.cyber.mil/stigs/srg-stig-tools/":["SV-234933r622137_rule"]}'><td style="padding-left: 95px"><a href="#rule-detail-id34372" onclick="return openRuleDetailsDialog('id34372')">Ensure auditd Collects Information on the Use of Privileged Commands - chfn</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_chsh" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_chsh" id="rule-overview-leaf-id34373" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_privileged_commands" data-references='{"NIST SP 800-171":["3.1.7"],"NIST SP 800-53":["AC-2(4)","AU-2(d)","AU-12(c)","AC-6(9)","CM-6(a)"],"https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf":["DE.CM-1","DE.CM-3","DE.CM-7","ID.SC-4","PR.PT-1"],"https://public.cyber.mil/stigs/cci/":["CCI-000130","CCI-000135","CCI-000169","CCI-000172","CCI-002884"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000037-GPOS-00015","SRG-OS-000042-GPOS-00020","SRG-OS-000062-GPOS-00031","SRG-OS-000392-GPOS-00172","SRG-OS-000462-GPOS-00206","SRG-OS-000471-GPOS-00215"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux":["SLES-15-030100"],"https://public.cyber.mil/stigs/srg-stig-tools/":["SV-234909r622137_rule"],"https://www.cisecurity.org/controls/":["1","12","13","14","15","16","2","3","5","6","7","8","9"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)(ii)(A)","164.308(a)(5)(ii)(C)","164.312(a)(2)(i)","164.312(b)","164.312(d)","164.312(e)"],"https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu":["SR 2.10","SR 2.11","SR 2.12","SR 2.8","SR 2.9","SR 6.1","SR 6.2"],"https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat":["4.3.2.6.7","4.3.3.3.9","4.3.3.5.8","4.3.4.4.7","4.4.2.1","4.4.2.2","4.4.2.4"],"https://www.isaca.org/resources/cobit":["APO10.01","APO10.03","APO10.04","APO10.05","APO11.04","BAI03.05","DSS01.03","DSS03.05","DSS05.02","DSS05.04","DSS05.05","DSS05.07","MEA01.01","MEA01.02","MEA01.03","MEA01.04","MEA01.05","MEA02.01"],"ISO 27001-2013":["A.12.4.1","A.12.4.2","A.12.4.3","A.12.4.4","A.12.7.1","A.14.2.7","A.15.2.1","A.15.2.2"],"https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx":["CIP-004-6 R2.2.2","CIP-004-6 R2.2.3","CIP-007-3 R.1.3","CIP-007-3 R5","CIP-007-3 R5.1.1","CIP-007-3 R5.1.3","CIP-007-3 R5.2.1","CIP-007-3 R5.2.3"]}'><td style="padding-left: 95px"><a href="#rule-detail-id34373" onclick="return openRuleDetailsDialog('id34373')">Ensure auditd Collects Information on the Use of Privileged Commands - chsh</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_crontab" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_crontab" id="rule-overview-leaf-id34374" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_privileged_commands" data-references='{"NIST SP 800-171":["3.1.7"],"NIST SP 800-53":["AU-2(d)","AU-12(c)","AC-6(9)","CM-6(a)"],"https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf":["DE.CM-1","DE.CM-3","DE.CM-7","ID.SC-4","PR.PT-1"],"https://public.cyber.mil/stigs/cci/":["CCI-000130","CCI-000135","CCI-000169","CCI-000172","CCI-002884"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000037-GPOS-00015","SRG-OS-000042-GPOS-00020","SRG-OS-000062-GPOS-00031","SRG-OS-000392-GPOS-00172","SRG-OS-000462-GPOS-00206","SRG-OS-000471-GPOS-00215"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux":["SLES-15-030130"],"https://public.cyber.mil/stigs/srg-stig-tools/":["SV-234912r622137_rule"],"https://www.cisecurity.org/controls/":["1","12","13","14","15","16","2","3","5","6","7","8","9"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)(ii)(A)","164.308(a)(5)(ii)(C)","164.312(a)(2)(i)","164.312(b)","164.312(d)","164.312(e)"],"https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu":["SR 2.10","SR 2.11","SR 2.12","SR 2.8","SR 2.9","SR 6.1","SR 6.2"],"https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat":["4.3.2.6.7","4.3.3.3.9","4.3.3.5.8","4.3.4.4.7","4.4.2.1","4.4.2.2","4.4.2.4"],"https://www.isaca.org/resources/cobit":["APO10.01","APO10.03","APO10.04","APO10.05","APO11.04","BAI03.05","DSS01.03","DSS03.05","DSS05.02","DSS05.04","DSS05.05","DSS05.07","MEA01.01","MEA01.02","MEA01.03","MEA01.04","MEA01.05","MEA02.01"],"ISO 27001-2013":["A.12.4.1","A.12.4.2","A.12.4.3","A.12.4.4","A.12.7.1","A.14.2.7","A.15.2.1","A.15.2.2"]}'><td style="padding-left: 95px"><a href="#rule-detail-id34374" onclick="return openRuleDetailsDialog('id34374')">Ensure auditd Collects Information on the Use of Privileged Commands - crontab</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_gpasswd" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_gpasswd" id="rule-overview-leaf-id34375" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_privileged_commands" data-references='{"NIST SP 800-171":["3.1.7"],"NIST SP 800-53":["AC-2(4)","AU-2(d)","AU-12(c)","AC-6(9)","CM-6(a)"],"https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf":["DE.CM-1","DE.CM-3","DE.CM-7","ID.SC-4","PR.PT-1"],"https://public.cyber.mil/stigs/cci/":["CCI-000130","CCI-000135","CCI-000169","CCI-000172","CCI-002884"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=application-servers":["SRG-APP-000029-CTR-000085"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000037-GPOS-00015","SRG-OS-000042-GPOS-00020","SRG-OS-000062-GPOS-00031","SRG-OS-000392-GPOS-00172","SRG-OS-000462-GPOS-00206","SRG-OS-000471-GPOS-00215"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux":["SLES-15-030080"],"https://public.cyber.mil/stigs/srg-stig-tools/":["SV-234907r622137_rule"],"https://www.cisecurity.org/controls/":["1","12","13","14","15","16","2","3","5","6","7","8","9"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)(ii)(A)","164.308(a)(5)(ii)(C)","164.312(a)(2)(i)","164.312(b)","164.312(d)","164.312(e)"],"https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu":["SR 2.10","SR 2.11","SR 2.12","SR 2.8","SR 2.9","SR 6.1","SR 6.2"],"https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat":["4.3.2.6.7","4.3.3.3.9","4.3.3.5.8","4.3.4.4.7","4.4.2.1","4.4.2.2","4.4.2.4"],"https://www.isaca.org/resources/cobit":["APO10.01","APO10.03","APO10.04","APO10.05","APO11.04","BAI03.05","DSS01.03","DSS03.05","DSS05.02","DSS05.04","DSS05.05","DSS05.07","MEA01.01","MEA01.02","MEA01.03","MEA01.04","MEA01.05","MEA02.01"],"ISO 27001-2013":["A.12.4.1","A.12.4.2","A.12.4.3","A.12.4.4","A.12.7.1","A.14.2.7","A.15.2.1","A.15.2.2"],"https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx":["CIP-004-6 R2.2.2","CIP-004-6 R2.2.3","CIP-007-3 R.1.3","CIP-007-3 R5","CIP-007-3 R5.1.1","CIP-007-3 R5.1.3","CIP-007-3 R5.2.1","CIP-007-3 R5.2.3"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"]}'><td style="padding-left: 95px"><a href="#rule-detail-id34375" onclick="return openRuleDetailsDialog('id34375')">Ensure auditd Collects Information on the Use of Privileged Commands - gpasswd</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_insmod" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_insmod" id="rule-overview-leaf-id34376" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_privileged_commands" data-references='{"NIST SP 800-53":["AU-12(c)","AU-12.1(iv)","AU-3","AU-3.1","AU-12(a)","AU-12.1(ii)","MA-4(1)(a)"],"ANSSI":["BP28(R73)"],"https://public.cyber.mil/stigs/cci/":["CCI-000130","CCI-000169","CCI-000172","CCI-002884"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000037-GPOS-00015","SRG-OS-000062-GPOS-00031","SRG-OS-000392-GPOS-00172","SRG-OS-000462-GPOS-00206","SRG-OS-000471-GPOS-00215"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux":["SLES-15-030380"],"https://public.cyber.mil/stigs/srg-stig-tools/":["SV-234937r622137_rule"],"https://www.cisecurity.org/benchmark/suse_linux/":["4.1.16"]}'><td style="padding-left: 95px"><a href="#rule-detail-id34376" onclick="return openRuleDetailsDialog('id34376')">Ensure auditd Collects Information on the Use of Privileged Commands - insmod</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_kmod" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_kmod" id="rule-overview-leaf-id34377" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_privileged_commands" data-references='{"NIST SP 800-53":["AU-3","AU-3.1","AU-12(a)","AU-12.1(ii)","AU-12.1(iv)AU-12(c)","MA-4(1)(a)"],"ANSSI":["BP28(R73)"],"https://public.cyber.mil/stigs/cci/":["CCI-000130","CCI-000135","CCI-000169","CCI-000172","CCI-002884"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000037-GPOS-00015","SRG-OS-000042-GPOS-00020","SRG-OS-000062-GPOS-00031","SRG-OS-000392-GPOS-00172","SRG-OS-000462-GPOS-00206","SRG-OS-000471-GPOS-00215","SRG-OS-000471-GPOS-00216","SRG-OS-000477-GPOS-00222"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux":["SLES-15-030410"],"https://public.cyber.mil/stigs/srg-stig-tools/":["SV-234940r622137_rule"]}'><td style="padding-left: 95px"><a href="#rule-detail-id34377" onclick="return openRuleDetailsDialog('id34377')">Ensure auditd Collects Information on the Use of Privileged Commands - kmod</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_modprobe" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_modprobe" id="rule-overview-leaf-id34378" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_privileged_commands" data-references='{"NIST SP 800-53":["AU-12(a)","AU-12.1(ii)","AU-3","AU-3.1","AU-12(c)","AU-12.1(iv)","MA-4(1)(a)"],"ANSSI":["BP28(R73)"],"https://public.cyber.mil/stigs/cci/":["CCI-000130","CCI-000169","CCI-000172","CCI-002884"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000037-GPOS-00015","SRG-OS-000062-GPOS-00031","SRG-OS-000392-GPOS-00172","SRG-OS-000462-GPOS-00206","SRG-OS-000471-GPOS-00215"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux":["SLES-15-030400"],"https://public.cyber.mil/stigs/srg-stig-tools/":["SV-234939r622137_rule"],"https://www.cisecurity.org/benchmark/suse_linux/":["4.1.16"]}'><td style="padding-left: 95px"><a href="#rule-detail-id34378" onclick="return openRuleDetailsDialog('id34378')">Ensure auditd Collects Information on the Use of Privileged Commands - modprobe</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_newgrp" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_newgrp" id="rule-overview-leaf-id34379" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_privileged_commands" data-references='{"NIST SP 800-171":["3.1.7"],"NIST SP 800-53":["AC-2(4)","AU-2(d)","AU-12(c)","AC-6(9)","CM-6(a)"],"https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf":["DE.CM-1","DE.CM-3","DE.CM-7","ID.SC-4","PR.PT-1"],"https://public.cyber.mil/stigs/cci/":["CCI-000130","CCI-000169","CCI-000135","CCI-000172","CCI-002884"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=application-servers":["SRG-APP-000029-CTR-000085"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000037-GPOS-00015","SRG-OS-000042-GPOS-00020","SRG-OS-000062-GPOS-00031","SRG-OS-000392-GPOS-00172","SRG-OS-000462-GPOS-00206","SRG-OS-000471-GPOS-00215"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux":["SLES-15-030090"],"https://public.cyber.mil/stigs/srg-stig-tools/":["SV-234908r622137_rule"],"https://www.cisecurity.org/controls/":["1","12","13","14","15","16","2","3","5","6","7","8","9"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)(ii)(A)","164.308(a)(5)(ii)(C)","164.312(a)(2)(i)","164.312(b)","164.312(d)","164.312(e)"],"https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu":["SR 2.10","SR 2.11","SR 2.12","SR 2.8","SR 2.9","SR 6.1","SR 6.2"],"https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat":["4.3.2.6.7","4.3.3.3.9","4.3.3.5.8","4.3.4.4.7","4.4.2.1","4.4.2.2","4.4.2.4"],"https://www.isaca.org/resources/cobit":["APO10.01","APO10.03","APO10.04","APO10.05","APO11.04","BAI03.05","DSS01.03","DSS03.05","DSS05.02","DSS05.04","DSS05.05","DSS05.07","MEA01.01","MEA01.02","MEA01.03","MEA01.04","MEA01.05","MEA02.01"],"ISO 27001-2013":["A.12.4.1","A.12.4.2","A.12.4.3","A.12.4.4","A.12.7.1","A.14.2.7","A.15.2.1","A.15.2.2"],"https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx":["CIP-004-6 R2.2.2","CIP-004-6 R2.2.3","CIP-007-3 R.1.3","CIP-007-3 R5","CIP-007-3 R5.1.1","CIP-007-3 R5.1.3","CIP-007-3 R5.2.1","CIP-007-3 R5.2.3"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"]}'><td style="padding-left: 95px"><a href="#rule-detail-id34379" onclick="return openRuleDetailsDialog('id34379')">Ensure auditd Collects Information on the Use of Privileged Commands - newgrp</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_pam_timestamp_check" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_pam_timestamp_check" id="rule-overview-leaf-id34380" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_privileged_commands" data-references='{"NIST SP 800-171":["3.1.7"],"NIST SP 800-53":["AU-2(d)","AU-12(c)","AC-6(9)","CM-6(a)"],"https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf":["DE.CM-1","DE.CM-3","DE.CM-7","ID.SC-4","PR.PT-1"],"https://public.cyber.mil/stigs/cci/":["CCI-000130","CCI-000135","CCI-000169","CCI-000172","CCI-002884"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=application-servers":["SRG-APP-000029-CTR-000085"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000037-GPOS-00015","SRG-OS-000042-GPOS-00020","SRG-OS-000062-GPOS-00031","SRG-OS-000392-GPOS-00172","SRG-OS-000462-GPOS-00206","SRG-OS-000471-GPOS-00215"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux":["SLES-15-030510"],"https://public.cyber.mil/stigs/srg-stig-tools/":["SV-234950r622137_rule"],"https://www.cisecurity.org/controls/":["1","12","13","14","15","16","2","3","5","6","7","8","9"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)(ii)(A)","164.308(a)(5)(ii)(C)","164.312(a)(2)(i)","164.312(b)","164.312(d)","164.312(e)"],"https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu":["SR 2.10","SR 2.11","SR 2.12","SR 2.8","SR 2.9","SR 6.1","SR 6.2"],"https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat":["4.3.2.6.7","4.3.3.3.9","4.3.3.5.8","4.3.4.4.7","4.4.2.1","4.4.2.2","4.4.2.4"],"https://www.isaca.org/resources/cobit":["APO10.01","APO10.03","APO10.04","APO10.05","APO11.04","BAI03.05","DSS01.03","DSS03.05","DSS05.02","DSS05.04","DSS05.05","DSS05.07","MEA01.01","MEA01.02","MEA01.03","MEA01.04","MEA01.05","MEA02.01"],"ISO 27001-2013":["A.12.4.1","A.12.4.2","A.12.4.3","A.12.4.4","A.12.7.1","A.14.2.7","A.15.2.1","A.15.2.2"]}'><td style="padding-left: 95px"><a href="#rule-detail-id34380" onclick="return openRuleDetailsDialog('id34380')">Ensure auditd Collects Information on the Use of Privileged Commands - pam_timestamp_check</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_passmass" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_passmass" id="rule-overview-leaf-id34381" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_privileged_commands" data-references='{"https://public.cyber.mil/stigs/cci/":["CCI-000130","CCI-000169","CCI-000172","CCI-002884"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000037-GPOS-00015"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux":["SLES-15-030490"],"https://public.cyber.mil/stigs/srg-stig-tools/":["SV-234948r622137_rule"]}'><td style="padding-left: 95px"><a href="#rule-detail-id34381" onclick="return openRuleDetailsDialog('id34381')">Ensure auditd Collects Information on the Use of Privileged Commands - passmass</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_passwd" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_passwd" id="rule-overview-leaf-id34382" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_privileged_commands" data-references='{"NIST SP 800-171":["3.1.7"],"NIST SP 800-53":["AC-2(4)","AU-2(d)","AU-12(c)","AC-6(9)","CM-6(a)"],"https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf":["DE.CM-1","DE.CM-3","DE.CM-7","ID.SC-4","PR.PT-1"],"https://public.cyber.mil/stigs/cci/":["CCI-000130","CCI-000135","CCI-000169","CCI-000172","CCI-002884"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=application-servers":["SRG-APP-000029-CTR-000085"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000037-GPOS-00015","SRG-OS-000042-GPOS-00020","SRG-OS-000062-GPOS-00031","SRG-OS-000392-GPOS-00172","SRG-OS-000462-GPOS-00206","SRG-OS-000471-GPOS-00215"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux":["SLES-15-030070"],"https://public.cyber.mil/stigs/srg-stig-tools/":["SV-234906r622137_rule"],"https://www.cisecurity.org/controls/":["1","12","13","14","15","16","2","3","5","6","7","8","9"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)(ii)(A)","164.308(a)(5)(ii)(C)","164.312(a)(2)(i)","164.312(b)","164.312(d)","164.312(e)"],"https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu":["SR 2.10","SR 2.11","SR 2.12","SR 2.8","SR 2.9","SR 6.1","SR 6.2"],"https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat":["4.3.2.6.7","4.3.3.3.9","4.3.3.5.8","4.3.4.4.7","4.4.2.1","4.4.2.2","4.4.2.4"],"https://www.isaca.org/resources/cobit":["APO10.01","APO10.03","APO10.04","APO10.05","APO11.04","BAI03.05","DSS01.03","DSS03.05","DSS05.02","DSS05.04","DSS05.05","DSS05.07","MEA01.01","MEA01.02","MEA01.03","MEA01.04","MEA01.05","MEA02.01"],"ISO 27001-2013":["A.12.4.1","A.12.4.2","A.12.4.3","A.12.4.4","A.12.7.1","A.14.2.7","A.15.2.1","A.15.2.2"],"https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx":["CIP-004-6 R2.2.2","CIP-004-6 R2.2.3","CIP-007-3 R.1.3","CIP-007-3 R5","CIP-007-3 R5.1.1","CIP-007-3 R5.1.3","CIP-007-3 R5.2.1","CIP-007-3 R5.2.3"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"]}'><td style="padding-left: 95px"><a href="#rule-detail-id34382" onclick="return openRuleDetailsDialog('id34382')">Ensure auditd Collects Information on the Use of Privileged Commands - passwd</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_rmmod" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_rmmod" id="rule-overview-leaf-id34383" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_privileged_commands" data-references='{"NIST SP 800-53":["AU-12(c)","AU-12.1(iv)","AU-3","AU-3.1","AU-12(a)","AU-12.1(ii)","MA-4(1)(a)"],"ANSSI":["BP28(R73)"],"https://public.cyber.mil/stigs/cci/":["CCI-000130","CCI-000169","CCI-000172","CCI-002884"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000037-GPOS-00015","SRG-OS-000062-GPOS-00031","SRG-OS-000392-GPOS-00172","SRG-OS-000462-GPOS-00206","SRG-OS-000471-GPOS-00215"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux":["SLES-15-030390"],"https://public.cyber.mil/stigs/srg-stig-tools/":["SV-234938r622137_rule"],"https://www.cisecurity.org/benchmark/suse_linux/":["4.1.16"]}'><td style="padding-left: 95px"><a href="#rule-detail-id34383" onclick="return openRuleDetailsDialog('id34383')">Ensure auditd Collects Information on the Use of Privileged Commands - rmmod</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_ssh_agent" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_ssh_agent" id="rule-overview-leaf-id34384" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_privileged_commands" data-references='{"https://public.cyber.mil/stigs/cci/":["CCI-000130","CCI-000135","CCI-000169","CCI-000172","CCI-002884"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000037-GPOS-00015","SRG-OS-000042-GPOS-00020","SRG-OS-000062-GPOS-00031","SRG-OS-000392-GPOS-00172","SRG-OS-000462-GPOS-00206","SRG-OS-000471-GPOS-00215"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux":["SLES-15-030370"],"https://public.cyber.mil/stigs/srg-stig-tools/":["SV-234936r622137_rule"]}'><td style="padding-left: 95px"><a href="#rule-detail-id34384" onclick="return openRuleDetailsDialog('id34384')">Record Any Attempts to Run ssh-agent</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_ssh_keysign" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_ssh_keysign" id="rule-overview-leaf-id34385" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_privileged_commands" data-references='{"NIST SP 800-171":["3.1.7"],"NIST SP 800-53":["AU-2(d)","AU-12(c)","AC-6(9)","CM-6(a)"],"https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf":["DE.CM-1","DE.CM-3","DE.CM-7","ID.SC-4","PR.PT-1"],"https://public.cyber.mil/stigs/cci/":["CCI-000130","CCI-000135","CCI-000169","CCI-000172","CCI-002884"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=application-servers":["SRG-APP-000029-CTR-000085"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000037-GPOS-00015","SRG-OS-000042-GPOS-00020","SRG-OS-000062-GPOS-00031","SRG-OS-000392-GPOS-00172","SRG-OS-000462-GPOS-00206","SRG-OS-000471-GPOS-00215"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux":["SLES-15-030060"],"https://public.cyber.mil/stigs/srg-stig-tools/":["SV-234905r622137_rule"],"https://www.cisecurity.org/controls/":["1","12","13","14","15","16","2","3","5","6","7","8","9"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)(ii)(A)","164.308(a)(5)(ii)(C)","164.312(a)(2)(i)","164.312(b)","164.312(d)","164.312(e)"],"https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu":["SR 2.10","SR 2.11","SR 2.12","SR 2.8","SR 2.9","SR 6.1","SR 6.2"],"https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat":["4.3.2.6.7","4.3.3.3.9","4.3.3.5.8","4.3.4.4.7","4.4.2.1","4.4.2.2","4.4.2.4"],"https://www.isaca.org/resources/cobit":["APO10.01","APO10.03","APO10.04","APO10.05","APO11.04","BAI03.05","DSS01.03","DSS03.05","DSS05.02","DSS05.04","DSS05.05","DSS05.07","MEA01.01","MEA01.02","MEA01.03","MEA01.04","MEA01.05","MEA02.01"],"ISO 27001-2013":["A.12.4.1","A.12.4.2","A.12.4.3","A.12.4.4","A.12.7.1","A.14.2.7","A.15.2.1","A.15.2.2"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"]}'><td style="padding-left: 95px"><a href="#rule-detail-id34385" onclick="return openRuleDetailsDialog('id34385')">Ensure auditd Collects Information on the Use of Privileged Commands - ssh-keysign</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_su" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_su" id="rule-overview-leaf-id34386" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_privileged_commands" data-references='{"NIST SP 800-171":["3.1.7"],"NIST SP 800-53":["AU-2(d)","AU-12(c)","AC-6(9)","CM-6(a)"],"https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf":["DE.CM-1","DE.CM-3","DE.CM-7","ID.SC-4","PR.PT-1"],"https://public.cyber.mil/stigs/cci/":["CCI-000130","CCI-000135","CCI-000169","CCI-000172","CCI-002884"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=application-servers":["SRG-APP-000029-CTR-000085"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000037-GPOS-00015","SRG-OS-000042-GPOS-00020","SRG-OS-000062-GPOS-00031","SRG-OS-000064-GPOS-0003","SRG-OS-000392-GPOS-00172","SRG-OS-000462-GPOS-00206","SRG-OS-000471-GPOS-00215","SRG-OS-000466-GPOS-00210"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux":["SLES-15-030550"],"https://public.cyber.mil/stigs/srg-stig-tools/":["SV-234954r622137_rule"],"https://www.cisecurity.org/controls/":["1","12","13","14","15","16","2","3","5","6","7","8","9"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)(ii)(A)","164.308(a)(5)(ii)(C)","164.312(a)(2)(i)","164.312(b)","164.312(d)","164.312(e)"],"https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu":["SR 2.10","SR 2.11","SR 2.12","SR 2.8","SR 2.9","SR 6.1","SR 6.2"],"https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat":["4.3.2.6.7","4.3.3.3.9","4.3.3.5.8","4.3.4.4.7","4.4.2.1","4.4.2.2","4.4.2.4"],"https://www.isaca.org/resources/cobit":["APO10.01","APO10.03","APO10.04","APO10.05","APO11.04","BAI03.05","DSS01.03","DSS03.05","DSS05.02","DSS05.04","DSS05.05","DSS05.07","MEA01.01","MEA01.02","MEA01.03","MEA01.04","MEA01.05","MEA02.01"],"ISO 27001-2013":["A.12.4.1","A.12.4.2","A.12.4.3","A.12.4.4","A.12.7.1","A.14.2.7","A.15.2.1","A.15.2.2"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"]}'><td style="padding-left: 95px"><a href="#rule-detail-id34386" onclick="return openRuleDetailsDialog('id34386')">Ensure auditd Collects Information on the Use of Privileged Commands - su</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_sudo" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_sudo" id="rule-overview-leaf-id34387" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_privileged_commands" data-references='{"NIST SP 800-171":["3.1.7"],"NIST SP 800-53":["AU-2(d)","AU-12(c)","AC-6(9)","CM-6(a)"],"ANSSI":["BP28(R19)"],"https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf":["DE.CM-1","DE.CM-3","DE.CM-7","ID.SC-4","PR.PT-1"],"https://public.cyber.mil/stigs/cci/":["CCI-000130","CCI-000135","CCI-000169","CCI-000172","CCI-002884"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=application-servers":["SRG-APP-000029-CTR-000085"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000037-GPOS-00015","SRG-OS-000042-GPOS-00020","SRG-OS-000062-GPOS-00031","SRG-OS-000392-GPOS-00172","SRG-OS-000462-GPOS-00206","SRG-OS-000471-GPOS-00215","SRG-OS-000466-GPOS-00210"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux":["SLES-15-030560"],"https://public.cyber.mil/stigs/srg-stig-tools/":["SV-234955r622137_rule"],"https://www.cisecurity.org/controls/":["1","12","13","14","15","16","2","3","5","6","7","8","9"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)(ii)(A)","164.308(a)(5)(ii)(C)","164.312(a)(2)(i)","164.312(b)","164.312(d)","164.312(e)"],"https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu":["SR 2.10","SR 2.11","SR 2.12","SR 2.8","SR 2.9","SR 6.1","SR 6.2"],"https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat":["4.3.2.6.7","4.3.3.3.9","4.3.3.5.8","4.3.4.4.7","4.4.2.1","4.4.2.2","4.4.2.4"],"https://www.isaca.org/resources/cobit":["APO10.01","APO10.03","APO10.04","APO10.05","APO11.04","BAI03.05","DSS01.03","DSS03.05","DSS05.02","DSS05.04","DSS05.05","DSS05.07","MEA01.01","MEA01.02","MEA01.03","MEA01.04","MEA01.05","MEA02.01"],"ISO 27001-2013":["A.12.4.1","A.12.4.2","A.12.4.3","A.12.4.4","A.12.7.1","A.14.2.7","A.15.2.1","A.15.2.2"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"]}'><td style="padding-left: 95px"><a href="#rule-detail-id34387" onclick="return openRuleDetailsDialog('id34387')">Ensure auditd Collects Information on the Use of Privileged Commands - sudo</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_sudoedit" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_sudoedit" id="rule-overview-leaf-id34388" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_privileged_commands" data-references='{"NIST SP 800-171":["3.1.7"],"NIST SP 800-53":["AU-3","AU-3.1","AU-12(a)","AU-12.1(ii)","AU-12.1(iv)"],"https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf":["DE.CM-1","DE.CM-3","DE.CM-7","ID.SC-4","PR.PT-1"],"https://public.cyber.mil/stigs/cci/":["CCI-000130","CCI-000135","CCI-000169","CCI-000172","CCI-002884"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000037-GPOS-00015","SRG-OS-000042-GPOS-00020","SRG-OS-000062-GPOS-00031","SRG-OS-000392-GPOS-00172","SRG-OS-000462-GPOS-00206","SRG-OS-000471-GPOS-00215"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux":["SLES-15-030330"],"https://public.cyber.mil/stigs/srg-stig-tools/":["SV-234932r622137_rule"],"https://www.cisecurity.org/controls/":["1","12","13","14","15","16","2","3","5","6","7","8","9"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)(ii)(A)","164.308(a)(5)(ii)(C)","164.312(a)(2)(i)","164.312(b)","164.312(d)","164.312(e)"],"https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu":["SR 2.10","SR 2.11","SR 2.12","SR 2.8","SR 2.9","SR 6.1","SR 6.2"],"https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat":["4.3.2.6.7","4.3.3.3.9","4.3.3.5.8","4.3.4.4.7","4.4.2.1","4.4.2.2","4.4.2.4"],"https://www.isaca.org/resources/cobit":["APO10.01","APO10.03","APO10.04","APO10.05","APO11.04","BAI03.05","DSS01.03","DSS03.05","DSS05.02","DSS05.04","DSS05.05","DSS05.07","MEA01.01","MEA01.02","MEA01.03","MEA01.04","MEA01.05","MEA02.01"],"ISO 27001-2013":["A.12.4.1","A.12.4.2","A.12.4.3","A.12.4.4","A.12.7.1","A.14.2.7","A.15.2.1","A.15.2.2"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"]}'><td style="padding-left: 95px"><a href="#rule-detail-id34388" onclick="return openRuleDetailsDialog('id34388')">Ensure auditd Collects Information on the Use of Privileged Commands - sudoedit</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_unix2_chkpwd" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_unix2_chkpwd" id="rule-overview-leaf-id34389" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_privileged_commands" data-references='{"NIST SP 800-171":["3.1.7"],"NIST SP 800-53":["AC-2(4)","AU-2(d)","AU-3","AU-3.1","AU-12(a)","AU-12(c)","AU-12.1(ii)","AU-12.1(iv)","AC-6(9)","CM-6(a)","MA-4(1)(a)"],"https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf":["DE.CM-1","DE.CM-3","DE.CM-7","ID.SC-4","PR.PT-1"],"https://public.cyber.mil/stigs/cci/":["CCI-000130","CCI-000135","CCI-000169","CCI-000172","CCI-002884"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000042-GPOS-00020","SRG-OS-000392-GPOS-00172","SRG-OS-000471-GPOS-00215","SRG-OS-000037-GPOS-00015"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux":["SLES-15-030110"],"https://public.cyber.mil/stigs/srg-stig-tools/":["SV-234910r622137_rule"],"https://www.cisecurity.org/controls/":["1","12","13","14","15","16","2","3","5","6","7","8","9"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)(ii)(A)","164.308(a)(5)(ii)(C)","164.312(a)(2)(i)","164.312(b)","164.312(d)","164.312(e)"],"https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu":["SR 2.10","SR 2.11","SR 2.12","SR 2.8","SR 2.9","SR 6.1","SR 6.2"],"https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat":["4.3.2.6.7","4.3.3.3.9","4.3.3.5.8","4.3.4.4.7","4.4.2.1","4.4.2.2","4.4.2.4"],"https://www.isaca.org/resources/cobit":["APO10.01","APO10.03","APO10.04","APO10.05","APO11.04","BAI03.05","DSS01.03","DSS03.05","DSS05.02","DSS05.04","DSS05.05","DSS05.07","MEA01.01","MEA01.02","MEA01.03","MEA01.04","MEA01.05","MEA02.01"],"ISO 27001-2013":["A.12.4.1","A.12.4.2","A.12.4.3","A.12.4.4","A.12.7.1","A.14.2.7","A.15.2.1","A.15.2.2"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"]}'><td style="padding-left: 95px"><a href="#rule-detail-id34389" onclick="return openRuleDetailsDialog('id34389')">Ensure auditd Collects Information on the Use of Privileged Commands - unix2_chkpwd</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_unix_chkpwd" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_unix_chkpwd" id="rule-overview-leaf-id34390" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_privileged_commands" data-references='{"NIST SP 800-171":["3.1.7"],"NIST SP 800-53":["AC-2(4)","AU-2(d)","AU-3","AU-3.1","AU-12(a)","AU-12(c)","AU-12.1(ii)","AU-12.1(iv)","AC-6(9)","CM-6(a)","MA-4(1)(a)"],"https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf":["DE.CM-1","DE.CM-3","DE.CM-7","ID.SC-4","PR.PT-1"],"https://public.cyber.mil/stigs/cci/":["CCI-000130","CCI-000135","CCI-000169","CCI-000172","CCI-002884"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=application-servers":["SRG-APP-000029-CTR-000085"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000037-GPOS-00015","SRG-OS-000042-GPOS-00020","SRG-OS-000062-GPOS-00031","SRG-OS-000392-GPOS-00172","SRG-OS-000462-GPOS-00206","SRG-OS-000471-GPOS-00215"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux":["SLES-15-030110"],"https://public.cyber.mil/stigs/srg-stig-tools/":["SV-234910r622137_rule"],"https://www.cisecurity.org/controls/":["1","12","13","14","15","16","2","3","5","6","7","8","9"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)(ii)(A)","164.308(a)(5)(ii)(C)","164.312(a)(2)(i)","164.312(b)","164.312(d)","164.312(e)"],"https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu":["SR 2.10","SR 2.11","SR 2.12","SR 2.8","SR 2.9","SR 6.1","SR 6.2"],"https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat":["4.3.2.6.7","4.3.3.3.9","4.3.3.5.8","4.3.4.4.7","4.4.2.1","4.4.2.2","4.4.2.4"],"https://www.isaca.org/resources/cobit":["APO10.01","APO10.03","APO10.04","APO10.05","APO11.04","BAI03.05","DSS01.03","DSS03.05","DSS05.02","DSS05.04","DSS05.05","DSS05.07","MEA01.01","MEA01.02","MEA01.03","MEA01.04","MEA01.05","MEA02.01"],"ISO 27001-2013":["A.12.4.1","A.12.4.2","A.12.4.3","A.12.4.4","A.12.7.1","A.14.2.7","A.15.2.1","A.15.2.2"],"https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx":["CIP-004-6 R2.2.2","CIP-004-6 R2.2.3","CIP-007-3 R.1.3","CIP-007-3 R5","CIP-007-3 R5.1.1","CIP-007-3 R5.1.3","CIP-007-3 R5.2.1","CIP-007-3 R5.2.3","CIP-007-3 R6.5"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"]}'><td style="padding-left: 95px"><a href="#rule-detail-id34390" onclick="return openRuleDetailsDialog('id34390')">Ensure auditd Collects Information on the Use of Privileged Commands - unix_chkpwd</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_usermod" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_usermod" id="rule-overview-leaf-id34391" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_privileged_commands" data-references='{"https://public.cyber.mil/stigs/cci/":["CCI-000130","CCI-000135","CCI-000169","CCI-000172","CCI-002884"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000037-GPOS-00015","SRG-OS-000042-GPOS-00020","SRG-OS-000062-GPOS-00031","SRG-OS-000392-GPOS-00172","SRG-OS-000462-GPOS-00206","SRG-OS-000471-GPOS-00215","SRG-OS-000466-GPOS-00210"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux":["SLES-15-030500"],"https://public.cyber.mil/stigs/srg-stig-tools/":["SV-234949r622137_rule"]}'><td style="padding-left: 95px"><a href="#rule-detail-id34391" onclick="return openRuleDetailsDialog('id34391')">Ensure auditd Collects Information on the Use of Privileged Commands - usermod</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_audit_time_rules" class="rule-overview-inner-node rule-overview-inner-node-id-xccdf_org.ssgproject.content_group_audit_time_rules" data-tt-parent-id="xccdf_org.ssgproject.content_group_auditd_configure_rules"><td colspan="3" style="padding-left: 76px">Records Events that Modify Date and Time Information<script>$(document).ready(function(){$('.treetable').treetable("collapseNode","xccdf_org.ssgproject.content_group_audit_time_rules");});</script></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_time_adjtimex" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_time_adjtimex" id="rule-overview-leaf-id34392" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_time_rules" data-references='{"NIST SP 800-171":["3.1.7"],"NIST SP 800-53":["AU-2(d)","AU-12(c)","AC-6(9)","CM-6(a)"],"ANSSI":["BP28(R73)"],"https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf":["10.6.3"],"https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf":["DE.AE-3","DE.AE-5","DE.CM-1","DE.CM-3","DE.CM-7","ID.SC-4","PR.AC-3","PR.PT-1","PR.PT-4","RS.AN-1","RS.AN-4"],"https://public.cyber.mil/stigs/cci/":["CCI-001487","CCI-000169"],"https://www.cisecurity.org/benchmark/suse_linux/":["4.1.3"],"https://www.cisecurity.org/controls/":["1","11","12","13","14","15","16","19","2","3","4","5","6","7","8","9"],"FBI CJIS":["5.4.1.1"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)(ii)(A)","164.308(a)(5)(ii)(C)","164.312(a)(2)(i)","164.312(b)","164.312(d)","164.312(e)"],"https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu":["SR 1.13","SR 2.10","SR 2.11","SR 2.12","SR 2.6","SR 2.8","SR 2.9","SR 3.1","SR 3.5","SR 3.8","SR 4.1","SR 4.3","SR 5.1","SR 5.2","SR 5.3","SR 6.1","SR 6.2","SR 7.1","SR 7.6"],"https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat":["4.2.3.10","4.3.2.6.7","4.3.3.3.9","4.3.3.5.8","4.3.3.6.6","4.3.4.4.7","4.3.4.5.6","4.3.4.5.7","4.3.4.5.8","4.4.2.1","4.4.2.2","4.4.2.4"],"https://www.isaca.org/resources/cobit":["APO10.01","APO10.03","APO10.04","APO10.05","APO11.04","APO12.06","APO13.01","BAI03.05","BAI08.02","DSS01.03","DSS01.04","DSS02.02","DSS02.04","DSS02.07","DSS03.01","DSS03.05","DSS05.02","DSS05.03","DSS05.04","DSS05.05","DSS05.07","MEA01.01","MEA01.02","MEA01.03","MEA01.04","MEA01.05","MEA02.01"],"ISO 27001-2013":["A.11.2.6","A.12.4.1","A.12.4.2","A.12.4.3","A.12.4.4","A.12.7.1","A.13.1.1","A.13.2.1","A.14.1.3","A.14.2.7","A.15.2.1","A.15.2.2","A.16.1.4","A.16.1.5","A.16.1.7","A.6.2.1","A.6.2.2"],"PCI-DSS Requirement":["Req-10.4.2.b"]}'><td style="padding-left: 95px"><a href="#rule-detail-id34392" onclick="return openRuleDetailsDialog('id34392')">Record attempts to alter time through adjtimex</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_time_clock_settime" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_time_clock_settime" id="rule-overview-leaf-id34393" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_time_rules" data-references='{"NIST SP 800-171":["3.1.7"],"NIST SP 800-53":["AU-2(d)","AU-12(c)","AC-6(9)","CM-6(a)"],"ANSSI":["BP28(R73)"],"https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf":["10.6.3"],"https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf":["DE.AE-3","DE.AE-5","DE.CM-1","DE.CM-3","DE.CM-7","ID.SC-4","PR.AC-3","PR.PT-1","PR.PT-4","RS.AN-1","RS.AN-4"],"https://public.cyber.mil/stigs/cci/":["CCI-001487","CCI-000169"],"https://www.cisecurity.org/controls/":["1","11","12","13","14","15","16","19","2","3","4","5","6","7","8","9"],"FBI CJIS":["5.4.1.1"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)(ii)(A)","164.308(a)(5)(ii)(C)","164.312(a)(2)(i)","164.312(b)","164.312(d)","164.312(e)"],"https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu":["SR 1.13","SR 2.10","SR 2.11","SR 2.12","SR 2.6","SR 2.8","SR 2.9","SR 3.1","SR 3.5","SR 3.8","SR 4.1","SR 4.3","SR 5.1","SR 5.2","SR 5.3","SR 6.1","SR 6.2","SR 7.1","SR 7.6"],"https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat":["4.2.3.10","4.3.2.6.7","4.3.3.3.9","4.3.3.5.8","4.3.3.6.6","4.3.4.4.7","4.3.4.5.6","4.3.4.5.7","4.3.4.5.8","4.4.2.1","4.4.2.2","4.4.2.4"],"https://www.isaca.org/resources/cobit":["APO10.01","APO10.03","APO10.04","APO10.05","APO11.04","APO12.06","APO13.01","BAI03.05","BAI08.02","DSS01.03","DSS01.04","DSS02.02","DSS02.04","DSS02.07","DSS03.01","DSS03.05","DSS05.02","DSS05.03","DSS05.04","DSS05.05","DSS05.07","MEA01.01","MEA01.02","MEA01.03","MEA01.04","MEA01.05","MEA02.01"],"ISO 27001-2013":["A.11.2.6","A.12.4.1","A.12.4.2","A.12.4.3","A.12.4.4","A.12.7.1","A.13.1.1","A.13.2.1","A.14.1.3","A.14.2.7","A.15.2.1","A.15.2.2","A.16.1.4","A.16.1.5","A.16.1.7","A.6.2.1","A.6.2.2"],"PCI-DSS Requirement":["Req-10.4.2.b"]}'><td style="padding-left: 95px"><a href="#rule-detail-id34393" onclick="return openRuleDetailsDialog('id34393')">Record Attempts to Alter Time Through clock_settime</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_time_settimeofday" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_time_settimeofday" id="rule-overview-leaf-id34394" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_time_rules" data-references='{"NIST SP 800-171":["3.1.7"],"NIST SP 800-53":["AU-2(d)","AU-12(c)","AC-6(9)","CM-6(a)"],"https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf":["10.6.3"],"https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf":["DE.AE-3","DE.AE-5","DE.CM-1","DE.CM-3","DE.CM-7","ID.SC-4","PR.AC-3","PR.PT-1","PR.PT-4","RS.AN-1","RS.AN-4"],"https://public.cyber.mil/stigs/cci/":["CCI-001487","CCI-000169"],"https://www.cisecurity.org/benchmark/suse_linux/":["4.1.3"],"https://www.cisecurity.org/controls/":["1","11","12","13","14","15","16","19","2","3","4","5","6","7","8","9"],"FBI CJIS":["5.4.1.1"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)(ii)(A)","164.308(a)(5)(ii)(C)","164.312(a)(2)(i)","164.312(b)","164.312(d)","164.312(e)"],"https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu":["SR 1.13","SR 2.10","SR 2.11","SR 2.12","SR 2.6","SR 2.8","SR 2.9","SR 3.1","SR 3.5","SR 3.8","SR 4.1","SR 4.3","SR 5.1","SR 5.2","SR 5.3","SR 6.1","SR 6.2","SR 7.1","SR 7.6"],"https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat":["4.2.3.10","4.3.2.6.7","4.3.3.3.9","4.3.3.5.8","4.3.3.6.6","4.3.4.4.7","4.3.4.5.6","4.3.4.5.7","4.3.4.5.8","4.4.2.1","4.4.2.2","4.4.2.4"],"https://www.isaca.org/resources/cobit":["APO10.01","APO10.03","APO10.04","APO10.05","APO11.04","APO12.06","APO13.01","BAI03.05","BAI08.02","DSS01.03","DSS01.04","DSS02.02","DSS02.04","DSS02.07","DSS03.01","DSS03.05","DSS05.02","DSS05.03","DSS05.04","DSS05.05","DSS05.07","MEA01.01","MEA01.02","MEA01.03","MEA01.04","MEA01.05","MEA02.01"],"ISO 27001-2013":["A.11.2.6","A.12.4.1","A.12.4.2","A.12.4.3","A.12.4.4","A.12.7.1","A.13.1.1","A.13.2.1","A.14.1.3","A.14.2.7","A.15.2.1","A.15.2.2","A.16.1.4","A.16.1.5","A.16.1.7","A.6.2.1","A.6.2.2"],"PCI-DSS Requirement":["Req-10.4.2.b"]}'><td style="padding-left: 95px"><a href="#rule-detail-id34394" onclick="return openRuleDetailsDialog('id34394')">Record attempts to alter time through settimeofday</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_time_stime" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_time_stime" id="rule-overview-leaf-id34395" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_time_rules" data-references='{"NIST SP 800-171":["3.1.7"],"NIST SP 800-53":["AU-2(d)","AU-12(c)","AC-6(9)","CM-6(a)"],"ANSSI":["BP28(R73)"],"https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf":["10.6.3"],"https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf":["DE.AE-3","DE.AE-5","DE.CM-1","DE.CM-3","DE.CM-7","ID.SC-4","PR.AC-3","PR.PT-1","PR.PT-4","RS.AN-1","RS.AN-4"],"https://public.cyber.mil/stigs/cci/":["CCI-001487","CCI-000169"],"https://www.cisecurity.org/benchmark/suse_linux/":["4.1.3"],"https://www.cisecurity.org/controls/":["1","11","12","13","14","15","16","19","2","3","4","5","6","7","8","9"],"FBI CJIS":["5.4.1.1"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)(ii)(A)","164.308(a)(5)(ii)(C)","164.312(a)(2)(i)","164.312(b)","164.312(d)","164.312(e)"],"https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu":["SR 1.13","SR 2.10","SR 2.11","SR 2.12","SR 2.6","SR 2.8","SR 2.9","SR 3.1","SR 3.5","SR 3.8","SR 4.1","SR 4.3","SR 5.1","SR 5.2","SR 5.3","SR 6.1","SR 6.2","SR 7.1","SR 7.6"],"https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat":["4.2.3.10","4.3.2.6.7","4.3.3.3.9","4.3.3.5.8","4.3.3.6.6","4.3.4.4.7","4.3.4.5.6","4.3.4.5.7","4.3.4.5.8","4.4.2.1","4.4.2.2","4.4.2.4"],"https://www.isaca.org/resources/cobit":["APO10.01","APO10.03","APO10.04","APO10.05","APO11.04","APO12.06","APO13.01","BAI03.05","BAI08.02","DSS01.03","DSS01.04","DSS02.02","DSS02.04","DSS02.07","DSS03.01","DSS03.05","DSS05.02","DSS05.03","DSS05.04","DSS05.05","DSS05.07","MEA01.01","MEA01.02","MEA01.03","MEA01.04","MEA01.05","MEA02.01"],"ISO 27001-2013":["A.11.2.6","A.12.4.1","A.12.4.2","A.12.4.3","A.12.4.4","A.12.7.1","A.13.1.1","A.13.2.1","A.14.1.3","A.14.2.7","A.15.2.1","A.15.2.2","A.16.1.4","A.16.1.5","A.16.1.7","A.6.2.1","A.6.2.2"],"PCI-DSS Requirement":["Req-10.4.2.b"]}'><td style="padding-left: 95px"><a href="#rule-detail-id34395" onclick="return openRuleDetailsDialog('id34395')">Record Attempts to Alter Time Through stime</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_time_watch_localtime" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_time_watch_localtime" id="rule-overview-leaf-id34396" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_time_rules" data-references='{"NIST SP 800-171":["3.1.7"],"NIST SP 800-53":["AU-2(d)","AU-12(c)","AC-6(9)","CM-6(a)"],"ANSSI":["BP28(R73)"],"https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf":["10.6.3","10.6.3"],"https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf":["DE.AE-3","DE.AE-5","DE.CM-1","DE.CM-3","DE.CM-7","ID.SC-4","PR.AC-3","PR.PT-1","PR.PT-4","RS.AN-1","RS.AN-4"],"https://public.cyber.mil/stigs/cci/":["CCI-001487","CCI-000169"],"https://www.cisecurity.org/benchmark/suse_linux/":["4.1.3"],"https://www.cisecurity.org/controls/":["1","11","12","13","14","15","16","19","2","3","4","5","6","7","8","9"],"FBI CJIS":["5.4.1.1"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)(ii)(A)","164.308(a)(5)(ii)(C)","164.312(a)(2)(i)","164.312(b)","164.312(d)","164.312(e)"],"https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu":["SR 1.13","SR 2.10","SR 2.11","SR 2.12","SR 2.6","SR 2.8","SR 2.9","SR 3.1","SR 3.5","SR 3.8","SR 4.1","SR 4.3","SR 5.1","SR 5.2","SR 5.3","SR 6.1","SR 6.2","SR 7.1","SR 7.6"],"https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat":["4.2.3.10","4.3.2.6.7","4.3.3.3.9","4.3.3.5.8","4.3.3.6.6","4.3.4.4.7","4.3.4.5.6","4.3.4.5.7","4.3.4.5.8","4.4.2.1","4.4.2.2","4.4.2.4"],"https://www.isaca.org/resources/cobit":["APO10.01","APO10.03","APO10.04","APO10.05","APO11.04","APO12.06","APO13.01","BAI03.05","BAI08.02","DSS01.03","DSS01.04","DSS02.02","DSS02.04","DSS02.07","DSS03.01","DSS03.05","DSS05.02","DSS05.03","DSS05.04","DSS05.05","DSS05.07","MEA01.01","MEA01.02","MEA01.03","MEA01.04","MEA01.05","MEA02.01"],"ISO 27001-2013":["A.11.2.6","A.12.4.1","A.12.4.2","A.12.4.3","A.12.4.4","A.12.7.1","A.13.1.1","A.13.2.1","A.14.1.3","A.14.2.7","A.15.2.1","A.15.2.2","A.16.1.4","A.16.1.5","A.16.1.7","A.6.2.1","A.6.2.2"],"PCI-DSS Requirement":["Req-10.4.2.b"]}'><td style="padding-left: 95px"><a href="#rule-detail-id34396" onclick="return openRuleDetailsDialog('id34396')">Record Attempts to Alter the localtime File</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_enable_syscall_auditing" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_enable_syscall_auditing" id="rule-overview-leaf-id34397" data-tt-parent-id="xccdf_org.ssgproject.content_group_auditd_configure_rules" data-references='{"NIST SP 800-53":["CM-6(b)","CM-6.1(iv)"],"https://public.cyber.mil/stigs/cci/":["CCI-000366"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000480-GPOS-00227"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux":["SLES-15-030820"],"https://public.cyber.mil/stigs/srg-stig-tools/":["SV-234981r622137_rule"]}'><td style="padding-left: 76px"><a href="#rule-detail-id34397" onclick="return openRuleDetailsDialog('id34397')">Remove Default Configuration to Disable Syscall Auditing</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_immutable" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_immutable" id="rule-overview-leaf-id34398" data-tt-parent-id="xccdf_org.ssgproject.content_group_auditd_configure_rules" data-references='{"NIST SP 800-171":["3.3.1","3.4.3"],"NIST SP 800-53":["AC-6(9)","CM-6(a)"],"ANSSI":["BP28(R73)"],"https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf":["10.3.2"],"https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf":["DE.AE-3","DE.AE-5","ID.SC-4","PR.AC-4","PR.DS-5","PR.PT-1","RS.AN-1","RS.AN-4"],"https://public.cyber.mil/stigs/cci/":["CCI-000162","CCI-000163","CCI-000164"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000057-GPOS-00027","SRG-OS-000058-GPOS-00028","SRG-OS-000059-GPOS-00029"],"https://www.cisecurity.org/benchmark/suse_linux/":["4.1.17"],"https://www.cisecurity.org/controls/":["1","11","12","13","14","15","16","18","19","3","4","5","6","7","8"],"FBI CJIS":["5.4.1.1"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)(ii)(A)","164.308(a)(5)(ii)(C)","164.312(a)(2)(i)","164.310(a)(2)(iv)","164.312(d)","164.310(d)(2)(iii)","164.312(b)","164.312(e)"],"https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu":["SR 2.1","SR 2.10","SR 2.11","SR 2.12","SR 2.8","SR 2.9","SR 5.2","SR 6.1"],"https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat":["4.2.3.10","4.3.2.6.7","4.3.3.3.9","4.3.3.5.8","4.3.3.7.3","4.3.4.4.7","4.3.4.5.6","4.3.4.5.7","4.3.4.5.8","4.4.2.1","4.4.2.2","4.4.2.4"],"https://www.isaca.org/resources/cobit":["APO01.06","APO10.01","APO10.03","APO10.04","APO10.05","APO11.04","APO12.06","BAI03.05","BAI08.02","DSS02.02","DSS02.04","DSS02.07","DSS03.01","DSS05.04","DSS05.07","DSS06.02","MEA01.01","MEA01.02","MEA01.03","MEA01.04","MEA01.05","MEA02.01"],"ISO 27001-2013":["A.10.1.1","A.11.1.4","A.11.1.5","A.11.2.1","A.12.4.1","A.12.4.2","A.12.4.3","A.12.4.4","A.12.7.1","A.13.1.1","A.13.1.3","A.13.2.1","A.13.2.3","A.13.2.4","A.14.1.2","A.14.1.3","A.15.2.1","A.15.2.2","A.16.1.4","A.16.1.5","A.16.1.7","A.6.1.2","A.7.1.1","A.7.1.2","A.7.3.1","A.8.2.2","A.8.2.3","A.9.1.1","A.9.1.2","A.9.2.3","A.9.4.1","A.9.4.4","A.9.4.5"],"PCI-DSS Requirement":["Req-10.5.2"]}'><td style="padding-left: 76px"><a href="#rule-detail-id34398" onclick="return openRuleDetailsDialog('id34398')">Make the auditd Configuration Immutable</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_mac_modification" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_mac_modification" id="rule-overview-leaf-id34399" data-tt-parent-id="xccdf_org.ssgproject.content_group_auditd_configure_rules" data-references='{"NIST SP 800-171":["3.1.8"],"NIST SP 800-53":["AU-2(d)","AU-12(c)","CM-6(a)"],"ANSSI":["BP28(R73)"],"https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf":["10.3.4"],"https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf":["DE.AE-3","DE.AE-5","DE.CM-1","DE.CM-3","DE.CM-7","ID.SC-4","PR.AC-3","PR.PT-1","PR.PT-4","RS.AN-1","RS.AN-4"],"https://www.cisecurity.org/benchmark/suse_linux/":["4.1.6"],"https://www.cisecurity.org/controls/":["1","11","12","13","14","15","16","19","2","3","4","5","6","7","8","9"],"FBI CJIS":["5.4.1.1"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)(ii)(A)","164.308(a)(5)(ii)(C)","164.312(a)(2)(i)","164.312(b)","164.312(d)","164.312(e)"],"https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu":["SR 1.13","SR 2.10","SR 2.11","SR 2.12","SR 2.6","SR 2.8","SR 2.9","SR 3.1","SR 3.5","SR 3.8","SR 4.1","SR 4.3","SR 5.1","SR 5.2","SR 5.3","SR 6.1","SR 6.2","SR 7.1","SR 7.6"],"https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat":["4.2.3.10","4.3.2.6.7","4.3.3.3.9","4.3.3.5.8","4.3.3.6.6","4.3.4.4.7","4.3.4.5.6","4.3.4.5.7","4.3.4.5.8","4.4.2.1","4.4.2.2","4.4.2.4"],"https://www.isaca.org/resources/cobit":["APO10.01","APO10.03","APO10.04","APO10.05","APO11.04","APO12.06","APO13.01","BAI03.05","BAI08.02","DSS01.03","DSS01.04","DSS02.02","DSS02.04","DSS02.07","DSS03.01","DSS03.05","DSS05.02","DSS05.03","DSS05.04","DSS05.05","DSS05.07","MEA01.01","MEA01.02","MEA01.03","MEA01.04","MEA01.05","MEA02.01"],"ISO 27001-2013":["A.11.2.6","A.12.4.1","A.12.4.2","A.12.4.3","A.12.4.4","A.12.7.1","A.13.1.1","A.13.2.1","A.14.1.3","A.14.2.7","A.15.2.1","A.15.2.2","A.16.1.4","A.16.1.5","A.16.1.7","A.6.2.1","A.6.2.2"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"],"PCI-DSS Requirement":["Req-10.5.5"]}'><td style="padding-left: 76px"><a href="#rule-detail-id34399" onclick="return openRuleDetailsDialog('id34399')">Record Events that Modify the System's Mandatory Access Controls</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_media_export" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_media_export" id="rule-overview-leaf-id34400" data-tt-parent-id="xccdf_org.ssgproject.content_group_auditd_configure_rules" data-references='{"NIST SP 800-171":["3.1.7"],"NIST SP 800-53":["AU-2(d)","AU-12(c)","AC-6(9)","CM-6(a)"],"ANSSI":["BP28(R73)"],"https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf":["10.2.1.7"],"https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf":["DE.AE-3","DE.AE-5","DE.CM-1","DE.CM-3","DE.CM-7","ID.SC-4","PR.AC-3","PR.PT-1","PR.PT-4","RS.AN-1","RS.AN-4"],"https://public.cyber.mil/stigs/cci/":["CCI-000130","CCI-000135","CCI-000169","CCI-000172","CCI-002884"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000037-GPOS-00015","SRG-OS-000042-GPOS-00020","SRG-OS-000062-GPOS-00031","SRG-OS-000392-GPOS-00172","SRG-OS-000462-GPOS-00206","SRG-OS-000471-GPOS-00215"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux":["SLES-15-030350"],"https://public.cyber.mil/stigs/srg-stig-tools/":["SV-234934r622137_rule"],"https://www.cisecurity.org/benchmark/suse_linux/":["4.1.12"],"https://www.cisecurity.org/controls/":["1","11","12","13","14","15","16","19","2","3","4","5","6","7","8","9"],"FBI CJIS":["5.4.1.1"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)(ii)(A)","164.308(a)(5)(ii)(C)","164.312(a)(2)(i)","164.312(b)","164.312(d)","164.312(e)"],"https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu":["SR 1.13","SR 2.10","SR 2.11","SR 2.12","SR 2.6","SR 2.8","SR 2.9","SR 3.1","SR 3.5","SR 3.8","SR 4.1","SR 4.3","SR 5.1","SR 5.2","SR 5.3","SR 6.1","SR 6.2","SR 7.1","SR 7.6"],"https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat":["4.2.3.10","4.3.2.6.7","4.3.3.3.9","4.3.3.5.8","4.3.3.6.6","4.3.4.4.7","4.3.4.5.6","4.3.4.5.7","4.3.4.5.8","4.4.2.1","4.4.2.2","4.4.2.4"],"https://www.isaca.org/resources/cobit":["APO10.01","APO10.03","APO10.04","APO10.05","APO11.04","APO12.06","APO13.01","BAI03.05","BAI08.02","DSS01.03","DSS01.04","DSS02.02","DSS02.04","DSS02.07","DSS03.01","DSS03.05","DSS05.02","DSS05.03","DSS05.04","DSS05.05","DSS05.07","MEA01.01","MEA01.02","MEA01.03","MEA01.04","MEA01.05","MEA02.01"],"ISO 27001-2013":["A.11.2.6","A.12.4.1","A.12.4.2","A.12.4.3","A.12.4.4","A.12.7.1","A.13.1.1","A.13.2.1","A.14.1.3","A.14.2.7","A.15.2.1","A.15.2.2","A.16.1.4","A.16.1.5","A.16.1.7","A.6.2.1","A.6.2.2"],"PCI-DSS Requirement":["Req-10.2.7"]}'><td style="padding-left: 76px"><a href="#rule-detail-id34400" onclick="return openRuleDetailsDialog('id34400')">Ensure auditd Collects Information on Exporting to Media (successful)</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_networkconfig_modification" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_networkconfig_modification" id="rule-overview-leaf-id34401" data-tt-parent-id="xccdf_org.ssgproject.content_group_auditd_configure_rules" data-references='{"NIST SP 800-171":["3.1.7"],"NIST SP 800-53":["AU-2(d)","AU-12(c)","AC-6(9)","CM-6(a)"],"ANSSI":["BP28(R73)"],"https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf":["10.3.4"],"https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf":["DE.AE-3","DE.AE-5","DE.CM-1","DE.CM-3","DE.CM-7","ID.SC-4","PR.AC-3","PR.PT-1","PR.PT-4","RS.AN-1","RS.AN-4"],"https://www.cisecurity.org/benchmark/suse_linux/":["4.1.5"],"https://www.cisecurity.org/controls/":["1","11","12","13","14","15","16","19","2","3","4","5","6","7","8","9"],"FBI CJIS":["5.4.1.1"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)(ii)(A)","164.308(a)(5)(ii)(C)","164.312(a)(2)(i)","164.312(b)","164.312(d)","164.312(e)"],"https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu":["SR 1.13","SR 2.10","SR 2.11","SR 2.12","SR 2.6","SR 2.8","SR 2.9","SR 3.1","SR 3.5","SR 3.8","SR 4.1","SR 4.3","SR 5.1","SR 5.2","SR 5.3","SR 6.1","SR 6.2","SR 7.1","SR 7.6"],"https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat":["4.2.3.10","4.3.2.6.7","4.3.3.3.9","4.3.3.5.8","4.3.3.6.6","4.3.4.4.7","4.3.4.5.6","4.3.4.5.7","4.3.4.5.8","4.4.2.1","4.4.2.2","4.4.2.4"],"https://www.isaca.org/resources/cobit":["APO10.01","APO10.03","APO10.04","APO10.05","APO11.04","APO12.06","APO13.01","BAI03.05","BAI08.02","DSS01.03","DSS01.04","DSS02.02","DSS02.04","DSS02.07","DSS03.01","DSS03.05","DSS05.02","DSS05.03","DSS05.04","DSS05.05","DSS05.07","MEA01.01","MEA01.02","MEA01.03","MEA01.04","MEA01.05","MEA02.01"],"ISO 27001-2013":["A.11.2.6","A.12.4.1","A.12.4.2","A.12.4.3","A.12.4.4","A.12.7.1","A.13.1.1","A.13.2.1","A.14.1.3","A.14.2.7","A.15.2.1","A.15.2.2","A.16.1.4","A.16.1.5","A.16.1.7","A.6.2.1","A.6.2.2"],"PCI-DSS Requirement":["Req-10.5.5"]}'><td style="padding-left: 76px"><a href="#rule-detail-id34401" onclick="return openRuleDetailsDialog('id34401')">Record Events that Modify the System's Network Environment</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_session_events" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_session_events" id="rule-overview-leaf-id34402" data-tt-parent-id="xccdf_org.ssgproject.content_group_auditd_configure_rules" data-references='{"NIST SP 800-171":["3.1.7"],"NIST SP 800-53":["AU-2(d)","AU-12(c)","CM-6(a)"],"ANSSI":["BP28(R73)"],"https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf":["10.2.1.3"],"https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf":["DE.AE-3","DE.AE-5","DE.CM-1","DE.CM-3","DE.CM-7","ID.SC-4","PR.AC-3","PR.PT-1","PR.PT-4","RS.AN-1","RS.AN-4"],"https://www.cisecurity.org/benchmark/suse_linux/":["4.1.8"],"https://www.cisecurity.org/controls/":["1","11","12","13","14","15","16","19","2","3","4","5","6","7","8","9"],"https://www.cyber.gov.au/acsc/view-all-content/ism":["0582","0584","05885","0586","0846","0957"],"FBI CJIS":["5.4.1.1"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)(ii)(A)","164.308(a)(5)(ii)(C)","164.312(a)(2)(i)","164.312(b)","164.312(d)","164.312(e)"],"https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu":["SR 1.13","SR 2.10","SR 2.11","SR 2.12","SR 2.6","SR 2.8","SR 2.9","SR 3.1","SR 3.5","SR 3.8","SR 4.1","SR 4.3","SR 5.1","SR 5.2","SR 5.3","SR 6.1","SR 6.2","SR 7.1","SR 7.6"],"https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat":["4.2.3.10","4.3.2.6.7","4.3.3.3.9","4.3.3.5.8","4.3.3.6.6","4.3.4.4.7","4.3.4.5.6","4.3.4.5.7","4.3.4.5.8","4.4.2.1","4.4.2.2","4.4.2.4"],"https://www.isaca.org/resources/cobit":["APO10.01","APO10.03","APO10.04","APO10.05","APO11.04","APO12.06","APO13.01","BAI03.05","BAI08.02","DSS01.03","DSS01.04","DSS02.02","DSS02.04","DSS02.07","DSS03.01","DSS03.05","DSS05.02","DSS05.03","DSS05.04","DSS05.05","DSS05.07","MEA01.01","MEA01.02","MEA01.03","MEA01.04","MEA01.05","MEA02.01"],"ISO 27001-2013":["A.11.2.6","A.12.4.1","A.12.4.2","A.12.4.3","A.12.4.4","A.12.7.1","A.13.1.1","A.13.2.1","A.14.1.3","A.14.2.7","A.15.2.1","A.15.2.2","A.16.1.4","A.16.1.5","A.16.1.7","A.6.2.1","A.6.2.2"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"],"PCI-DSS Requirement":["Req-10.2.3"]}'><td style="padding-left: 76px"><a href="#rule-detail-id34402" onclick="return openRuleDetailsDialog('id34402')">Record Attempts to Alter Process and Session Initiation Information</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_session_events_btmp" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_session_events_btmp" id="rule-overview-leaf-id34403" data-tt-parent-id="xccdf_org.ssgproject.content_group_auditd_configure_rules" data-references='{"NIST SP 800-53":["AU-12(c)","AU-12.1(iv)"],"https://public.cyber.mil/stigs/cci/":["CCI-000172"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000472-GPOS-00217"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux":["SLES-15-030780"],"https://public.cyber.mil/stigs/srg-stig-tools/":["SV-234977r622137_rule"]}'><td style="padding-left: 76px"><a href="#rule-detail-id34403" onclick="return openRuleDetailsDialog('id34403')">Record Attempts to Alter Process and Session Initiation Information btmp</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_session_events_utmp" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_session_events_utmp" id="rule-overview-leaf-id34404" data-tt-parent-id="xccdf_org.ssgproject.content_group_auditd_configure_rules" data-references='{"NIST SP 800-53":["AU-12(c)","AU-12.1(iv)"],"https://public.cyber.mil/stigs/cci/":["CCI-000172"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000472-GPOS-00217"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux":["SLES-15-030760"],"https://public.cyber.mil/stigs/srg-stig-tools/":["SV-234975r622137_rule"]}'><td style="padding-left: 76px"><a href="#rule-detail-id34404" onclick="return openRuleDetailsDialog('id34404')">Record Attempts to Alter Process and Session Initiation Information utmp</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_session_events_wtmp" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_session_events_wtmp" id="rule-overview-leaf-id34405" data-tt-parent-id="xccdf_org.ssgproject.content_group_auditd_configure_rules" data-references='{"NIST SP 800-53":["AU-12(c)","AU-12.1(iv)"],"https://public.cyber.mil/stigs/cci/":["CCI-000172"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000472-GPOS-00217"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux":["SLES-15-030770"],"https://public.cyber.mil/stigs/srg-stig-tools/":["SV-234976r622137_rule"]}'><td style="padding-left: 76px"><a href="#rule-detail-id34405" onclick="return openRuleDetailsDialog('id34405')">Record Attempts to Alter Process and Session Initiation Information wtmp</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_suid_privilege_function" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_suid_privilege_function" id="rule-overview-leaf-id34406" data-tt-parent-id="xccdf_org.ssgproject.content_group_auditd_configure_rules" data-references='{"NIST SP 800-53":["CM-5(1)","AU-7(a)","AU-7(b)","AU-8(b)","AU-12(3)","AC-6(9)"],"https://public.cyber.mil/stigs/cci/":["CCI-001814","CCI-001882","CCI-001889","CCI-001880","CCI-001881","CCI-001878","CCI-001879","CCI-001875","CCI-001877","CCI-001914","CCI-002233","CCI-002234"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=application-servers":["SRG-APP-000343-CTR-000780","SRG-APP-000381-CTR-000905"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000326-GPOS-00126","SRG-OS-000327-GPOS-00127"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux":["SLES-15-030640"],"https://public.cyber.mil/stigs/srg-stig-tools/":["SV-234963r622137_rule"]}'><td style="padding-left: 76px"><a href="#rule-detail-id34406" onclick="return openRuleDetailsDialog('id34406')">Record Events When Privileged Executables Are Run</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_sysadmin_actions" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_sysadmin_actions" id="rule-overview-leaf-id34407" data-tt-parent-id="xccdf_org.ssgproject.content_group_auditd_configure_rules" data-references='{"NIST SP 800-171":["3.1.7"],"NIST SP 800-53":["AU-3","AU-3.1","AU-12(a)","AU-12.1(ii)","AU-12.1(iv)","MA-4(1)(a)"],"ANSSI":["BP28(R73)"],"https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf":["10.2.1.5","10.2.2"],"https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf":["DE.AE-3","DE.AE-5","DE.CM-1","DE.CM-3","DE.CM-7","ID.SC-4","PR.AC-1","PR.AC-3","PR.AC-4","PR.AC-6","PR.PT-1","PR.PT-4","RS.AN-1","RS.AN-4"],"https://public.cyber.mil/stigs/cci/":["CCI-000126","CCI-000130","CCI-000135","CCI-000169","CCI-000172","CCI-002884"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=application-servers":["SRG-APP-000026-CTR-000070","SRG-APP-000027-CTR-000075","SRG-APP-000028-CTR-000080","SRG-APP-000291-CTR-000675","SRG-APP-000292-CTR-000680","SRG-APP-000293-CTR-000685","SRG-APP-000294-CTR-000690","SRG-APP-000319-CTR-000745","SRG-APP-000320-CTR-000750","SRG-APP-000509-CTR-001305"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000004-GPOS-00004","SRG-OS-000037-GPOS-00015","SRG-OS-000042-GPOS-00020","SRG-OS-000062-GPOS-00031","SRG-OS-000304-GPOS-00121","SRG-OS-000392-GPOS-00172","SRG-OS-000462-GPOS-00206","SRG-OS-000470-GPOS-00214","SRG-OS-000471-GPOS-00215","SRG-OS-000239-GPOS-00089","SRG-OS-000240-GPOS-00090","SRG-OS-000241-GPOS-00091","SRG-OS-000303-GPOS-00120","SRG-OS-000304-GPOS-00121","SRG-OS-000466-GPOS-00210","SRG-OS-000476-GPOS-00221"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux":["SLES-15-030140"],"https://public.cyber.mil/stigs/srg-stig-tools/":["SV-234913r622137_rule"],"https://www.cisecurity.org/benchmark/suse_linux/":["4.1.14","4.1.15"],"https://www.cisecurity.org/controls/":["1","11","12","13","14","15","16","18","19","2","3","4","5","6","7","8","9"],"FBI CJIS":["5.4.1.1"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)(ii)(A)","164.308(a)(5)(ii)(C)","164.312(a)(2)(i)","164.312(b)","164.312(d)","164.312(e)"],"https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu":["SR 1.1","SR 1.13","SR 1.2","SR 1.3","SR 1.4","SR 1.5","SR 1.7","SR 1.8","SR 1.9","SR 2.1","SR 2.10","SR 2.11","SR 2.12","SR 2.6","SR 2.8","SR 2.9","SR 3.1","SR 3.5","SR 3.8","SR 4.1","SR 4.3","SR 5.1","SR 5.2","SR 5.3","SR 6.1","SR 6.2","SR 7.1","SR 7.6"],"https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat":["4.2.3.10","4.3.2.6.7","4.3.3.2.2","4.3.3.3.9","4.3.3.5.1","4.3.3.5.2","4.3.3.5.8","4.3.3.6.6","4.3.3.7.2","4.3.3.7.3","4.3.3.7.4","4.3.4.4.7","4.3.4.5.6","4.3.4.5.7","4.3.4.5.8","4.4.2.1","4.4.2.2","4.4.2.4"],"https://www.isaca.org/resources/cobit":["APO10.01","APO10.03","APO10.04","APO10.05","APO11.04","APO12.06","APO13.01","BAI03.05","BAI08.02","DSS01.03","DSS01.04","DSS02.02","DSS02.04","DSS02.07","DSS03.01","DSS03.05","DSS05.02","DSS05.03","DSS05.04","DSS05.05","DSS05.07","DSS06.03","MEA01.01","MEA01.02","MEA01.03","MEA01.04","MEA01.05","MEA02.01"],"ISO 27001-2013":["A.11.2.6","A.12.4.1","A.12.4.2","A.12.4.3","A.12.4.4","A.12.7.1","A.13.1.1","A.13.2.1","A.14.1.3","A.14.2.7","A.15.2.1","A.15.2.2","A.16.1.4","A.16.1.5","A.16.1.7","A.6.1.2","A.6.2.1","A.6.2.2","A.7.1.1","A.9.1.2","A.9.2.1","A.9.2.2","A.9.2.3","A.9.2.4","A.9.2.6","A.9.3.1","A.9.4.1","A.9.4.2","A.9.4.3","A.9.4.4","A.9.4.5"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"],"PCI-DSS Requirement":["Req-10.2.2","Req-10.2.5.b"]}'><td style="padding-left: 76px"><a href="#rule-detail-id34407" onclick="return openRuleDetailsDialog('id34407')">Ensure auditd Collects System Administrator Actions</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_usergroup_modification_group" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_usergroup_modification_group" id="rule-overview-leaf-id34408" data-tt-parent-id="xccdf_org.ssgproject.content_group_auditd_configure_rules" data-references='{"NIST SP 800-171":["3.1.7"],"NIST SP 800-53":["AC-2(4)","AU-2(d)","AU-12(c)","AC-6(9)","CM-6(a)"],"ANSSI":["BP28(R73)"],"https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf":["10.2.1.5"],"https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf":["DE.AE-3","DE.AE-5","DE.CM-1","DE.CM-3","DE.CM-7","ID.SC-4","PR.AC-1","PR.AC-3","PR.AC-4","PR.AC-6","PR.PT-1","PR.PT-4","RS.AN-1","RS.AN-4"],"https://public.cyber.mil/stigs/cci/":["CCI-000018","CCI-000130","CCI-000135","CCI-000169","CCI-000172","CCI-001403","CCI-001404","CCI-001405","CCI-001683","CCI-001684","CCI-001685","CCI-001686","CCI-002130","CCI-002132","CCI-002884"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000004-GPOS-00004","SRG-OS-000037-GPOS-00015","SRG-OS-000042-GPOS-00020","SRG-OS-000062-GPOS-00031","SRG-OS-000304-GPOS-00121","SRG-OS-000392-GPOS-00172","SRG-OS-000462-GPOS-00206","SRG-OS-000470-GPOS-00214","SRG-OS-000471-GPOS-00215","SRG-OS-000239-GPOS-00089","SRG-OS-000240-GPOS-00090","SRG-OS-000241-GPOS-00091","SRG-OS-000303-GPOS-00120","SRG-OS-000466-GPOS-00210","SRG-OS-000476-GPOS-00221"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux":["SLES-15-030010"],"https://public.cyber.mil/stigs/srg-stig-tools/":["SV-234900r622137_rule"],"https://www.cisecurity.org/benchmark/suse_linux/":["4.1.4"],"https://www.cisecurity.org/controls/":["1","11","12","13","14","15","16","18","19","2","3","4","5","6","7","8","9"],"FBI CJIS":["5.4.1.1"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)(ii)(A)","164.308(a)(5)(ii)(C)","164.312(a)(2)(i)","164.312(b)","164.312(d)","164.312(e)"],"https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu":["SR 1.1","SR 1.13","SR 1.2","SR 1.3","SR 1.4","SR 1.5","SR 1.7","SR 1.8","SR 1.9","SR 2.1","SR 2.10","SR 2.11","SR 2.12","SR 2.6","SR 2.8","SR 2.9","SR 3.1","SR 3.5","SR 3.8","SR 4.1","SR 4.3","SR 5.1","SR 5.2","SR 5.3","SR 6.1","SR 6.2","SR 7.1","SR 7.6"],"https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat":["4.2.3.10","4.3.2.6.7","4.3.3.2.2","4.3.3.3.9","4.3.3.5.1","4.3.3.5.2","4.3.3.5.8","4.3.3.6.6","4.3.3.7.2","4.3.3.7.3","4.3.3.7.4","4.3.4.4.7","4.3.4.5.6","4.3.4.5.7","4.3.4.5.8","4.4.2.1","4.4.2.2","4.4.2.4"],"https://www.isaca.org/resources/cobit":["APO10.01","APO10.03","APO10.04","APO10.05","APO11.04","APO12.06","APO13.01","BAI03.05","BAI08.02","DSS01.03","DSS01.04","DSS02.02","DSS02.04","DSS02.07","DSS03.01","DSS03.05","DSS05.02","DSS05.03","DSS05.04","DSS05.05","DSS05.07","DSS06.03","MEA01.01","MEA01.02","MEA01.03","MEA01.04","MEA01.05","MEA02.01"],"ISO 27001-2013":["A.11.2.6","A.12.4.1","A.12.4.2","A.12.4.3","A.12.4.4","A.12.7.1","A.13.1.1","A.13.2.1","A.14.1.3","A.14.2.7","A.15.2.1","A.15.2.2","A.16.1.4","A.16.1.5","A.16.1.7","A.6.1.2","A.6.2.1","A.6.2.2","A.7.1.1","A.9.1.2","A.9.2.1","A.9.2.2","A.9.2.3","A.9.2.4","A.9.2.6","A.9.3.1","A.9.4.1","A.9.4.2","A.9.4.3","A.9.4.4","A.9.4.5"],"https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx":["CIP-004-6 R2.2.2","CIP-004-6 R2.2.3","CIP-007-3 R.1.3","CIP-007-3 R5","CIP-007-3 R5.1.1","CIP-007-3 R5.1.3","CIP-007-3 R5.2.1","CIP-007-3 R5.2.3"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"],"PCI-DSS Requirement":["Req-10.2.5"]}'><td style="padding-left: 76px"><a href="#rule-detail-id34408" onclick="return openRuleDetailsDialog('id34408')">Record Events that Modify User/Group Information - /etc/group</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_usergroup_modification_gshadow" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_usergroup_modification_gshadow" id="rule-overview-leaf-id34409" data-tt-parent-id="xccdf_org.ssgproject.content_group_auditd_configure_rules" data-references='{"NIST SP 800-171":["3.1.7"],"NIST SP 800-53":["AC-2(4)","AU-2(d)","AU-12(c)","AC-6(9)","CM-6(a)"],"ANSSI":["BP28(R73)"],"https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf":["10.2.1.5"],"https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf":["DE.AE-3","DE.AE-5","DE.CM-1","DE.CM-3","DE.CM-7","ID.SC-4","PR.AC-1","PR.AC-3","PR.AC-4","PR.AC-6","PR.PT-1","PR.PT-4","RS.AN-1","RS.AN-4"],"https://public.cyber.mil/stigs/cci/":["CCI-000018","CCI-000130","CCI-000135","CCI-000169","CCI-000172","CCI-001403","CCI-001404","CCI-001405","CCI-001683","CCI-001684","CCI-001685","CCI-001686","CCI-002130","CCI-002132","CCI-002884"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000004-GPOS-00004","SRG-OS-000037-GPOS-00015","SRG-OS-000042-GPOS-00020","SRG-OS-000062-GPOS-00031","SRG-OS-000304-GPOS-00121","SRG-OS-000392-GPOS-00172","SRG-OS-000462-GPOS-00206","SRG-OS-000470-GPOS-00214","SRG-OS-000471-GPOS-00215","SRG-OS-000239-GPOS-00089","SRG-OS-000240-GPOS-00090","SRG-OS-000241-GPOS-00091","SRG-OS-000303-GPOS-00120","SRG-OS-000466-GPOS-00210","SRG-OS-000476-GPOS-00221"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux":["SLES-15-030040"],"https://public.cyber.mil/stigs/srg-stig-tools/":["SV-234903r622137_rule"],"https://www.cisecurity.org/benchmark/suse_linux/":["4.1.4"],"https://www.cisecurity.org/controls/":["1","11","12","13","14","15","16","18","19","2","3","4","5","6","7","8","9"],"FBI CJIS":["5.4.1.1"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)(ii)(A)","164.308(a)(5)(ii)(C)","164.312(a)(2)(i)","164.312(b)","164.312(d)","164.312(e)"],"https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu":["SR 1.1","SR 1.13","SR 1.2","SR 1.3","SR 1.4","SR 1.5","SR 1.7","SR 1.8","SR 1.9","SR 2.1","SR 2.10","SR 2.11","SR 2.12","SR 2.6","SR 2.8","SR 2.9","SR 3.1","SR 3.5","SR 3.8","SR 4.1","SR 4.3","SR 5.1","SR 5.2","SR 5.3","SR 6.1","SR 6.2","SR 7.1","SR 7.6"],"https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat":["4.2.3.10","4.3.2.6.7","4.3.3.2.2","4.3.3.3.9","4.3.3.5.1","4.3.3.5.2","4.3.3.5.8","4.3.3.6.6","4.3.3.7.2","4.3.3.7.3","4.3.3.7.4","4.3.4.4.7","4.3.4.5.6","4.3.4.5.7","4.3.4.5.8","4.4.2.1","4.4.2.2","4.4.2.4"],"https://www.isaca.org/resources/cobit":["APO10.01","APO10.03","APO10.04","APO10.05","APO11.04","APO12.06","APO13.01","BAI03.05","BAI08.02","DSS01.03","DSS01.04","DSS02.02","DSS02.04","DSS02.07","DSS03.01","DSS03.05","DSS05.02","DSS05.03","DSS05.04","DSS05.05","DSS05.07","DSS06.03","MEA01.01","MEA01.02","MEA01.03","MEA01.04","MEA01.05","MEA02.01"],"ISO 27001-2013":["A.11.2.6","A.12.4.1","A.12.4.2","A.12.4.3","A.12.4.4","A.12.7.1","A.13.1.1","A.13.2.1","A.14.1.3","A.14.2.7","A.15.2.1","A.15.2.2","A.16.1.4","A.16.1.5","A.16.1.7","A.6.1.2","A.6.2.1","A.6.2.2","A.7.1.1","A.9.1.2","A.9.2.1","A.9.2.2","A.9.2.3","A.9.2.4","A.9.2.6","A.9.3.1","A.9.4.1","A.9.4.2","A.9.4.3","A.9.4.4","A.9.4.5"],"https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx":["CIP-004-6 R2.2.2","CIP-004-6 R2.2.3","CIP-007-3 R.1.3","CIP-007-3 R5","CIP-007-3 R5.1.1","CIP-007-3 R5.1.3","CIP-007-3 R5.2.1","CIP-007-3 R5.2.3"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"],"PCI-DSS Requirement":["Req-10.2.5"]}'><td style="padding-left: 76px"><a href="#rule-detail-id34409" onclick="return openRuleDetailsDialog('id34409')">Record Events that Modify User/Group Information - /etc/gshadow</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_usergroup_modification_opasswd" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_usergroup_modification_opasswd" id="rule-overview-leaf-id34410" data-tt-parent-id="xccdf_org.ssgproject.content_group_auditd_configure_rules" data-references='{"NIST SP 800-171":["3.1.7"],"NIST SP 800-53":["AC-2(4).1(i&amp;ii)","AU-12.1(iv)"],"ANSSI":["BP28(R73)"],"https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf":["10.2.1.5"],"https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf":["DE.AE-3","DE.AE-5","DE.CM-1","DE.CM-3","DE.CM-7","ID.SC-4","PR.AC-1","PR.AC-3","PR.AC-4","PR.AC-6","PR.PT-1","PR.PT-4","RS.AN-1","RS.AN-4"],"https://public.cyber.mil/stigs/cci/":["CCI-000018","CCI-000130","CCI-000135","CCI-000169","CCI-000172","CCI-001403","CCI-001404","CCI-001405","CCI-001683","CCI-001684","CCI-001685","CCI-001686","CCI-002130","CCI-002132","CCI-002884"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000004-GPOS-00004","SRG-OS-000037-GPOS-00015","SRG-OS-000042-GPOS-00020","SRG-OS-000062-GPOS-00031","SRG-OS-000304-GPOS-00121","SRG-OS-000392-GPOS-00172","SRG-OS-000462-GPOS-00206","SRG-OS-000470-GPOS-00214","SRG-OS-000471-GPOS-00215","SRG-OS-000239-GPOS-00089","SRG-OS-000240-GPOS-00090","SRG-OS-000241-GPOS-00091","SRG-OS-000303-GPOS-00120","SRG-OS-000466-GPOS-00210","SRG-OS-000476-GPOS-00221"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux":["SLES-15-030030"],"https://public.cyber.mil/stigs/srg-stig-tools/":["SV-234902r622137_rule"],"https://www.cisecurity.org/benchmark/suse_linux/":["4.1.4"],"https://www.cisecurity.org/controls/":["1","11","12","13","14","15","16","18","19","2","3","4","5","6","7","8","9"],"FBI CJIS":["5.4.1.1"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)(ii)(A)","164.308(a)(5)(ii)(C)","164.312(a)(2)(i)","164.312(b)","164.312(d)","164.312(e)"],"https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu":["SR 1.1","SR 1.13","SR 1.2","SR 1.3","SR 1.4","SR 1.5","SR 1.7","SR 1.8","SR 1.9","SR 2.1","SR 2.10","SR 2.11","SR 2.12","SR 2.6","SR 2.8","SR 2.9","SR 3.1","SR 3.5","SR 3.8","SR 4.1","SR 4.3","SR 5.1","SR 5.2","SR 5.3","SR 6.1","SR 6.2","SR 7.1","SR 7.6"],"https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat":["4.2.3.10","4.3.2.6.7","4.3.3.2.2","4.3.3.3.9","4.3.3.5.1","4.3.3.5.2","4.3.3.5.8","4.3.3.6.6","4.3.3.7.2","4.3.3.7.3","4.3.3.7.4","4.3.4.4.7","4.3.4.5.6","4.3.4.5.7","4.3.4.5.8","4.4.2.1","4.4.2.2","4.4.2.4"],"https://www.isaca.org/resources/cobit":["APO10.01","APO10.03","APO10.04","APO10.05","APO11.04","APO12.06","APO13.01","BAI03.05","BAI08.02","DSS01.03","DSS01.04","DSS02.02","DSS02.04","DSS02.07","DSS03.01","DSS03.05","DSS05.02","DSS05.03","DSS05.04","DSS05.05","DSS05.07","DSS06.03","MEA01.01","MEA01.02","MEA01.03","MEA01.04","MEA01.05","MEA02.01"],"ISO 27001-2013":["A.11.2.6","A.12.4.1","A.12.4.2","A.12.4.3","A.12.4.4","A.12.7.1","A.13.1.1","A.13.2.1","A.14.1.3","A.14.2.7","A.15.2.1","A.15.2.2","A.16.1.4","A.16.1.5","A.16.1.7","A.6.1.2","A.6.2.1","A.6.2.2","A.7.1.1","A.9.1.2","A.9.2.1","A.9.2.2","A.9.2.3","A.9.2.4","A.9.2.6","A.9.3.1","A.9.4.1","A.9.4.2","A.9.4.3","A.9.4.4","A.9.4.5"],"https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx":["CIP-004-6 R2.2.2","CIP-004-6 R2.2.3","CIP-007-3 R.1.3","CIP-007-3 R5","CIP-007-3 R5.1.1","CIP-007-3 R5.1.3","CIP-007-3 R5.2.1","CIP-007-3 R5.2.3"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"],"PCI-DSS Requirement":["Req-10.2.5"]}'><td style="padding-left: 76px"><a href="#rule-detail-id34410" onclick="return openRuleDetailsDialog('id34410')">Record Events that Modify User/Group Information - /etc/security/opasswd</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_usergroup_modification_passwd" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_usergroup_modification_passwd" id="rule-overview-leaf-id34411" data-tt-parent-id="xccdf_org.ssgproject.content_group_auditd_configure_rules" data-references='{"NIST SP 800-171":["3.1.7"],"NIST SP 800-53":["AC-2(4)","AU-2(d)","AU-12(c)","AC-6(9)","CM-6(a)"],"ANSSI":["BP28(R73)"],"https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf":["10.2.1.5"],"https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf":["DE.AE-3","DE.AE-5","DE.CM-1","DE.CM-3","DE.CM-7","ID.SC-4","PR.AC-1","PR.AC-3","PR.AC-4","PR.AC-6","PR.PT-1","PR.PT-4","RS.AN-1","RS.AN-4"],"https://public.cyber.mil/stigs/cci/":["CCI-000018","CCI-000130","CCI-000135","CCI-000169","CCI-000172","CCI-001403","CCI-001404","CCI-001405","CCI-001683","CCI-001684","CCI-001685","CCI-001686","CCI-002130","CCI-002132","CCI-002884"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000004-GPOS-00004","SRG-OS-000037-GPOS-00015","SRG-OS-000042-GPOS-00020","SRG-OS-000062-GPOS-00031","SRG-OS-000304-GPOS-00121","SRG-OS-000392-GPOS-00172","SRG-OS-000462-GPOS-00206","SRG-OS-000470-GPOS-00214","SRG-OS-000471-GPOS-00215","SRG-OS-000239-GPOS-00089","SRG-OS-000240-GPOS-00090","SRG-OS-000241-GPOS-00091","SRG-OS-000303-GPOS-00120","SRG-OS-000304-GPOS-00121","SRG-OS-000466-GPOS-00210","SRG-OS-000476-GPOS-00221","SRG-OS-000274-GPOS-00104","SRG-OS-000275-GPOS-00105","SRG-OS-000276-GPOS-00106","SRG-OS-000277-GPOS-00107"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux":["SLES-15-030000"],"https://public.cyber.mil/stigs/srg-stig-tools/":["SV-234899r622137_rule"],"https://www.cisecurity.org/benchmark/suse_linux/":["4.1.4"],"https://www.cisecurity.org/controls/":["1","11","12","13","14","15","16","18","19","2","3","4","5","6","7","8","9"],"FBI CJIS":["5.4.1.1"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)(ii)(A)","164.308(a)(5)(ii)(C)","164.312(a)(2)(i)","164.312(b)","164.312(d)","164.312(e)"],"https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu":["SR 1.1","SR 1.13","SR 1.2","SR 1.3","SR 1.4","SR 1.5","SR 1.7","SR 1.8","SR 1.9","SR 2.1","SR 2.10","SR 2.11","SR 2.12","SR 2.6","SR 2.8","SR 2.9","SR 3.1","SR 3.5","SR 3.8","SR 4.1","SR 4.3","SR 5.1","SR 5.2","SR 5.3","SR 6.1","SR 6.2","SR 7.1","SR 7.6"],"https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat":["4.2.3.10","4.3.2.6.7","4.3.3.2.2","4.3.3.3.9","4.3.3.5.1","4.3.3.5.2","4.3.3.5.8","4.3.3.6.6","4.3.3.7.2","4.3.3.7.3","4.3.3.7.4","4.3.4.4.7","4.3.4.5.6","4.3.4.5.7","4.3.4.5.8","4.4.2.1","4.4.2.2","4.4.2.4"],"https://www.isaca.org/resources/cobit":["APO10.01","APO10.03","APO10.04","APO10.05","APO11.04","APO12.06","APO13.01","BAI03.05","BAI08.02","DSS01.03","DSS01.04","DSS02.02","DSS02.04","DSS02.07","DSS03.01","DSS03.05","DSS05.02","DSS05.03","DSS05.04","DSS05.05","DSS05.07","DSS06.03","MEA01.01","MEA01.02","MEA01.03","MEA01.04","MEA01.05","MEA02.01"],"ISO 27001-2013":["A.11.2.6","A.12.4.1","A.12.4.2","A.12.4.3","A.12.4.4","A.12.7.1","A.13.1.1","A.13.2.1","A.14.1.3","A.14.2.7","A.15.2.1","A.15.2.2","A.16.1.4","A.16.1.5","A.16.1.7","A.6.1.2","A.6.2.1","A.6.2.2","A.7.1.1","A.9.1.2","A.9.2.1","A.9.2.2","A.9.2.3","A.9.2.4","A.9.2.6","A.9.3.1","A.9.4.1","A.9.4.2","A.9.4.3","A.9.4.4","A.9.4.5"],"https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx":["CIP-004-6 R2.2.2","CIP-004-6 R2.2.3","CIP-007-3 R.1.3","CIP-007-3 R5","CIP-007-3 R5.1.1","CIP-007-3 R5.1.3","CIP-007-3 R5.2.1","CIP-007-3 R5.2.3"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"],"PCI-DSS Requirement":["Req-10.2.5"]}'><td style="padding-left: 76px"><a href="#rule-detail-id34411" onclick="return openRuleDetailsDialog('id34411')">Record Events that Modify User/Group Information - /etc/passwd</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_usergroup_modification_shadow" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_usergroup_modification_shadow" id="rule-overview-leaf-id34412" data-tt-parent-id="xccdf_org.ssgproject.content_group_auditd_configure_rules" data-references='{"NIST SP 800-171":["3.1.7"],"NIST SP 800-53":["AC-2(4)","AU-2(d)","AU-12(c)","AC-6(9)","CM-6(a)"],"ANSSI":["BP28(R73)"],"https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf":["10.2.1.5"],"https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf":["DE.AE-3","DE.AE-5","DE.CM-1","DE.CM-3","DE.CM-7","ID.SC-4","PR.AC-1","PR.AC-3","PR.AC-4","PR.AC-6","PR.PT-1","PR.PT-4","RS.AN-1","RS.AN-4"],"https://public.cyber.mil/stigs/cci/":["CCI-000018","CCI-000130","CCI-000135","CCI-000169","CCI-000172","CCI-001403","CCI-001404","CCI-001405","CCI-001683","CCI-001684","CCI-001685","CCI-001686","CCI-002130","CCI-002132","CCI-002884"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000004-GPOS-00004","SRG-OS-000037-GPOS-00015","SRG-OS-000042-GPOS-00020","SRG-OS-000062-GPOS-00031","SRG-OS-000304-GPOS-00121","SRG-OS-000392-GPOS-00172","SRG-OS-000462-GPOS-00206","SRG-OS-000470-GPOS-00214","SRG-OS-000471-GPOS-00215","SRG-OS-000239-GPOS-00089","SRG-OS-000240-GPOS-00090","SRG-OS-000241-GPOS-00091","SRG-OS-000303-GPOS-00120","SRG-OS-000466-GPOS-00210","SRG-OS-000476-GPOS-00221"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux":["SLES-15-030020"],"https://public.cyber.mil/stigs/srg-stig-tools/":["SV-234901r622137_rule"],"https://www.cisecurity.org/benchmark/suse_linux/":["4.1.4"],"https://www.cisecurity.org/controls/":["1","11","12","13","14","15","16","18","19","2","3","4","5","6","7","8","9"],"FBI CJIS":["5.4.1.1"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)(ii)(A)","164.308(a)(5)(ii)(C)","164.312(a)(2)(i)","164.312(b)","164.312(d)","164.312(e)"],"https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu":["SR 1.1","SR 1.13","SR 1.2","SR 1.3","SR 1.4","SR 1.5","SR 1.7","SR 1.8","SR 1.9","SR 2.1","SR 2.10","SR 2.11","SR 2.12","SR 2.6","SR 2.8","SR 2.9","SR 3.1","SR 3.5","SR 3.8","SR 4.1","SR 4.3","SR 5.1","SR 5.2","SR 5.3","SR 6.1","SR 6.2","SR 7.1","SR 7.6"],"https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat":["4.2.3.10","4.3.2.6.7","4.3.3.2.2","4.3.3.3.9","4.3.3.5.1","4.3.3.5.2","4.3.3.5.8","4.3.3.6.6","4.3.3.7.2","4.3.3.7.3","4.3.3.7.4","4.3.4.4.7","4.3.4.5.6","4.3.4.5.7","4.3.4.5.8","4.4.2.1","4.4.2.2","4.4.2.4"],"https://www.isaca.org/resources/cobit":["APO10.01","APO10.03","APO10.04","APO10.05","APO11.04","APO12.06","APO13.01","BAI03.05","BAI08.02","DSS01.03","DSS01.04","DSS02.02","DSS02.04","DSS02.07","DSS03.01","DSS03.05","DSS05.02","DSS05.03","DSS05.04","DSS05.05","DSS05.07","DSS06.03","MEA01.01","MEA01.02","MEA01.03","MEA01.04","MEA01.05","MEA02.01"],"ISO 27001-2013":["A.11.2.6","A.12.4.1","A.12.4.2","A.12.4.3","A.12.4.4","A.12.7.1","A.13.1.1","A.13.2.1","A.14.1.3","A.14.2.7","A.15.2.1","A.15.2.2","A.16.1.4","A.16.1.5","A.16.1.7","A.6.1.2","A.6.2.1","A.6.2.2","A.7.1.1","A.9.1.2","A.9.2.1","A.9.2.2","A.9.2.3","A.9.2.4","A.9.2.6","A.9.3.1","A.9.4.1","A.9.4.2","A.9.4.3","A.9.4.4","A.9.4.5"],"https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx":["CIP-004-6 R2.2.2","CIP-004-6 R2.2.3","CIP-007-3 R.1.3","CIP-007-3 R5","CIP-007-3 R5.1.1","CIP-007-3 R5.1.3","CIP-007-3 R5.2.1","CIP-007-3 R5.2.3"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"],"PCI-DSS Requirement":["Req-10.2.5"]}'><td style="padding-left: 76px"><a href="#rule-detail-id34412" onclick="return openRuleDetailsDialog('id34412')">Record Events that Modify User/Group Information - /etc/shadow</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_configure_auditd_data_retention" class="rule-overview-inner-node rule-overview-inner-node-id-xccdf_org.ssgproject.content_group_configure_auditd_data_retention" data-tt-parent-id="xccdf_org.ssgproject.content_group_auditing"><td colspan="3" style="padding-left: 57px">Configure auditd Data Retention<script>$(document).ready(function(){$('.treetable').treetable("collapseNode","xccdf_org.ssgproject.content_group_configure_auditd_data_retention");});</script></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_auditd_audispd_encrypt_sent_records" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_auditd_audispd_encrypt_sent_records" id="rule-overview-leaf-id34413" data-tt-parent-id="xccdf_org.ssgproject.content_group_configure_auditd_data_retention" data-references='{"NIST SP 800-53":["AU-9(3)","CM-6(a)"],"https://public.cyber.mil/stigs/cci/":["CCI-001851"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000342-GPOS-00133","SRG-OS-000479-GPOS-00224"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux":["SLES-15-030680"],"https://public.cyber.mil/stigs/srg-stig-tools/":["SV-234967r622137_rule"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"]}'><td style="padding-left: 76px"><a href="#rule-detail-id34413" onclick="return openRuleDetailsDialog('id34413')">Encrypt Audit Records Sent With audispd Plugin</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_auditd_data_disk_full_action" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_auditd_data_disk_full_action" id="rule-overview-leaf-id34414" data-tt-parent-id="xccdf_org.ssgproject.content_group_configure_auditd_data_retention" data-references='{"NIST SP 800-53":["AU-5(b)","AU-5(2)","AU-5(1)","AU-5(4)","CM-6(a)"],"https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf":["DE.AE-3","DE.AE-5","PR.DS-4","PR.PT-1","RS.AN-1","RS.AN-4"],"https://public.cyber.mil/stigs/cci/":["CCI-000140"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000047-GPOS-00023"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux":["SLES-15-030590"],"https://public.cyber.mil/stigs/srg-stig-tools/":["SV-234958r622137_rule"],"https://www.cisecurity.org/controls/":["1","11","12","13","14","15","16","19","2","3","4","5","6","7","8"],"https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu":["SR 2.10","SR 2.11","SR 2.12","SR 2.8","SR 2.9","SR 6.1","SR 7.1","SR 7.2"],"https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat":["4.2.3.10","4.3.3.3.9","4.3.3.5.8","4.3.4.4.7","4.3.4.5.6","4.3.4.5.7","4.3.4.5.8","4.4.2.1","4.4.2.2","4.4.2.4"],"https://www.isaca.org/resources/cobit":["APO11.04","APO12.06","APO13.01","BAI03.05","BAI04.04","BAI08.02","DSS02.02","DSS02.04","DSS02.07","DSS03.01","DSS05.04","DSS05.07","MEA02.01"],"ISO 27001-2013":["A.12.1.3","A.12.4.1","A.12.4.2","A.12.4.3","A.12.4.4","A.12.7.1","A.16.1.4","A.16.1.5","A.16.1.7","A.17.2.1"]}'><td style="padding-left: 76px"><a href="#rule-detail-id34414" onclick="return openRuleDetailsDialog('id34414')">Configure auditd Disk Full Action when Disk Space Is Full</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_auditd_data_retention_admin_space_left_action" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_auditd_data_retention_admin_space_left_action" id="rule-overview-leaf-id34415" data-tt-parent-id="xccdf_org.ssgproject.content_group_configure_auditd_data_retention" data-references='{"NIST SP 800-171":["3.3.1"],"NIST SP 800-53":["AU-5(b)","AU-5(2)","AU-5(1)","AU-5(4)","CM-6(a)"],"https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf":["10.5.1"],"https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf":["DE.AE-3","DE.AE-5","PR.DS-4","PR.PT-1","RS.AN-1","RS.AN-4"],"https://public.cyber.mil/stigs/cci/":["CCI-000140","CCI-001343","CCI-001855"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000343-GPOS-00134"],"https://www.cisecurity.org/benchmark/suse_linux/":["4.1.2.3"],"https://www.cisecurity.org/controls/":["1","11","12","13","14","15","16","19","2","3","4","5","6","7","8"],"FBI CJIS":["5.4.1.1"],"HIPAA":["164.312(a)(2)(ii)"],"https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu":["SR 2.10","SR 2.11","SR 2.12","SR 2.8","SR 2.9","SR 6.1","SR 7.1","SR 7.2"],"https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat":["4.2.3.10","4.3.3.3.9","4.3.3.5.8","4.3.4.4.7","4.3.4.5.6","4.3.4.5.7","4.3.4.5.8","4.4.2.1","4.4.2.2","4.4.2.4"],"https://www.isaca.org/resources/cobit":["APO11.04","APO12.06","APO13.01","BAI03.05","BAI04.04","BAI08.02","DSS02.02","DSS02.04","DSS02.07","DSS03.01","DSS05.04","DSS05.07","MEA02.01"],"ISO 27001-2013":["A.12.1.3","A.12.4.1","A.12.4.2","A.12.4.3","A.12.4.4","A.12.7.1","A.16.1.4","A.16.1.5","A.16.1.7","A.17.2.1"],"PCI-DSS Requirement":["Req-10.7"]}'><td style="padding-left: 76px"><a href="#rule-detail-id34415" onclick="return openRuleDetailsDialog('id34415')">Configure auditd admin_space_left Action on Low Disk Space</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_auditd_data_retention_max_log_file_action" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_auditd_data_retention_max_log_file_action" id="rule-overview-leaf-id34416" data-tt-parent-id="xccdf_org.ssgproject.content_group_configure_auditd_data_retention" data-references='{"NIST SP 800-53":["AU-5(b)","AU-5(2)","AU-5(1)","AU-5(4)","CM-6(a)"],"https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf":["10.5.1"],"https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf":["DE.AE-3","DE.AE-5","PR.DS-4","PR.PT-1","RS.AN-1","RS.AN-4"],"https://public.cyber.mil/stigs/cci/":["CCI-000140"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000047-GPOS-00023"],"https://www.cisecurity.org/benchmark/suse_linux/":["4.1.2.2"],"https://www.cisecurity.org/controls/":["1","11","12","13","14","15","16","19","2","3","4","5","6","7","8"],"FBI CJIS":["5.4.1.1"],"HIPAA":["164.312(a)(2)(ii)"],"https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu":["SR 2.10","SR 2.11","SR 2.12","SR 2.8","SR 2.9","SR 6.1","SR 7.1","SR 7.2"],"https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat":["4.2.3.10","4.3.3.3.9","4.3.3.5.8","4.3.4.4.7","4.3.4.5.6","4.3.4.5.7","4.3.4.5.8","4.4.2.1","4.4.2.2","4.4.2.4"],"https://www.isaca.org/resources/cobit":["APO11.04","APO12.06","APO13.01","BAI03.05","BAI04.04","BAI08.02","DSS02.02","DSS02.04","DSS02.07","DSS03.01","DSS05.04","DSS05.07","MEA02.01"],"ISO 27001-2013":["A.12.1.3","A.12.4.1","A.12.4.2","A.12.4.3","A.12.4.4","A.12.7.1","A.16.1.4","A.16.1.5","A.16.1.7","A.17.2.1"],"PCI-DSS Requirement":["Req-10.7"]}'><td style="padding-left: 76px"><a href="#rule-detail-id34416" onclick="return openRuleDetailsDialog('id34416')">Configure auditd max_log_file_action Upon Reaching Maximum Log Size</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_auditd_data_retention_space_left" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_auditd_data_retention_space_left" id="rule-overview-leaf-id34417" data-tt-parent-id="xccdf_org.ssgproject.content_group_configure_auditd_data_retention" data-references='{"NIST SP 800-53":["AU-5(b)","AU-5(2)","AU-5(1)","AU-5(4)","CM-6(a)"],"https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf":["10.5.1"],"https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf":["DE.AE-3","DE.AE-5","PR.DS-4","PR.PT-1","RS.AN-1","RS.AN-4"],"https://public.cyber.mil/stigs/cci/":["CCI-001855"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000343-GPOS-00134"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux":["SLES-15-030700"],"https://public.cyber.mil/stigs/srg-stig-tools/":["SV-234969r622137_rule"],"https://www.cisecurity.org/controls/":["1","11","12","13","14","15","16","19","2","3","4","5","6","7","8"],"https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu":["SR 2.10","SR 2.11","SR 2.12","SR 2.8","SR 2.9","SR 6.1","SR 7.1","SR 7.2"],"https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat":["4.2.3.10","4.3.3.3.9","4.3.3.5.8","4.3.4.4.7","4.3.4.5.6","4.3.4.5.7","4.3.4.5.8","4.4.2.1","4.4.2.2","4.4.2.4"],"https://www.isaca.org/resources/cobit":["APO11.04","APO12.06","APO13.01","BAI03.05","BAI04.04","BAI08.02","DSS02.02","DSS02.04","DSS02.07","DSS03.01","DSS05.04","DSS05.07","MEA02.01"],"ISO 27001-2013":["A.12.1.3","A.12.4.1","A.12.4.2","A.12.4.3","A.12.4.4","A.12.7.1","A.16.1.4","A.16.1.5","A.16.1.7","A.17.2.1"],"PCI-DSS Requirement":["Req-10.7"]}'><td style="padding-left: 76px"><a href="#rule-detail-id34417" onclick="return openRuleDetailsDialog('id34417')">Configure auditd space_left on Low Disk Space</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_auditd_data_retention_space_left_action" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_auditd_data_retention_space_left_action" id="rule-overview-leaf-id34418" data-tt-parent-id="xccdf_org.ssgproject.content_group_configure_auditd_data_retention" data-references='{"NIST SP 800-171":["3.3.1"],"NIST SP 800-53":["AU-5(b)","AU-5(2)","AU-5(1)","AU-5(4)","CM-6(a)"],"https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf":["10.5.1"],"https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf":["DE.AE-3","DE.AE-5","PR.DS-4","PR.PT-1","RS.AN-1","RS.AN-4"],"https://public.cyber.mil/stigs/cci/":["CCI-001855"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000343-GPOS-00134"],"https://www.cisecurity.org/benchmark/suse_linux/":["4.1.2.3"],"https://www.cisecurity.org/controls/":["1","11","12","13","14","15","16","19","2","3","4","5","6","7","8"],"FBI CJIS":["5.4.1.1"],"HIPAA":["164.312(a)(2)(ii)"],"https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu":["SR 2.10","SR 2.11","SR 2.12","SR 2.8","SR 2.9","SR 6.1","SR 7.1","SR 7.2"],"https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat":["4.2.3.10","4.3.3.3.9","4.3.3.5.8","4.3.4.4.7","4.3.4.5.6","4.3.4.5.7","4.3.4.5.8","4.4.2.1","4.4.2.2","4.4.2.4"],"https://www.isaca.org/resources/cobit":["APO11.04","APO12.06","APO13.01","BAI03.05","BAI04.04","BAI08.02","DSS02.02","DSS02.04","DSS02.07","DSS03.01","DSS05.04","DSS05.07","MEA02.01"],"ISO 27001-2013":["A.12.1.3","A.12.4.1","A.12.4.2","A.12.4.3","A.12.4.4","A.12.7.1","A.16.1.4","A.16.1.5","A.16.1.7","A.17.2.1"],"PCI-DSS Requirement":["Req-10.7"]}'><td style="padding-left: 76px"><a href="#rule-detail-id34418" onclick="return openRuleDetailsDialog('id34418')">Configure auditd space_left Action on Low Disk Space</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_logging" class="rule-overview-inner-node rule-overview-inner-node-id-xccdf_org.ssgproject.content_group_logging" data-tt-parent-id="xccdf_org.ssgproject.content_group_system"><td colspan="3" style="padding-left: 38px">Configure Syslog<script>$(document).ready(function(){$('.treetable').treetable("collapseNode","xccdf_org.ssgproject.content_group_logging");});</script></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_journald" class="rule-overview-inner-node rule-overview-inner-node-id-xccdf_org.ssgproject.content_group_journald" data-tt-parent-id="xccdf_org.ssgproject.content_group_logging"><td colspan="3" style="padding-left: 57px">systemd-journald<script>$(document).ready(function(){$('.treetable').treetable("collapseNode","xccdf_org.ssgproject.content_group_journald");});</script></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_journald_compress" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_journald_compress" id="rule-overview-leaf-id34419" data-tt-parent-id="xccdf_org.ssgproject.content_group_journald" data-references='{"https://www.cisecurity.org/benchmark/suse_linux/":["4.2.2.2"]}'><td style="padding-left: 76px"><a href="#rule-detail-id34419" onclick="return openRuleDetailsDialog('id34419')">Ensure journald is configured to compress large log files</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_journald_storage" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_journald_storage" id="rule-overview-leaf-id34420" data-tt-parent-id="xccdf_org.ssgproject.content_group_journald" data-references='{"https://www.cisecurity.org/benchmark/suse_linux/":["4.2.2.3"]}'><td style="padding-left: 76px"><a href="#rule-detail-id34420" onclick="return openRuleDetailsDialog('id34420')">Ensure journald is configured to write log files to persistent disk</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_network" class="rule-overview-inner-node rule-overview-inner-node-id-xccdf_org.ssgproject.content_group_network" data-tt-parent-id="xccdf_org.ssgproject.content_group_system"><td colspan="3" style="padding-left: 38px">Network Configuration and Firewalls<script>$(document).ready(function(){$('.treetable').treetable("collapseNode","xccdf_org.ssgproject.content_group_network");});</script></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_network-uncommon" class="rule-overview-inner-node rule-overview-inner-node-id-xccdf_org.ssgproject.content_group_network-uncommon" data-tt-parent-id="xccdf_org.ssgproject.content_group_network"><td colspan="3" style="padding-left: 57px">Uncommon Network Protocols<script>$(document).ready(function(){$('.treetable').treetable("collapseNode","xccdf_org.ssgproject.content_group_network-uncommon");});</script></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_kernel_module_dccp_disabled" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_kernel_module_dccp_disabled" id="rule-overview-leaf-id34421" data-tt-parent-id="xccdf_org.ssgproject.content_group_network-uncommon" data-references='{"NIST SP 800-171":["3.4.6"],"NIST SP 800-53":["CM-7(a)","CM-7(b)","CM-6(a)"],"https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf":["1.4.2"],"https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf":["PR.IP-1","PR.PT-3"],"https://public.cyber.mil/stigs/cci/":["CCI-001958"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000096-GPOS-00050","SRG-OS-000378-GPOS-00163"],"https://www.cisecurity.org/benchmark/suse_linux/":["3.4.1"],"https://www.cisecurity.org/controls/":["11","14","3","9"],"FBI CJIS":["5.10.1"],"https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu":["SR 1.1","SR 1.10","SR 1.11","SR 1.12","SR 1.13","SR 1.2","SR 1.3","SR 1.4","SR 1.5","SR 1.6","SR 1.7","SR 1.8","SR 1.9","SR 2.1","SR 2.2","SR 2.3","SR 2.4","SR 2.5","SR 2.6","SR 2.7","SR 7.6"],"https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat":["4.3.3.5.1","4.3.3.5.2","4.3.3.5.3","4.3.3.5.4","4.3.3.5.5","4.3.3.5.6","4.3.3.5.7","4.3.3.5.8","4.3.3.6.1","4.3.3.6.2","4.3.3.6.3","4.3.3.6.4","4.3.3.6.5","4.3.3.6.6","4.3.3.6.7","4.3.3.6.8","4.3.3.6.9","4.3.3.7.1","4.3.3.7.2","4.3.3.7.3","4.3.3.7.4","4.3.4.3.2","4.3.4.3.3"],"https://www.isaca.org/resources/cobit":["BAI10.01","BAI10.02","BAI10.03","BAI10.05","DSS05.02","DSS05.05","DSS06.06"],"ISO 27001-2013":["A.12.1.2","A.12.5.1","A.12.6.2","A.14.2.2","A.14.2.3","A.14.2.4","A.9.1.2"],"PCI-DSS Requirement":["Req-1.4.2"]}'><td style="padding-left: 76px"><a href="#rule-detail-id34421" onclick="return openRuleDetailsDialog('id34421')">Disable DCCP Support</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_kernel_module_sctp_disabled" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_kernel_module_sctp_disabled" id="rule-overview-leaf-id34422" data-tt-parent-id="xccdf_org.ssgproject.content_group_network-uncommon" data-references='{"NIST SP 800-171":["3.4.6"],"NIST SP 800-53":["CM-7(a)","CM-7(b)","CM-6(a)"],"https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf":["1.4.2"],"https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf":["PR.IP-1","PR.PT-3"],"https://public.cyber.mil/stigs/cci/":["CCI-000381","CCI-000366"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000095-GPOS-00049","SRG-OS-000480-GPOS-00227"],"https://www.cisecurity.org/benchmark/suse_linux/":["3.4.2"],"https://www.cisecurity.org/controls/":["11","14","3","9"],"FBI CJIS":["5.10.1"],"https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu":["SR 1.1","SR 1.10","SR 1.11","SR 1.12","SR 1.13","SR 1.2","SR 1.3","SR 1.4","SR 1.5","SR 1.6","SR 1.7","SR 1.8","SR 1.9","SR 2.1","SR 2.2","SR 2.3","SR 2.4","SR 2.5","SR 2.6","SR 2.7","SR 7.6"],"https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat":["4.3.3.5.1","4.3.3.5.2","4.3.3.5.3","4.3.3.5.4","4.3.3.5.5","4.3.3.5.6","4.3.3.5.7","4.3.3.5.8","4.3.3.6.1","4.3.3.6.2","4.3.3.6.3","4.3.3.6.4","4.3.3.6.5","4.3.3.6.6","4.3.3.6.7","4.3.3.6.8","4.3.3.6.9","4.3.3.7.1","4.3.3.7.2","4.3.3.7.3","4.3.3.7.4","4.3.4.3.2","4.3.4.3.3"],"https://www.isaca.org/resources/cobit":["BAI10.01","BAI10.02","BAI10.03","BAI10.05","DSS05.02","DSS05.05","DSS06.06"],"ISO 27001-2013":["A.12.1.2","A.12.5.1","A.12.6.2","A.14.2.2","A.14.2.3","A.14.2.4","A.9.1.2"],"PCI-DSS Requirement":["Req-1.4.2"]}'><td style="padding-left: 76px"><a href="#rule-detail-id34422" onclick="return openRuleDetailsDialog('id34422')">Disable SCTP Support</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_permissions" class="rule-overview-inner-node rule-overview-inner-node-id-xccdf_org.ssgproject.content_group_permissions" data-tt-parent-id="xccdf_org.ssgproject.content_group_system"><td colspan="3" style="padding-left: 38px">File Permissions and Masks<script>$(document).ready(function(){$('.treetable').treetable("collapseNode","xccdf_org.ssgproject.content_group_permissions");});</script></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_files" class="rule-overview-inner-node rule-overview-inner-node-id-xccdf_org.ssgproject.content_group_files" data-tt-parent-id="xccdf_org.ssgproject.content_group_permissions"><td colspan="3" style="padding-left: 57px">Verify Permissions on Important Files and
Directories<script>$(document).ready(function(){$('.treetable').treetable("collapseNode","xccdf_org.ssgproject.content_group_files");});</script></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_permissions_important_account_files" class="rule-overview-inner-node rule-overview-inner-node-id-xccdf_org.ssgproject.content_group_permissions_important_account_files" data-tt-parent-id="xccdf_org.ssgproject.content_group_files"><td colspan="3" style="padding-left: 76px">Verify Permissions on Files with Local Account Information and Credentials<script>$(document).ready(function(){$('.treetable').treetable("collapseNode","xccdf_org.ssgproject.content_group_permissions_important_account_files");});</script></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_file_etc_security_opasswd" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_file_etc_security_opasswd" id="rule-overview-leaf-id34423" data-tt-parent-id="xccdf_org.ssgproject.content_group_permissions_important_account_files" data-references='{"https://public.cyber.mil/stigs/cci/":["CCI-000200"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000077-GPOS-00045"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux":["SLES-15-020240"],"https://public.cyber.mil/stigs/srg-stig-tools/":["SV-234893r622137_rule"]}'><td style="padding-left: 95px"><a href="#rule-detail-id34423" onclick="return openRuleDetailsDialog('id34423')">Verify Permissions and Ownership of Old Passwords File</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_file_permissions_etc_shadow" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_file_permissions_etc_shadow" id="rule-overview-leaf-id34424" data-tt-parent-id="xccdf_org.ssgproject.content_group_permissions_important_account_files" data-references='{"NIST SP 800-53":["CM-6(a)","AC-6(1)"],"ANSSI":["BP28(R36)"],"https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf":["7.2.6"],"https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf":["PR.AC-4","PR.DS-5"],"https://public.cyber.mil/stigs/cci/":["CCI-002223"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000480-GPOS-00227"],"https://www.cisecurity.org/benchmark/suse_linux/":["6.1.3"],"https://www.cisecurity.org/controls/":["12","13","14","15","16","18","3","5"],"FBI CJIS":["5.5.2.2"],"https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu":["SR 2.1","SR 5.2"],"https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat":["4.3.3.7.3"],"https://www.isaca.org/resources/cobit":["APO01.06","DSS05.04","DSS05.07","DSS06.02"],"ISO 27001-2013":["A.10.1.1","A.11.1.4","A.11.1.5","A.11.2.1","A.13.1.1","A.13.1.3","A.13.2.1","A.13.2.3","A.13.2.4","A.14.1.2","A.14.1.3","A.6.1.2","A.7.1.1","A.7.1.2","A.7.3.1","A.8.2.2","A.8.2.3","A.9.1.1","A.9.1.2","A.9.2.3","A.9.4.1","A.9.4.4","A.9.4.5"],"https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx":["CIP-003-8 R5.1.1","CIP-003-8 R5.3","CIP-004-6 R2.3","CIP-007-3 R2.1","CIP-007-3 R2.2","CIP-007-3 R2.3","CIP-007-3 R5.1","CIP-007-3 R5.1.1","CIP-007-3 R5.1.2"],"PCI-DSS Requirement":["Req-8.7.c"]}'><td style="padding-left: 95px"><a href="#rule-detail-id34424" onclick="return openRuleDetailsDialog('id34424')">Verify Permissions on shadow File</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_permissions_within_important_dirs" class="rule-overview-inner-node rule-overview-inner-node-id-xccdf_org.ssgproject.content_group_permissions_within_important_dirs" data-tt-parent-id="xccdf_org.ssgproject.content_group_files"><td colspan="3" style="padding-left: 76px">Verify File Permissions Within Some Important Directories<script>$(document).ready(function(){$('.treetable').treetable("collapseNode","xccdf_org.ssgproject.content_group_permissions_within_important_dirs");});</script></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_file_groupownership_system_commands_dirs" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_file_groupownership_system_commands_dirs" id="rule-overview-leaf-id34425" data-tt-parent-id="xccdf_org.ssgproject.content_group_permissions_within_important_dirs" data-references='{"NIST SP 800-53":["CM-5(6)","CM-5(6).1"],"https://public.cyber.mil/stigs/cci/":["CCI-001499"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000259-GPOS-00100"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux":["SLES-15-010361"],"https://public.cyber.mil/stigs/srg-stig-tools/":["SV-234844r622137_rule"]}'><td style="padding-left: 95px"><a href="#rule-detail-id34425" onclick="return openRuleDetailsDialog('id34425')">Verify that system commands files are group owned by root or a system account</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_mounting" class="rule-overview-inner-node rule-overview-inner-node-id-xccdf_org.ssgproject.content_group_mounting" data-tt-parent-id="xccdf_org.ssgproject.content_group_permissions"><td colspan="3" style="padding-left: 57px">Restrict Dynamic Mounting and Unmounting of
Filesystems<script>$(document).ready(function(){$('.treetable').treetable("collapseNode","xccdf_org.ssgproject.content_group_mounting");});</script></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_kernel_module_squashfs_disabled" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_kernel_module_squashfs_disabled" id="rule-overview-leaf-id34426" data-tt-parent-id="xccdf_org.ssgproject.content_group_mounting" data-references='{"NIST SP 800-171":["3.4.6"],"NIST SP 800-53":["CM-7(a)","CM-7(b)","CM-6(a)"],"https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf":["PR.IP-1","PR.PT-3"],"https://www.cisecurity.org/benchmark/suse_linux/":["1.1.1.1"],"https://www.cisecurity.org/controls/":["11","14","3","9"],"https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu":["SR 1.1","SR 1.10","SR 1.11","SR 1.12","SR 1.13","SR 1.2","SR 1.3","SR 1.4","SR 1.5","SR 1.6","SR 1.7","SR 1.8","SR 1.9","SR 2.1","SR 2.2","SR 2.3","SR 2.4","SR 2.5","SR 2.6","SR 2.7","SR 7.6"],"https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat":["4.3.3.5.1","4.3.3.5.2","4.3.3.5.3","4.3.3.5.4","4.3.3.5.5","4.3.3.5.6","4.3.3.5.7","4.3.3.5.8","4.3.3.6.1","4.3.3.6.2","4.3.3.6.3","4.3.3.6.4","4.3.3.6.5","4.3.3.6.6","4.3.3.6.7","4.3.3.6.8","4.3.3.6.9","4.3.3.7.1","4.3.3.7.2","4.3.3.7.3","4.3.3.7.4","4.3.4.3.2","4.3.4.3.3"],"https://www.isaca.org/resources/cobit":["BAI10.01","BAI10.02","BAI10.03","BAI10.05","DSS05.02","DSS05.05","DSS06.06"],"ISO 27001-2013":["A.12.1.2","A.12.5.1","A.12.6.2","A.14.2.2","A.14.2.3","A.14.2.4","A.9.1.2"]}'><td style="padding-left: 76px"><a href="#rule-detail-id34426" onclick="return openRuleDetailsDialog('id34426')">Disable Mounting of squashfs</a></td><td class="rule-severity" style="text-align: center">low</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_kernel_module_udf_disabled" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_kernel_module_udf_disabled" id="rule-overview-leaf-id34427" data-tt-parent-id="xccdf_org.ssgproject.content_group_mounting" data-references='{"NIST SP 800-171":["3.4.6"],"NIST SP 800-53":["CM-7(a)","CM-7(b)","CM-6(a)"],"https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf":["PR.IP-1","PR.PT-3"],"https://www.cisecurity.org/benchmark/suse_linux/":["1.1.1.2"],"https://www.cisecurity.org/controls/":["11","14","3","9"],"https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu":["SR 1.1","SR 1.10","SR 1.11","SR 1.12","SR 1.13","SR 1.2","SR 1.3","SR 1.4","SR 1.5","SR 1.6","SR 1.7","SR 1.8","SR 1.9","SR 2.1","SR 2.2","SR 2.3","SR 2.4","SR 2.5","SR 2.6","SR 2.7","SR 7.6"],"https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat":["4.3.3.5.1","4.3.3.5.2","4.3.3.5.3","4.3.3.5.4","4.3.3.5.5","4.3.3.5.6","4.3.3.5.7","4.3.3.5.8","4.3.3.6.1","4.3.3.6.2","4.3.3.6.3","4.3.3.6.4","4.3.3.6.5","4.3.3.6.6","4.3.3.6.7","4.3.3.6.8","4.3.3.6.9","4.3.3.7.1","4.3.3.7.2","4.3.3.7.3","4.3.3.7.4","4.3.4.3.2","4.3.4.3.3"],"https://www.isaca.org/resources/cobit":["BAI10.01","BAI10.02","BAI10.03","BAI10.05","DSS05.02","DSS05.05","DSS06.06"],"ISO 27001-2013":["A.12.1.2","A.12.5.1","A.12.6.2","A.14.2.2","A.14.2.3","A.14.2.4","A.9.1.2"]}'><td style="padding-left: 76px"><a href="#rule-detail-id34427" onclick="return openRuleDetailsDialog('id34427')">Disable Mounting of udf</a></td><td class="rule-severity" style="text-align: center">low</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_kernel_module_usb-storage_disabled" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_kernel_module_usb-storage_disabled" id="rule-overview-leaf-id34428" data-tt-parent-id="xccdf_org.ssgproject.content_group_mounting" data-references='{"NIST SP 800-171":["3.1.21"],"NIST SP 800-53":["CM-7(a)","CM-7(b)","CM-6(a)","MP-7"],"https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf":["PR.AC-1","PR.AC-3","PR.AC-6","PR.AC-7"],"https://public.cyber.mil/stigs/cci/":["CCI-000366","CCI-000778","CCI-001958"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000114-GPOS-00059","SRG-OS-000378-GPOS-00163","SRG-OS-000480-GPOS-00227"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux":["SLES-15-010480"],"https://public.cyber.mil/stigs/srg-stig-tools/":["SV-234856r622137_rule"],"https://www.cisecurity.org/benchmark/suse_linux/":["1.1.23"],"https://www.cisecurity.org/controls/":["1","12","15","16","5"],"HIPAA":["164.308(a)(3)(i)","164.308(a)(3)(ii)(A)","164.310(d)(1)","164.310(d)(2)","164.312(a)(1)","164.312(a)(2)(iv)","164.312(b)"],"https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu":["SR 1.1","SR 1.10","SR 1.13","SR 1.2","SR 1.3","SR 1.4","SR 1.5","SR 1.7","SR 1.8","SR 1.9","SR 2.1","SR 2.6"],"https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat":["4.3.3.2.2","4.3.3.5.1","4.3.3.5.2","4.3.3.6.1","4.3.3.6.2","4.3.3.6.3","4.3.3.6.4","4.3.3.6.5","4.3.3.6.6","4.3.3.6.7","4.3.3.6.8","4.3.3.6.9","4.3.3.7.2","4.3.3.7.4"],"https://www.isaca.org/resources/cobit":["APO13.01","DSS01.04","DSS05.03","DSS05.04","DSS05.05","DSS05.07","DSS05.10","DSS06.03","DSS06.10"],"ISO 27001-2013":["A.11.2.6","A.13.1.1","A.13.2.1","A.18.1.4","A.6.2.1","A.6.2.2","A.7.1.1","A.9.2.1","A.9.2.2","A.9.2.3","A.9.2.4","A.9.2.6","A.9.3.1","A.9.4.2","A.9.4.3"]}'><td style="padding-left: 76px"><a href="#rule-detail-id34428" onclick="return openRuleDetailsDialog('id34428')">Disable Modprobe Loading of USB Storage Driver</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_restrictions" class="rule-overview-inner-node rule-overview-inner-node-id-xccdf_org.ssgproject.content_group_restrictions" data-tt-parent-id="xccdf_org.ssgproject.content_group_permissions"><td colspan="3" style="padding-left: 57px">Restrict Programs from Dangerous Execution Patterns<script>$(document).ready(function(){$('.treetable').treetable("collapseNode","xccdf_org.ssgproject.content_group_restrictions");});</script></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_coredumps" class="rule-overview-inner-node rule-overview-inner-node-id-xccdf_org.ssgproject.content_group_coredumps" data-tt-parent-id="xccdf_org.ssgproject.content_group_restrictions"><td colspan="3" style="padding-left: 76px">Disable Core Dumps<script>$(document).ready(function(){$('.treetable').treetable("collapseNode","xccdf_org.ssgproject.content_group_coredumps");});</script></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_disable_users_coredumps" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_disable_users_coredumps" id="rule-overview-leaf-id34429" data-tt-parent-id="xccdf_org.ssgproject.content_group_coredumps" data-references='{"NIST SP 800-53":["CM-6","SC-7(10)"],"https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf":["3.3.1.1","3.3.1.2","3.3.1.3"],"https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf":["DE.CM-1","PR.DS-4"],"https://public.cyber.mil/stigs/cci/":["CCI-000366"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000480-GPOS-00227"],"https://www.cisecurity.org/benchmark/suse_linux/":["1.6.1"],"https://www.cisecurity.org/controls/":["1","12","13","15","16","2","7","8"],"https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu":["SR 6.2","SR 7.1","SR 7.2"],"https://www.isaca.org/resources/cobit":["APO13.01","BAI04.04","DSS01.03","DSS03.05","DSS05.07"],"ISO 27001-2013":["A.12.1.3","A.17.2.1"]}'><td style="padding-left: 95px"><a href="#rule-detail-id34429" onclick="return openRuleDetailsDialog('id34429')">Disable Core Dumps for All Users</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_services" class="rule-overview-inner-node rule-overview-inner-node-id-xccdf_org.ssgproject.content_group_services" data-tt-parent-id="xccdf_org.ssgproject.content_benchmark_SLE-15"><td colspan="3" style="padding-left: 19px"><strong>Services</strong>Â <span class="badge">2x fail</span></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_cron_and_at" class="rule-overview-inner-node rule-overview-inner-node-id-xccdf_org.ssgproject.content_group_cron_and_at" data-tt-parent-id="xccdf_org.ssgproject.content_group_services"><td colspan="3" style="padding-left: 38px">Cron and At Daemons<script>$(document).ready(function(){$('.treetable').treetable("collapseNode","xccdf_org.ssgproject.content_group_cron_and_at");});</script></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_file_permissions_cron_d" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_file_permissions_cron_d" id="rule-overview-leaf-id34430" data-tt-parent-id="xccdf_org.ssgproject.content_group_cron_and_at" data-references='{"NIST SP 800-53":["CM-6(a)","AC-6(1)"],"https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf":["2.2.6"],"https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf":["PR.AC-4","PR.DS-5"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000480-GPOS-00227"],"https://www.cisecurity.org/benchmark/suse_linux/":["5.1.7"],"https://www.cisecurity.org/controls/":["12","13","14","15","16","18","3","5"],"https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu":["SR 2.1","SR 5.2"],"https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat":["4.3.3.7.3"],"https://www.isaca.org/resources/cobit":["APO01.06","DSS05.04","DSS05.07","DSS06.02"],"ISO 27001-2013":["A.10.1.1","A.11.1.4","A.11.1.5","A.11.2.1","A.13.1.1","A.13.1.3","A.13.2.1","A.13.2.3","A.13.2.4","A.14.1.2","A.14.1.3","A.6.1.2","A.7.1.1","A.7.1.2","A.7.3.1","A.8.2.2","A.8.2.3","A.9.1.1","A.9.1.2","A.9.2.3","A.9.4.1","A.9.4.4","A.9.4.5"]}'><td style="padding-left: 57px"><a href="#rule-detail-id34430" onclick="return openRuleDetailsDialog('id34430')">Verify Permissions on cron.d</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_file_permissions_cron_daily" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_file_permissions_cron_daily" id="rule-overview-leaf-id34431" data-tt-parent-id="xccdf_org.ssgproject.content_group_cron_and_at" data-references='{"NIST SP 800-53":["CM-6(a)","AC-6(1)"],"https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf":["2.2.6"],"https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf":["PR.AC-4","PR.DS-5"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000480-GPOS-00227"],"https://www.cisecurity.org/benchmark/suse_linux/":["5.1.4"],"https://www.cisecurity.org/controls/":["12","13","14","15","16","18","3","5"],"https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu":["SR 2.1","SR 5.2"],"https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat":["4.3.3.7.3"],"https://www.isaca.org/resources/cobit":["APO01.06","DSS05.04","DSS05.07","DSS06.02"],"ISO 27001-2013":["A.10.1.1","A.11.1.4","A.11.1.5","A.11.2.1","A.13.1.1","A.13.1.3","A.13.2.1","A.13.2.3","A.13.2.4","A.14.1.2","A.14.1.3","A.6.1.2","A.7.1.1","A.7.1.2","A.7.3.1","A.8.2.2","A.8.2.3","A.9.1.1","A.9.1.2","A.9.2.3","A.9.4.1","A.9.4.4","A.9.4.5"]}'><td style="padding-left: 57px"><a href="#rule-detail-id34431" onclick="return openRuleDetailsDialog('id34431')">Verify Permissions on cron.daily</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_file_permissions_cron_hourly" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_file_permissions_cron_hourly" id="rule-overview-leaf-id34432" data-tt-parent-id="xccdf_org.ssgproject.content_group_cron_and_at" data-references='{"NIST SP 800-53":["CM-6(a)","AC-6(1)"],"https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf":["2.2.6"],"https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf":["PR.AC-4","PR.DS-5"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000480-GPOS-00227"],"https://www.cisecurity.org/benchmark/suse_linux/":["5.1.3"],"https://www.cisecurity.org/controls/":["12","13","14","15","16","18","3","5"],"https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu":["SR 2.1","SR 5.2"],"https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat":["4.3.3.7.3"],"https://www.isaca.org/resources/cobit":["APO01.06","DSS05.04","DSS05.07","DSS06.02"],"ISO 27001-2013":["A.10.1.1","A.11.1.4","A.11.1.5","A.11.2.1","A.13.1.1","A.13.1.3","A.13.2.1","A.13.2.3","A.13.2.4","A.14.1.2","A.14.1.3","A.6.1.2","A.7.1.1","A.7.1.2","A.7.3.1","A.8.2.2","A.8.2.3","A.9.1.1","A.9.1.2","A.9.2.3","A.9.4.1","A.9.4.4","A.9.4.5"]}'><td style="padding-left: 57px"><a href="#rule-detail-id34432" onclick="return openRuleDetailsDialog('id34432')">Verify Permissions on cron.hourly</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_file_permissions_cron_monthly" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_file_permissions_cron_monthly" id="rule-overview-leaf-id34433" data-tt-parent-id="xccdf_org.ssgproject.content_group_cron_and_at" data-references='{"NIST SP 800-53":["CM-6(a)","AC-6(1)"],"https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf":["2.2.6"],"https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf":["PR.AC-4","PR.DS-5"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000480-GPOS-00227"],"https://www.cisecurity.org/benchmark/suse_linux/":["5.1.6"],"https://www.cisecurity.org/controls/":["12","13","14","15","16","18","3","5"],"https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu":["SR 2.1","SR 5.2"],"https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat":["4.3.3.7.3"],"https://www.isaca.org/resources/cobit":["APO01.06","DSS05.04","DSS05.07","DSS06.02"],"ISO 27001-2013":["A.10.1.1","A.11.1.4","A.11.1.5","A.11.2.1","A.13.1.1","A.13.1.3","A.13.2.1","A.13.2.3","A.13.2.4","A.14.1.2","A.14.1.3","A.6.1.2","A.7.1.1","A.7.1.2","A.7.3.1","A.8.2.2","A.8.2.3","A.9.1.1","A.9.1.2","A.9.2.3","A.9.4.1","A.9.4.4","A.9.4.5"]}'><td style="padding-left: 57px"><a href="#rule-detail-id34433" onclick="return openRuleDetailsDialog('id34433')">Verify Permissions on cron.monthly</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_file_permissions_cron_weekly" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_file_permissions_cron_weekly" id="rule-overview-leaf-id34434" data-tt-parent-id="xccdf_org.ssgproject.content_group_cron_and_at" data-references='{"NIST SP 800-53":["CM-6(a)","AC-6(1)"],"https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf":["2.2.6"],"https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf":["PR.AC-4","PR.DS-5"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000480-GPOS-00227"],"https://www.cisecurity.org/benchmark/suse_linux/":["5.1.5"],"https://www.cisecurity.org/controls/":["12","13","14","15","16","18","3","5"],"https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu":["SR 2.1","SR 5.2"],"https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat":["4.3.3.7.3"],"https://www.isaca.org/resources/cobit":["APO01.06","DSS05.04","DSS05.07","DSS06.02"],"ISO 27001-2013":["A.10.1.1","A.11.1.4","A.11.1.5","A.11.2.1","A.13.1.1","A.13.1.3","A.13.2.1","A.13.2.3","A.13.2.4","A.14.1.2","A.14.1.3","A.6.1.2","A.7.1.1","A.7.1.2","A.7.3.1","A.8.2.2","A.8.2.3","A.9.1.1","A.9.1.2","A.9.2.3","A.9.4.1","A.9.4.4","A.9.4.5"]}'><td style="padding-left: 57px"><a href="#rule-detail-id34434" onclick="return openRuleDetailsDialog('id34434')">Verify Permissions on cron.weekly</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_ntp" class="rule-overview-inner-node rule-overview-inner-node-id-xccdf_org.ssgproject.content_group_ntp" data-tt-parent-id="xccdf_org.ssgproject.content_group_services"><td colspan="3" style="padding-left: 38px">Network Time Protocol<script>$(document).ready(function(){$('.treetable').treetable("collapseNode","xccdf_org.ssgproject.content_group_ntp");});</script></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_chronyd_run_as_chrony_user" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_chronyd_run_as_chrony_user" id="rule-overview-leaf-id34435" data-tt-parent-id="xccdf_org.ssgproject.content_group_ntp" data-references='{"https://www.cisecurity.org/benchmark/suse_linux/":["2.2.1.3"]}'><td style="padding-left: 57px"><a href="#rule-detail-id34435" onclick="return openRuleDetailsDialog('id34435')">Ensure that chronyd is running under chrony user account</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_ssh" class="rule-overview-inner-node rule-overview-inner-node-id-xccdf_org.ssgproject.content_group_ssh" data-tt-parent-id="xccdf_org.ssgproject.content_group_services"><td colspan="3" style="padding-left: 38px"><strong>SSH Server</strong>Â <span class="badge">2x fail</span></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_ssh_server" class="rule-overview-inner-node rule-overview-inner-node-id-xccdf_org.ssgproject.content_group_ssh_server" data-tt-parent-id="xccdf_org.ssgproject.content_group_ssh"><td colspan="3" style="padding-left: 57px"><strong>Configure OpenSSH Server if Necessary</strong>Â <span class="badge">2x fail</span></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_sshd_set_keepalive_0" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_sshd_set_keepalive_0" id="rule-overview-leaf-id34436" data-tt-parent-id="xccdf_org.ssgproject.content_group_ssh_server" data-references='{"NIST SP 800-171":["3.1.11"],"NIST SP 800-53":["AC-2(5)","AC-12","AC-17(a)","SC-10","CM-6(a)"],"https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf":["8.2.8"],"https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf":["DE.CM-1","DE.CM-3","PR.AC-1","PR.AC-4","PR.AC-6","PR.AC-7","PR.IP-2"],"https://public.cyber.mil/stigs/cci/":["CCI-000879","CCI-001133","CCI-002361"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000126-GPOS-00066","SRG-OS-000163-GPOS-00072","SRG-OS-000279-GPOS-00109"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux":["SLES-15-010320"],"https://public.cyber.mil/stigs/srg-stig-tools/":["SV-234830r622137_rule"],"https://www.cisecurity.org/controls/":["1","12","13","14","15","16","18","3","5","7","8"],"FBI CJIS":["5.5.6"],"HIPAA":["164.308(a)(4)(i)","164.308(b)(1)","164.308(b)(3)","164.310(b)","164.312(e)(1)","164.312(e)(2)(ii)"],"https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu":["SR 1.1","SR 1.10","SR 1.2","SR 1.3","SR 1.4","SR 1.5","SR 1.7","SR 1.8","SR 1.9","SR 2.1","SR 6.2"],"https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat":["4.3.3.2.2","4.3.3.5.1","4.3.3.5.2","4.3.3.6.1","4.3.3.6.2","4.3.3.6.3","4.3.3.6.4","4.3.3.6.5","4.3.3.6.6","4.3.3.6.7","4.3.3.6.8","4.3.3.6.9","4.3.3.7.2","4.3.3.7.3","4.3.3.7.4","4.3.4.3.3"],"https://www.isaca.org/resources/cobit":["APO13.01","BAI03.01","BAI03.02","BAI03.03","DSS01.03","DSS03.05","DSS05.04","DSS05.05","DSS05.07","DSS05.10","DSS06.03","DSS06.10"],"ISO 27001-2013":["A.12.4.1","A.12.4.3","A.14.1.1","A.14.2.1","A.14.2.5","A.18.1.4","A.6.1.2","A.6.1.5","A.7.1.1","A.9.1.2","A.9.2.1","A.9.2.2","A.9.2.3","A.9.2.4","A.9.2.6","A.9.3.1","A.9.4.1","A.9.4.2","A.9.4.3","A.9.4.4","A.9.4.5"],"https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx":["CIP-004-6 R2.2.3","CIP-007-3 R5.1","CIP-007-3 R5.2","CIP-007-3 R5.3.1","CIP-007-3 R5.3.2","CIP-007-3 R5.3.3"],"PCI-DSS Requirement":["Req-8.1.8"]}'><td style="padding-left: 76px"><a href="#rule-detail-id34436" onclick="return openRuleDetailsDialog('id34436')">Set SSH Client Alive Count Max to zero</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_sshd_set_idle_timeout" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_sshd_set_idle_timeout" id="rule-overview-leaf-id34437" data-tt-parent-id="xccdf_org.ssgproject.content_group_ssh_server" data-references='{"NIST SP 800-171":["3.1.11"],"NIST SP 800-53":["CM-6(a)","AC-17(a)","AC-2(5)","AC-12","AC-17(a)","SC-10","CM-6(a)"],"ANSSI":["BP28(R29)"],"https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf":["8.2.8"],"https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf":["DE.CM-1","DE.CM-3","PR.AC-1","PR.AC-4","PR.AC-6","PR.AC-7","PR.IP-2"],"https://public.cyber.mil/stigs/cci/":["CCI-000879","CCI-001133","CCI-002361"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000126-GPOS-00066","SRG-OS-000163-GPOS-00072","SRG-OS-000279-GPOS-00109","SRG-OS-000395-GPOS-00175"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux":["SLES-15-010280"],"https://public.cyber.mil/stigs/srg-stig-tools/":["SV-234827r622137_rule"],"https://www.cisecurity.org/benchmark/suse_linux/":["5.2.16"],"https://www.cisecurity.org/controls/":["1","12","13","14","15","16","18","3","5","7","8"],"FBI CJIS":["5.5.6"],"https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu":["SR 1.1","SR 1.10","SR 1.2","SR 1.3","SR 1.4","SR 1.5","SR 1.7","SR 1.8","SR 1.9","SR 2.1","SR 6.2"],"https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat":["4.3.3.2.2","4.3.3.5.1","4.3.3.5.2","4.3.3.6.1","4.3.3.6.2","4.3.3.6.3","4.3.3.6.4","4.3.3.6.5","4.3.3.6.6","4.3.3.6.7","4.3.3.6.8","4.3.3.6.9","4.3.3.7.2","4.3.3.7.3","4.3.3.7.4","4.3.4.3.3"],"https://www.isaca.org/resources/cobit":["APO13.01","BAI03.01","BAI03.02","BAI03.03","DSS01.03","DSS03.05","DSS05.04","DSS05.05","DSS05.07","DSS05.10","DSS06.03","DSS06.10"],"ISO 27001-2013":["A.12.4.1","A.12.4.3","A.14.1.1","A.14.2.1","A.14.2.5","A.18.1.4","A.6.1.2","A.6.1.5","A.7.1.1","A.9.1.2","A.9.2.1","A.9.2.2","A.9.2.3","A.9.2.4","A.9.2.6","A.9.3.1","A.9.4.1","A.9.4.2","A.9.4.3","A.9.4.4","A.9.4.5"],"https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx":["CIP-004-6 R2.2.3","CIP-007-3 R5.1","CIP-007-3 R5.2","CIP-007-3 R5.3.1","CIP-007-3 R5.3.2","CIP-007-3 R5.3.3"],"PCI-DSS Requirement":["Req-8.1.8"]}'><td style="padding-left: 76px"><a href="#rule-detail-id34437" onclick="return openRuleDetailsDialog('id34437')">Set SSH Client Alive Interval</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_sshd_disable_root_login" class="rule-overview-leaf rule-overview-leaf-fail rule-overview-needs-attention" id="rule-overview-leaf-id34438" data-tt-parent-id="xccdf_org.ssgproject.content_group_ssh_server" data-references='{"NIST SP 800-171":["3.1.1","3.1.5"],"NIST SP 800-53":["AC-6(2)","AC-17(a)","IA-2","IA-2(5)","CM-7(a)","CM-7(b)","CM-6(a)"],"ANSSI":["BP28(R19)","NT007(R21)"],"https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf":["2.2.6"],"https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf":["PR.AC-1","PR.AC-4","PR.AC-6","PR.AC-7","PR.DS-5","PR.PT-3"],"https://public.cyber.mil/stigs/cci/":["CCI-000366","CCI-000770"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=application-servers":["SRG-APP-000148-CTR-000335","SRG-APP-000190-CTR-000500"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000109-GPOS-00056","SRG-OS-000480-GPOS-00227"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux":["SLES-15-020040"],"https://public.cyber.mil/stigs/srg-stig-tools/":["SV-234870r622137_rule"],"https://www.cisecurity.org/benchmark/suse_linux/":["5.2.10"],"https://www.cisecurity.org/controls/":["1","11","12","13","14","15","16","18","3","5"],"FBI CJIS":["5.5.6"],"HIPAA":["164.308(a)(4)(i)","164.308(b)(1)","164.308(b)(3)","164.310(b)","164.312(e)(1)","164.312(e)(2)(ii)"],"https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu":["SR 1.1","SR 1.10","SR 1.11","SR 1.12","SR 1.13","SR 1.2","SR 1.3","SR 1.4","SR 1.5","SR 1.6","SR 1.7","SR 1.8","SR 1.9","SR 2.1","SR 2.2","SR 2.3","SR 2.4","SR 2.5","SR 2.6","SR 2.7","SR 5.2"],"https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat":["4.3.3.2.2","4.3.3.5.1","4.3.3.5.2","4.3.3.5.3","4.3.3.5.4","4.3.3.5.5","4.3.3.5.6","4.3.3.5.7","4.3.3.5.8","4.3.3.6.1","4.3.3.6.2","4.3.3.6.3","4.3.3.6.4","4.3.3.6.5","4.3.3.6.6","4.3.3.6.7","4.3.3.6.8","4.3.3.6.9","4.3.3.7.1","4.3.3.7.2","4.3.3.7.3","4.3.3.7.4"],"https://www.isaca.org/resources/cobit":["APO01.06","DSS05.02","DSS05.04","DSS05.05","DSS05.07","DSS05.10","DSS06.02","DSS06.03","DSS06.06","DSS06.10"],"ISO 27001-2013":["A.10.1.1","A.11.1.4","A.11.1.5","A.11.2.1","A.13.1.1","A.13.1.3","A.13.2.1","A.13.2.3","A.13.2.4","A.14.1.2","A.14.1.3","A.18.1.4","A.6.1.2","A.7.1.1","A.7.1.2","A.7.3.1","A.8.2.2","A.8.2.3","A.9.1.1","A.9.1.2","A.9.2.1","A.9.2.2","A.9.2.3","A.9.2.4","A.9.2.6","A.9.3.1","A.9.4.1","A.9.4.2","A.9.4.3","A.9.4.4","A.9.4.5"],"https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx":["CIP-003-8 R5.1.1","CIP-003-8 R5.3","CIP-004-6 R2.2.3","CIP-004-6 R2.3","CIP-007-3 R2.1","CIP-007-3 R2.2","CIP-007-3 R2.3","CIP-007-3 R5.1","CIP-007-3 R5.1.1","CIP-007-3 R5.1.2","CIP-007-3 R5.2","CIP-007-3 R5.3.1","CIP-007-3 R5.3.2","CIP-007-3 R5.3.3"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1"],"PCI-DSS Requirement":["Req-2.2.4"]}'><td style="padding-left: 76px"><a href="#rule-detail-id34438" onclick="return openRuleDetailsDialog('id34438')">Disable SSH Root Login</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-fail"><div><abbr title="The target system or system component did not satisfy at least one condition of the rule.">fail</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_sshd_disable_tcp_forwarding" class="rule-overview-leaf rule-overview-leaf-fail rule-overview-needs-attention" id="rule-overview-leaf-id34439" data-tt-parent-id="xccdf_org.ssgproject.content_group_ssh_server" data-references='{"https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf":["2.2.6"],"https://www.cisecurity.org/benchmark/suse_linux/":["5.2.20"]}'><td style="padding-left: 76px"><a href="#rule-detail-id34439" onclick="return openRuleDetailsDialog('id34439')">Disable SSH TCP Forwarding</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-fail"><div><abbr title="The target system or system component did not satisfy at least one condition of the rule.">fail</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_sshd_disable_user_known_hosts" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_sshd_disable_user_known_hosts" id="rule-overview-leaf-id34440" data-tt-parent-id="xccdf_org.ssgproject.content_group_ssh_server" data-references='{"NIST SP 800-171":["3.1.12"],"NIST SP 800-53":["AC-17(a)","CM-7(a)","CM-7(b)","CM-6(a)"],"https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf":["PR.IP-1"],"https://public.cyber.mil/stigs/cci/":["CCI-000366"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000480-GPOS-00227"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux":["SLES-15-040230"],"https://public.cyber.mil/stigs/srg-stig-tools/":["SV-235007r622137_rule"],"https://www.cisecurity.org/controls/":["11","3","9"],"HIPAA":["164.308(a)(4)(i)","164.308(b)(1)","164.308(b)(3)","164.310(b)","164.312(e)(1)","164.312(e)(2)(ii)"],"https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu":["SR 7.6"],"https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat":["4.3.4.3.2","4.3.4.3.3"],"https://www.isaca.org/resources/cobit":["BAI10.01","BAI10.02","BAI10.03","BAI10.05"],"ISO 27001-2013":["A.12.1.2","A.12.5.1","A.12.6.2","A.14.2.2","A.14.2.3","A.14.2.4"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FIA_UAU.1"]}'><td style="padding-left: 76px"><a href="#rule-detail-id34440" onclick="return openRuleDetailsDialog('id34440')">Disable SSH Support for User Known Hosts</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_sshd_disable_x11_forwarding" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_sshd_disable_x11_forwarding" id="rule-overview-leaf-id34441" data-tt-parent-id="xccdf_org.ssgproject.content_group_ssh_server" data-references='{"NIST SP 800-53":["CM-6.1(iv)"],"https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf":["2.2.4"],"https://public.cyber.mil/stigs/cci/":["CCI-000366"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000480-GPOS-00227"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux":["SLES-15-040290"],"https://public.cyber.mil/stigs/srg-stig-tools/":["SV-235013r622137_rule"],"https://www.cisecurity.org/benchmark/suse_linux/":["5.2.6"]}'><td style="padding-left: 76px"><a href="#rule-detail-id34441" onclick="return openRuleDetailsDialog('id34441')">Disable X11 Forwarding</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_sshd_enable_warning_banner" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_sshd_enable_warning_banner" id="rule-overview-leaf-id34442" data-tt-parent-id="xccdf_org.ssgproject.content_group_ssh_server" data-references='{"NIST SP 800-171":["3.1.9"],"NIST SP 800-53":["AC-8(a)","AC-8(c)","AC-17(a)","CM-6(a)"],"https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf":["2.2.6"],"https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf":["PR.AC-7"],"https://public.cyber.mil/stigs/cci/":["CCI-000048","CCI-000050","CCI-001384","CCI-001385","CCI-001386","CCI-001387","CCI-001388"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000023-GPOS-00006","SRG-OS-000228-GPOS-00088"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux":["SLES-15-010040"],"https://public.cyber.mil/stigs/srg-stig-tools/":["SV-234805r622137_rule"],"https://www.cisecurity.org/benchmark/suse_linux/":["5.2.18"],"https://www.cisecurity.org/controls/":["1","12","15","16"],"FBI CJIS":["5.5.6"],"HIPAA":["164.308(a)(4)(i)","164.308(b)(1)","164.308(b)(3)","164.310(b)","164.312(e)(1)","164.312(e)(2)(ii)"],"https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu":["SR 1.1","SR 1.10","SR 1.2","SR 1.5","SR 1.7","SR 1.8","SR 1.9"],"https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat":["4.3.3.6.1","4.3.3.6.2","4.3.3.6.3","4.3.3.6.4","4.3.3.6.5","4.3.3.6.6","4.3.3.6.7","4.3.3.6.8","4.3.3.6.9"],"https://www.isaca.org/resources/cobit":["DSS05.04","DSS05.10","DSS06.10"],"ISO 27001-2013":["A.18.1.4","A.9.2.1","A.9.2.4","A.9.3.1","A.9.4.2","A.9.4.3"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FTA_TAB.1"],"PCI-DSS Requirement":["Req-2.2.4"]}'><td style="padding-left: 76px"><a href="#rule-detail-id34442" onclick="return openRuleDetailsDialog('id34442')">Enable SSH Warning Banner</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_sshd_set_login_grace_time" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_sshd_set_login_grace_time" id="rule-overview-leaf-id34443" data-tt-parent-id="xccdf_org.ssgproject.content_group_ssh_server" data-references='{"https://www.cisecurity.org/benchmark/suse_linux/":["5.2.17"]}'><td style="padding-left: 76px"><a href="#rule-detail-id34443" onclick="return openRuleDetailsDialog('id34443')">Ensure SSH LoginGraceTime is configured</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_sshd_set_loglevel_verbose" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_sshd_set_loglevel_verbose" id="rule-overview-leaf-id34444" data-tt-parent-id="xccdf_org.ssgproject.content_group_ssh_server" data-references='{"NIST SP 800-53":["AC-17(a)","AC-17(1)","CM-6(a)"],"https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf":["2.2.6"],"https://public.cyber.mil/stigs/cci/":["CCI-000067"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000032-GPOS-00013"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux":["SLES-15-010150"],"https://public.cyber.mil/stigs/srg-stig-tools/":["SV-234815r622137_rule"],"https://www.cisecurity.org/benchmark/suse_linux/":["5.2.5"],"https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx":["CIP-007-3 R7.1"],"PCI-DSS Requirement":["Req-2.2.4"]}'><td style="padding-left: 76px"><a href="#rule-detail-id34444" onclick="return openRuleDetailsDialog('id34444')">Set SSH Daemon LogLevel to VERBOSE</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_sshd_set_max_auth_tries" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_sshd_set_max_auth_tries" id="rule-overview-leaf-id34445" data-tt-parent-id="xccdf_org.ssgproject.content_group_ssh_server" data-references='{"https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf":["2.2.6"],"https://www.cisecurity.org/benchmark/suse_linux/":["5.2.7"],"https://www.cyber.gov.au/acsc/view-all-content/ism":["0421","0422","0431","0974","1173","1401","1504","1505","1546","1557","1558","1559","1560","1561"]}'><td style="padding-left: 76px"><a href="#rule-detail-id34445" onclick="return openRuleDetailsDialog('id34445')">Set SSH authentication attempt limit</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_sshd_set_max_sessions" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_sshd_set_max_sessions" id="rule-overview-leaf-id34446" data-tt-parent-id="xccdf_org.ssgproject.content_group_ssh_server" data-references='{"https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf":["2.2.6"],"https://www.cisecurity.org/benchmark/suse_linux/":["5.2.22"]}'><td style="padding-left: 76px"><a href="#rule-detail-id34446" onclick="return openRuleDetailsDialog('id34446')">Set SSH MaxSessions limit</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_sshd_set_maxstartups" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_sshd_set_maxstartups" id="rule-overview-leaf-id34447" data-tt-parent-id="xccdf_org.ssgproject.content_group_ssh_server" data-references='{"https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf":["2.2.6"],"https://www.cisecurity.org/benchmark/suse_linux/":["5.2.21"]}'><td style="padding-left: 76px"><a href="#rule-detail-id34447" onclick="return openRuleDetailsDialog('id34447')">Ensure SSH MaxStartups is configured</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_sshd_use_approved_ciphers" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_sshd_use_approved_ciphers" id="rule-overview-leaf-id34448" data-tt-parent-id="xccdf_org.ssgproject.content_group_ssh_server" data-references='{"NIST SP 800-171":["3.1.13","3.13.11","3.13.8"],"NIST SP 800-53":["CM-6(a)","AC-17(a)","AC-17(2)","SC-13","MA-4(6)","IA-5(1)(c)","SC-12(2)","SC-12(3)"],"https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf":["2.2.7"],"https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf":["PR.AC-1","PR.AC-3","PR.AC-4","PR.AC-6","PR.AC-7","PR.IP-1","PR.PT-1","PR.PT-3","PR.PT-4"],"https://public.cyber.mil/stigs/cci/":["CCI-000068","CCI-000366","CCI-000803","CCI-000877","CCI-002890","CCI-003123"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000033-GPOS-00014","SRG-OS-000120-GPOS-00061","SRG-OS-000125-GPOS-00065","SRG-OS-000250-GPOS-00093","SRG-OS-000393-GPOS-00173","SRG-OS-000394-GPOS-00174"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux":["SLES-15-010160"],"https://public.cyber.mil/stigs/srg-stig-tools/":["SV-234816r744125_rule"],"https://www.cisecurity.org/benchmark/suse_linux/":["5.2.13"],"https://www.cisecurity.org/controls/":["1","11","12","14","15","16","18","3","5","6","8","9"],"FBI CJIS":["5.5.6"],"HIPAA":["164.308(b)(1)","164.308(b)(2)","164.312(e)(1)","164.312(e)(2)(i)","164.312(e)(2)(ii)","164.314(b)(2)(i)"],"https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu":["SR 1.1","SR 1.10","SR 1.11","SR 1.12","SR 1.13","SR 1.2","SR 1.3","SR 1.4","SR 1.5","SR 1.6","SR 1.7","SR 1.8","SR 1.9","SR 2.1","SR 2.10","SR 2.11","SR 2.12","SR 2.2","SR 2.3","SR 2.4","SR 2.5","SR 2.6","SR 2.7","SR 2.8","SR 2.9","SR 3.1","SR 3.5","SR 3.8","SR 4.1","SR 4.3","SR 5.1","SR 5.2","SR 5.3","SR 7.1","SR 7.6"],"https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat":["4.3.3.2.2","4.3.3.3.9","4.3.3.5.1","4.3.3.5.2","4.3.3.5.3","4.3.3.5.4","4.3.3.5.5","4.3.3.5.6","4.3.3.5.7","4.3.3.5.8","4.3.3.6.1","4.3.3.6.2","4.3.3.6.3","4.3.3.6.4","4.3.3.6.5","4.3.3.6.6","4.3.3.6.7","4.3.3.6.8","4.3.3.6.9","4.3.3.7.1","4.3.3.7.2","4.3.3.7.3","4.3.3.7.4","4.3.4.3.2","4.3.4.3.3","4.3.4.4.7","4.4.2.1","4.4.2.2","4.4.2.4"],"https://www.isaca.org/resources/cobit":["APO11.04","APO13.01","BAI03.05","BAI10.01","BAI10.02","BAI10.03","BAI10.05","DSS01.04","DSS05.02","DSS05.03","DSS05.04","DSS05.05","DSS05.07","DSS05.10","DSS06.03","DSS06.06","DSS06.10","MEA02.01"],"ISO 27001-2013":["A.11.2.6","A.12.1.2","A.12.4.1","A.12.4.2","A.12.4.3","A.12.4.4","A.12.5.1","A.12.6.2","A.12.7.1","A.13.1.1","A.13.2.1","A.14.1.3","A.14.2.2","A.14.2.3","A.14.2.4","A.18.1.4","A.6.1.2","A.6.2.1","A.6.2.2","A.7.1.1","A.9.1.2","A.9.2.1","A.9.2.2","A.9.2.3","A.9.2.4","A.9.2.6","A.9.3.1","A.9.4.1","A.9.4.2","A.9.4.3","A.9.4.4","A.9.4.5"]}'><td style="padding-left: 76px"><a href="#rule-detail-id34448" onclick="return openRuleDetailsDialog('id34448')">Use Only FIPS 140-2 Validated Ciphers</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_sshd_use_approved_ciphers_ordered_stig" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_sshd_use_approved_ciphers_ordered_stig" id="rule-overview-leaf-id34449" data-tt-parent-id="xccdf_org.ssgproject.content_group_ssh_server" data-references='{"https://public.cyber.mil/stigs/cci/":["CCI-000068","CCI-000366","CCI-000803","CCI-000877","CCI-002890","CCI-003123"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000033-GPOS-00014","SRG-OS-000120-GPOS-00061","SRG-OS-000125-GPOS-00065","SRG-OS-000250-GPOS-00093","SRG-OS-000393-GPOS-00173","SRG-OS-000394-GPOS-00174"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux":["SLES-15-010160"],"https://public.cyber.mil/stigs/srg-stig-tools/":["SV-234816r744125_rule"]}'><td style="padding-left: 76px"><a href="#rule-detail-id34449" onclick="return openRuleDetailsDialog('id34449')">Use Only FIPS 140-2 Validated Ciphers</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_sshd_use_approved_macs" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_sshd_use_approved_macs" id="rule-overview-leaf-id34450" data-tt-parent-id="xccdf_org.ssgproject.content_group_ssh_server" data-references='{"NIST SP 800-171":["3.1.13","3.13.11","3.13.8"],"NIST SP 800-53":["CM-6(a)","AC-17(a)","AC-17(2)","SC-13","MA-4(6)","SC-12(2)","SC-12(3)"],"https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf":["2.2.7"],"https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf":["PR.AC-1","PR.AC-3","PR.DS-5","PR.PT-4"],"https://public.cyber.mil/stigs/cci/":["CCI-000068","CCI-000803","CCI-000877","CCI-001453","CCI-003123"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000125-GPOS-00065","SRG-OS-000250-GPOS-00093","SRG-OS-000394-GPOS-00174"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux":["SLES-15-010270"],"https://public.cyber.mil/stigs/srg-stig-tools/":["SV-234826r744126_rule"],"https://www.cisecurity.org/benchmark/suse_linux/":["5.2.14"],"https://www.cisecurity.org/controls/":["1","12","13","15","16","5","8"],"HIPAA":["164.308(b)(1)","164.308(b)(2)","164.312(e)(1)","164.312(e)(2)(i)","164.312(e)(2)(ii)","164.314(b)(2)(i)"],"https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu":["SR 1.1","SR 1.13","SR 1.2","SR 1.3","SR 1.4","SR 1.5","SR 1.7","SR 1.8","SR 1.9","SR 2.6","SR 3.1","SR 3.5","SR 3.8","SR 4.1","SR 4.3","SR 5.1","SR 5.2","SR 5.3","SR 7.1","SR 7.6"],"https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat":["4.3.3.5.1","4.3.3.6.6"],"https://www.isaca.org/resources/cobit":["APO01.06","APO13.01","DSS01.04","DSS05.02","DSS05.03","DSS05.04","DSS05.07","DSS06.02","DSS06.03"],"ISO 27001-2013":["A.10.1.1","A.11.1.4","A.11.1.5","A.11.2.1","A.11.2.6","A.13.1.1","A.13.1.3","A.13.2.1","A.13.2.3","A.13.2.4","A.14.1.2","A.14.1.3","A.6.1.2","A.6.2.1","A.6.2.2","A.7.1.1","A.7.1.2","A.7.3.1","A.8.2.2","A.8.2.3","A.9.1.1","A.9.1.2","A.9.2.1","A.9.2.2","A.9.2.3","A.9.2.4","A.9.2.6","A.9.3.1","A.9.4.1","A.9.4.2","A.9.4.3","A.9.4.4","A.9.4.5"]}'><td style="padding-left: 76px"><a href="#rule-detail-id34450" onclick="return openRuleDetailsDialog('id34450')">Use Only FIPS 140-2 Validated MACs</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_sshd_use_approved_macs_ordered_stig" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_sshd_use_approved_macs_ordered_stig" id="rule-overview-leaf-id34451" data-tt-parent-id="xccdf_org.ssgproject.content_group_ssh_server" data-references='{"https://public.cyber.mil/stigs/cci/":["CCI-000068","CCI-000803","CCI-000877","CCI-001453","CCI-003123"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000125-GPOS-00065","SRG-OS-000250-GPOS-00093","SRG-OS-000394-GPOS-00174"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux":["SLES-15-010270"],"https://public.cyber.mil/stigs/srg-stig-tools/":["SV-234826r744126_rule"]}'><td style="padding-left: 76px"><a href="#rule-detail-id34451" onclick="return openRuleDetailsDialog('id34451')">Use Only FIPS 140-2 Validated MACs</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_file_permissions_sshd_config" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_file_permissions_sshd_config" id="rule-overview-leaf-id34452" data-tt-parent-id="xccdf_org.ssgproject.content_group_ssh" data-references='{"NIST SP 800-53":["AC-17(a)","CM-6(a)","AC-6(1)"],"https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf":["2.2.6"],"https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf":["PR.AC-4","PR.DS-5"],"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os":["SRG-OS-000480-GPOS-00227"],"https://www.cisecurity.org/benchmark/suse_linux/":["5.2.1"],"https://www.cisecurity.org/controls/":["12","13","14","15","16","18","3","5"],"https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu":["SR 2.1","SR 5.2"],"https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat":["4.3.3.7.3"],"https://www.isaca.org/resources/cobit":["APO01.06","DSS05.04","DSS05.07","DSS06.02"],"ISO 27001-2013":["A.10.1.1","A.11.1.4","A.11.1.5","A.11.2.1","A.13.1.1","A.13.1.3","A.13.2.1","A.13.2.3","A.13.2.4","A.14.1.2","A.14.1.3","A.6.1.2","A.7.1.1","A.7.1.2","A.7.3.1","A.8.2.2","A.8.2.3","A.9.1.1","A.9.1.2","A.9.2.3","A.9.4.1","A.9.4.4","A.9.4.5"],"https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx":["CIP-003-8 R5.1.1","CIP-003-8 R5.3","CIP-004-6 R2.3","CIP-007-3 R2.1","CIP-007-3 R2.2","CIP-007-3 R2.3","CIP-007-3 R5.1","CIP-007-3 R5.1.1","CIP-007-3 R5.1.2"]}'><td style="padding-left: 57px"><a href="#rule-detail-id34452" onclick="return openRuleDetailsDialog('id34452')">Verify Permissions on SSH Server config file</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr></tbody></table></div><div class="js-only hidden-print"><button type="button" class="btn btn-info" onclick="return toggleResultDetails(this)">Show all result details</button></div><div id="result-details"><h2>Result Details</h2><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_aide_check_audit_tools" id="rule-detail-id34292"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Configure AIDE to Verify the Audit Toolsxccdf_org.ssgproject.content_rule_aide_check_audit_tools mediumCCE-85610-4 </div><div class="panel-heading"><h3 class="panel-title">Configure AIDE to Verify the Audit Tools</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_aide_check_audit_tools</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-aide_check_audit_tools:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:06+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
            <abbr title="https://ncp.nist.gov/cce: CCE-85610-4">CCE-85610-4</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
            <a href="https://public.cyber.mil/stigs/cci/">CCI-001496</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-9(3)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-9(3).1</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000278-GPOS-00108</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">SLES-15-030630</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-234962r622137_rule</a></p></td></tr><tr><td>Description</td><td><div class="description">The operating system file integrity tool must be configured to protect the integrity of the audit tools.</div></td></tr><tr><td>Rationale</td><td><div class="rationale">Protecting the integrity of the tools used for auditing purposes is a
critical step toward ensuring the integrity of audit information. Audit
information includes all information (e.g., audit records, audit settings,
and audit reports) needed to successfully audit information system
activity.

Audit tools include but are not limited to vendor-provided and open-source
audit tools needed to successfully view and manipulate audit information
system activity and records. Audit tools include custom queries and report
generators.

It is not uncommon for attackers to replace the audit tools or inject code
into the existing tools to provide the capability to hide or erase system
activity from the audit logs.

To address this risk, audit tools must be cryptographically signed to
provide the capability to identify when the audit tools have been modified,
manipulated, or replaced. An example is a checksum hash of the file or
files.</div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">package aide is installed</span>Â 
        <span class="label label-default">oval:ssg-test_package_aide_installed:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th><th>Arch</th><th>Epoch</th><th>Release</th><th>Version</th><th>Evr</th><th>Signature keyid</th><th>Extended name</th></tr></thead><tbody><tr><td>aide</td><td>x86_64</td><td>(none)</td><td>24.1</td><td>0.16</td><td>0:0.16-24.1</td><td>70af9e8139db7c82</td><td>aide-0:0.16-24.1.x86_64</td></tr></tbody></table><h4><span class="label label-primary">auditctl is checked in /etc/aide.conf</span>Â 
        <span class="label label-default">oval:ssg-test_aide_verify_auditctl:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/aide.conf</td><td>/usr/sbin/auditctl p+i+n+u+g+s+b+acl+selinux+xattrs+sha512</td></tr></tbody></table><h4><span class="label label-primary">auditd is checked in /etc/aide.conf</span>Â 
        <span class="label label-default">oval:ssg-test_aide_verify_auditd:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/aide.conf</td><td>/usr/sbin/auditd p+i+n+u+g+s+b+acl+selinux+xattrs+sha512</td></tr></tbody></table><h4><span class="label label-primary">ausearch is checked in /etc/aide.conf</span>Â 
        <span class="label label-default">oval:ssg-test_aide_verify_ausearch:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/aide.conf</td><td>/usr/sbin/ausearch p+i+n+u+g+s+b+acl+selinux+xattrs+sha512</td></tr></tbody></table><h4><span class="label label-primary">aureport is checked in /etc/aide.conf</span>Â 
        <span class="label label-default">oval:ssg-test_aide_verify_aureport:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/aide.conf</td><td>/usr/sbin/aureport p+i+n+u+g+s+b+acl+selinux+xattrs+sha512</td></tr></tbody></table><h4><span class="label label-primary">autrace is checked in /etc/aide.conf</span>Â 
        <span class="label label-default">oval:ssg-test_aide_verify_autrace:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/aide.conf</td><td>/usr/sbin/autrace p+i+n+u+g+s+b+acl+selinux+xattrs+sha512</td></tr></tbody></table><h4><span class="label label-primary">audispd is checked in /etc/aide.conf</span>Â 
        <span class="label label-default">oval:ssg-test_aide_verify_audispd:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/aide.conf</td><td>/usr/sbin/audispd p+i+n+u+g+s+b+acl+selinux+xattrs+sha512</td></tr></tbody></table><h4><span class="label label-primary">augenrules is checked in /etc/aide.conf</span>Â 
        <span class="label label-default">oval:ssg-test_aide_verify_augenrules:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/aide.conf</td><td>/usr/sbin/augenrules p+i+n+u+g+s+b+acl+selinux+xattrs+sha512</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_aide_periodic_cron_checking" id="rule-detail-id34293"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Configure Periodic Execution of AIDExccdf_org.ssgproject.content_rule_aide_periodic_cron_checking mediumCCE-85671-6 </div><div class="panel-heading"><h3 class="panel-title">Configure Periodic Execution of AIDE</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_aide_periodic_cron_checking</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-aide_periodic_cron_checking:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:06+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
            <abbr title="https://ncp.nist.gov/cce: CCE-85671-6">CCE-85671-6</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R51)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.10.1.3</a>, <a href="https://www.isaca.org/resources/cobit">APO01.06</a>, <a href="https://www.isaca.org/resources/cobit">BAI01.06</a>, <a href="https://www.isaca.org/resources/cobit">BAI02.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI06.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.02</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.03</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS04.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.06</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001744</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002699</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002702</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.3.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.3.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.5.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.6.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.3</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">SI-6(d)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.DS-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.DS-6</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.DS-8</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.IP-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.IP-3</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-11.5</a>, <a href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">11.5.2</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000363-GPOS-00150</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000446-GPOS-00200</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000447-GPOS-00201</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">SLES-15-010420</a>, <a href="https://www.cisecurity.org/benchmark/suse_linux/">1.4.2</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-234851r622137_rule</a></p></td></tr><tr><td>Description</td><td><div class="description">At a minimum, AIDE should be configured to run a weekly scan.
To implement a daily execution of AIDE at 4:05am using cron, add the following line to <code>/etc/crontab</code>:
<pre>05 4 * * * root /usr/bin/aide --check</pre>
To implement a weekly execution of AIDE at 4:05am using cron, add the following line to <code>/etc/crontab</code>:
<pre>05 4 * * 0 root /usr/bin/aide --check</pre>
AIDE can be executed periodically through other means; this is merely one example.
The usage of cron's special time codes, such as  <code>@daily</code> and
<code>@weekly</code> is acceptable.</div></td></tr><tr><td>Rationale</td><td><div class="rationale">By default, AIDE does not install itself for periodic execution. Periodically
running AIDE is necessary to reveal unexpected changes in installed files.
<br><br>
Unauthorized changes to the baseline configuration could make the system vulnerable
to various attacks or allow unauthorized access to the operating system. Changes to
operating system configurations can have unintended side effects, some of which may
be relevant to security.
<br><br>
Detecting such changes and providing an automated response can help avoid unintended,
negative consequences that could ultimately affect the security state of the operating
system. The operating system's Information Management Officer (IMO)/Information System
Security Officer (ISSO) and System Administrators (SAs) must be notified via email and/or
monitoring system trap when there is an unauthorized modification of a configuration item.</div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">package aide is installed</span>Â 
        <span class="label label-default">oval:ssg-test_package_aide_installed:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th><th>Arch</th><th>Epoch</th><th>Release</th><th>Version</th><th>Evr</th><th>Signature keyid</th><th>Extended name</th></tr></thead><tbody><tr><td>aide</td><td>x86_64</td><td>(none)</td><td>24.1</td><td>0.16</td><td>0:0.16-24.1</td><td>70af9e8139db7c82</td><td>aide-0:0.16-24.1.x86_64</td></tr></tbody></table><h4><span class="label label-primary">run aide with cron</span>Â 
        <span class="label label-default">oval:ssg-test_aide_periodic_cron_checking:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/crontab</td><td>05 4 * * * root /usr/bin/aide --check</td></tr></tbody></table><h4><span class="label label-primary">run aide with cron</span>Â 
        <span class="label label-default">oval:ssg-test_aide_crond_checking:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="run aide with cron">oval:ssg-object_test_aide_crond_checking:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Filename</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/cron.d</td><td>^.*$</td><td>^(([0-9]*[\s]*[0-9]*[\s]*\*[\s]*\*[\s]*(\*|([0-7]|mon|tue|wed|thu|fri|sat|sun)|[0-7]-[0-7]))|@(hourly|daily|weekly))[\s]*root[\s]*\/usr\/bin\/aide[\s]*\-\-check.*$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">run aide with cron</span>Â 
        <span class="label label-default">oval:ssg-test_aide_var_cron_checking:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="run aide with cron">oval:ssg-object_aide_var_cron_checking:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/var/spool/cron/root</td><td>^(([0-9]*[\s]*[0-9]*[\s]*\*[\s]*\*[\s]*(\*|([0-7]|mon|tue|wed|thu|fri|sat|sun)|[0-7]-[0-7]))|@(hourly|daily|weekly))[\s]*(root)?[\s]*\/usr\/bin\/aide[\s]*\-\-check.*$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">run aide with cron.(daily|weekly)</span>Â 
        <span class="label label-default">oval:ssg-test_aide_crontabs_checking:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="run aide with cron.(daily|weekly)">oval:ssg-object_aide_crontabs_checking:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Filename</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>^/etc/cron.(daily|weekly)$</td><td>^.*$</td><td>^[^#]*\/usr\/bin\/aide\s+\-\-check\s*$</td><td>1</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_aide_verify_acls" id="rule-detail-id34294"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Configure AIDE to Verify Access Control Lists (ACLs)xccdf_org.ssgproject.content_rule_aide_verify_acls lowCCE-85623-7 </div><div class="panel-heading"><h3 class="panel-title">Configure AIDE to Verify Access Control Lists (ACLs)</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_aide_verify_acls</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-aide_verify_acls:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:06+00:00</td></tr><tr><td>Severity</td><td>low</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
            <abbr title="https://ncp.nist.gov/cce: CCE-85623-7">CCE-85623-7</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R51)</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.isaca.org/resources/cobit">APO01.06</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI06.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.02</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.5.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.4</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">SI-7</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">SI-7(1)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.DS-6</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.DS-8</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">SLES-15-040040</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-234986r622137_rule</a></p></td></tr><tr><td>Description</td><td><div class="description">By default, the <code>acl</code> option is added to the <code>FIPSR</code> ruleset in AIDE.
If using a custom ruleset or the <code>acl</code> option is missing, add <code>acl</code>
to the appropriate ruleset.
For example, add <code>acl</code> to the following line in <code>/etc/aide.conf</code>:
<pre>FIPSR = p+i+n+u+g+s+m+c+acl+selinux+xattrs+sha256</pre>
AIDE rules can be configured in multiple ways; this is merely one example that is already
configured by default.

The remediation provided with this rule adds <code>acl</code> to all rule sets available in
<code>/etc/aide.conf</code></div></td></tr><tr><td>Rationale</td><td><div class="rationale">ACLs can provide permissions beyond those permitted through the file mode and must be
verified by the file integrity tools.</div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">package aide is installed</span>Â 
        <span class="label label-default">oval:ssg-test_package_aide_installed:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th><th>Arch</th><th>Epoch</th><th>Release</th><th>Version</th><th>Evr</th><th>Signature keyid</th><th>Extended name</th></tr></thead><tbody><tr><td>aide</td><td>x86_64</td><td>(none)</td><td>24.1</td><td>0.16</td><td>0:0.16-24.1</td><td>70af9e8139db7c82</td><td>aide-0:0.16-24.1.x86_64</td></tr></tbody></table><h4><span class="label label-primary">acl is set in /etc/aide.conf</span>Â 
        <span class="label label-default">oval:ssg-test_aide_verify_acls:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/aide.conf</td><td>Logs = p+i+n+u+g+S+acl+xattrs</td></tr><tr><td>/etc/aide.conf</td><td>Binlib = p+i+n+u+g+s+b+m+c+sha256+sha512+acl+xattrs</td></tr><tr><td>/etc/aide.conf</td><td>ManPages = p+i+n+u+g+s+b+m+c+sha256+sha512+acl+xattrs</td></tr><tr><td>/etc/aide.conf</td><td>ConfFiles = p+i+n+u+g+s+b+m+c+sha256+sha512+acl+xattrs</td></tr><tr><td>/etc/aide.conf</td><td>Databases = p+n+u+g+acl+xattrs</td></tr><tr><td>/etc/aide.conf</td><td>StaticDir = p+i+n+u+g+acl+xattrs</td></tr><tr><td>/etc/aide.conf</td><td>Devices = p+i+n+u+g+s+b+c+sha256+sha512+acl+xattrs</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_aide_verify_ext_attributes" id="rule-detail-id34295"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Configure AIDE to Verify Extended Attributesxccdf_org.ssgproject.content_rule_aide_verify_ext_attributes lowCCE-85624-5 </div><div class="panel-heading"><h3 class="panel-title">Configure AIDE to Verify Extended Attributes</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_aide_verify_ext_attributes</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-aide_verify_ext_attributes:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:06+00:00</td></tr><tr><td>Severity</td><td>low</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
            <abbr title="https://ncp.nist.gov/cce: CCE-85624-5">CCE-85624-5</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R51)</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.isaca.org/resources/cobit">APO01.06</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI06.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.02</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.5.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.4</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">SI-7</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">SI-7(1)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.DS-6</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.DS-8</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">SLES-15-040050</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-234987r622137_rule</a></p></td></tr><tr><td>Description</td><td><div class="description">By default, the <code>xattrs</code> option is added to the <code>FIPSR</code> ruleset in AIDE.
If using a custom ruleset or the <code>xattrs</code> option is missing, add <code>xattrs</code>
to the appropriate ruleset.
For example, add <code>xattrs</code> to the following line in <code>/etc/aide.conf</code>:
<pre>FIPSR = p+i+n+u+g+s+m+c+acl+selinux+xattrs+sha256</pre>
AIDE rules can be configured in multiple ways; this is merely one example that is already
configured by default.

The remediation provided with this rule adds <code>xattrs</code> to all rule sets available in
<code>/etc/aide.conf</code></div></td></tr><tr><td>Rationale</td><td><div class="rationale">Extended attributes in file systems are used to contain arbitrary data and file metadata
with security implications.</div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">package aide is installed</span>Â 
        <span class="label label-default">oval:ssg-test_package_aide_installed:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th><th>Arch</th><th>Epoch</th><th>Release</th><th>Version</th><th>Evr</th><th>Signature keyid</th><th>Extended name</th></tr></thead><tbody><tr><td>aide</td><td>x86_64</td><td>(none)</td><td>24.1</td><td>0.16</td><td>0:0.16-24.1</td><td>70af9e8139db7c82</td><td>aide-0:0.16-24.1.x86_64</td></tr></tbody></table><h4><span class="label label-primary">xattrs is set in /etc/aide.conf</span>Â 
        <span class="label label-default">oval:ssg-test_aide_verify_ext_attributes:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/aide.conf</td><td>Logs = p+i+n+u+g+S+acl+xattrs</td></tr><tr><td>/etc/aide.conf</td><td>Binlib = p+i+n+u+g+s+b+m+c+sha256+sha512+acl+xattrs</td></tr><tr><td>/etc/aide.conf</td><td>ManPages = p+i+n+u+g+s+b+m+c+sha256+sha512+acl+xattrs</td></tr><tr><td>/etc/aide.conf</td><td>ConfFiles = p+i+n+u+g+s+b+m+c+sha256+sha512+acl+xattrs</td></tr><tr><td>/etc/aide.conf</td><td>Databases = p+n+u+g+acl+xattrs</td></tr><tr><td>/etc/aide.conf</td><td>StaticDir = p+i+n+u+g+acl+xattrs</td></tr><tr><td>/etc/aide.conf</td><td>Devices = p+i+n+u+g+s+b+c+sha256+sha512+acl+xattrs</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_sudo_add_use_pty" id="rule-detail-id34296"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Ensure Only Users Logged In To Real tty Can Execute Sudo - sudo use_ptyxccdf_org.ssgproject.content_rule_sudo_add_use_pty mediumCCE-91190-9 </div><div class="panel-heading"><h3 class="panel-title">Ensure Only Users Logged In To Real tty Can Execute Sudo - sudo use_pty</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_sudo_add_use_pty</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-sudo_add_use_pty:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:06+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
            <abbr title="https://ncp.nist.gov/cce: CCE-91190-9">CCE-91190-9</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R58)</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.2.5</a>, <a href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">10.2.1.5</a>, <a href="https://www.cisecurity.org/benchmark/suse_linux/">1.3.2</a></p></td></tr><tr><td>Description</td><td><div class="description">The sudo <code>use_pty</code> tag, when specified, will only execute sudo
commands from users logged in to a real tty.
This should be enabled by making sure that the <code>use_pty</code> tag exists in
<code>/etc/sudoers</code> configuration file or any sudo configuration snippets
in <code>/etc/sudoers.d/</code>.</div></td></tr><tr><td>Rationale</td><td><div class="rationale">Requiring that sudo commands be run in a pseudo-terminal can prevent an attacker from retaining
access to the user's terminal after the main program has finished executing.</div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">use_pty exists in /etc/sudoers or /etc/sudoers.d/</span>Â 
        <span class="label label-default">oval:ssg-test_use_pty_sudoers:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/sudoers</td><td>Defaults use_pty</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_sudo_custom_logfile" id="rule-detail-id34297"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Ensure Sudo Logfile Exists - sudo logfilexccdf_org.ssgproject.content_rule_sudo_custom_logfile lowCCE-91311-1 </div><div class="panel-heading"><h3 class="panel-title">Ensure Sudo Logfile Exists - sudo logfile</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_sudo_custom_logfile</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-sudo_custom_logfile:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:06+00:00</td></tr><tr><td>Severity</td><td>low</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
            <abbr title="https://ncp.nist.gov/cce: CCE-91311-1">CCE-91311-1</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
            <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.2.5</a>, <a href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">10.2.1.5</a>, <a href="https://www.cisecurity.org/benchmark/suse_linux/">1.3.3</a></p></td></tr><tr><td>Description</td><td><div class="description">A custom log sudo file can be configured with the 'logfile' tag. This rule configures
a sudo custom logfile at the default location suggested by CIS, which uses
/var/log/sudo.log.</div></td></tr><tr><td>Rationale</td><td><div class="rationale">A sudo log file simplifies auditing of sudo commands.</div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">logfile exists in /etc/sudoers or /etc/sudoers.d/</span>Â 
        <span class="label label-default">oval:ssg-test_logfile_sudoers:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/sudoers</td><td>Defaults logfile=/var/log/sudo.log</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_ensure_gpgcheck_globally_activated" id="rule-detail-id34298"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Ensure gpgcheck Enabled In Main zypper Configurationxccdf_org.ssgproject.content_rule_ensure_gpgcheck_globally_activated highCCE-83290-7 </div><div class="panel-heading"><h3 class="panel-title">Ensure gpgcheck Enabled In Main zypper Configuration</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_ensure_gpgcheck_globally_activated</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-ensure_gpgcheck_globally_activated:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:06+00:00</td></tr><tr><td>Severity</td><td>high</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
            <abbr title="https://ncp.nist.gov/cce: CCE-83290-7">CCE-83290-7</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R15)</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.10.4.1</a>, <a href="https://www.isaca.org/resources/cobit">APO01.06</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI06.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.02</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.03</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.02</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.4.8</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001749</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(c)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(c)(2)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)(2)(i)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.3.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.3.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.5.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.6.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.4</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-5(3)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">SI-7</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">SC-12</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">SC-12(3)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">SA-12</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">SA-12(10)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-11(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-11(b)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.DS-6</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.DS-8</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.IP-1</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FPT_TUD_EXT.1</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FPT_TUD_EXT.2</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-6.2</a>, <a href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">6.3.3</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000366-GPOS-00153</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">SLES-15-010430</a>, <a href="https://www.cisecurity.org/benchmark/suse_linux/">1.2.3</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-234852r622137_rule</a></p></td></tr><tr><td>Description</td><td><div class="description">The <code>gpgcheck</code> option controls whether
RPM packages' signatures are always checked prior to installation.
To configure zypper to check package signatures before installing
them, ensure the following line appears in <code>/etc/zypp/zypp.conf</code> in
the <code>[main]</code> section:
<pre>gpgcheck=1</pre></div></td></tr><tr><td>Rationale</td><td><div class="rationale">Changes to any software components can have significant effects on the
overall security of the operating system. This requirement ensures the
software has not been tampered with and that it has been provided by a
trusted vendor.
<br>
Accordingly, patches, service packs, device drivers, or operating system
components must be signed with a certificate recognized and approved by the
organization.
<br>Verifying the authenticity of the software prior to installation
validates the integrity of the patch or upgrade received from a vendor.
This ensures the software has not been tampered with and that it has been
provided by a trusted vendor. Self-signed certificates are disallowed by
this requirement. Certificates used to verify the software must be from an
approved Certificate Authority (CA).</div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">check value of gpgcheck in /etc/zypp/zypp.conf</span>Â 
        <span class="label label-default">oval:ssg-test_ensure_gpgcheck_globally_activated:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/zypp/zypp.conf</td><td>gpgcheck = 1
</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_banner_etc_issue" id="rule-detail-id34299"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Modify the System Login Bannerxccdf_org.ssgproject.content_rule_banner_etc_issue mediumCCE-83262-6 </div><div class="panel-heading"><h3 class="panel-title">Modify the System Login Banner</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_banner_etc_issue</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-banner_etc_issue:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:06+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
            <abbr title="https://ncp.nist.gov/cce: CCE-83262-6">CCE-83262-6</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.10</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.10</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.9</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000048</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000050</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001384</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001385</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001386</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001387</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001388</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.9</a>, <a href="https://www.iso.org/standard/54534.html">A.18.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.3</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-8(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-8(c)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-7</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FMT_MOF_EXT.1</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000023-GPOS-00006</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000228-GPOS-00088</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">SLES-15-010020</a>, <a href="https://www.cisecurity.org/benchmark/suse_linux/">1.8.1.2</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-234803r622137_rule</a></p></td></tr><tr><td>Description</td><td><div class="description">
To configure the system login banner edit <code>/etc/issue</code>. Replace the
default text with a message compliant with the local site policy or a legal
disclaimer.


The DoD required text is either:
<br><br>
<code>You are accessing a U.S. Government (USG) Information System (IS) that
is provided for USG-authorized use only. By using this IS (which includes
any device attached to this IS), you consent to the following conditions:
<br>-The USG routinely intercepts and monitors communications on this IS
for purposes including, but not limited to, penetration testing, COMSEC
monitoring, network operations and defense, personnel misconduct (PM), law
enforcement (LE), and counterintelligence (CI) investigations.
<br>-At any time, the USG may inspect and seize data stored on this IS.
<br>-Communications using, or data stored on, this IS are not private,
are subject to routine monitoring, interception, and search, and may be
disclosed or used for any USG-authorized purpose.
<br>-This IS includes security measures (e.g., authentication and access
controls) to protect USG interests -- not for your personal benefit or
privacy.
<br>-Notwithstanding the above, using this IS does not constitute consent
to PM, LE or CI investigative searching or monitoring of the content of
privileged communications, or work product, related to personal
representation or services by attorneys, psychotherapists, or clergy, and
their assistants. Such communications and work product are private and
confidential. See User Agreement for details.</code>
<br><br>
OR:
<br><br>
<code>I've read &amp; consent to terms in IS user agreem't.</code></div></td></tr><tr><td>Rationale</td><td><div class="rationale">Display of a standardized and approved use notification before granting
access to the operating system ensures privacy and security notification
verbiage used is consistent with applicable federal laws, Executive Orders,
directives, policies, regulations, standards, and guidance.
<br><br>
System use notifications are required only for access via login interfaces
with human users and are not required when such human interfaces do not
exist.</div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">correct banner in /etc/issue</span>Â 
        <span class="label label-default">oval:ssg-test_banner_etc_issue:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/issue.d/99-oscap-setting</td><td>Authorized uses only. All activity may be monitored and reported.
</td></tr><tr><td>/etc/issue.d/80-hostinfo-00-space</td><td>
</td></tr><tr><td>/etc/issue.d/00-OS</td><td>
</td></tr><tr><td>/etc/issue.d/90-OS</td><td>
</td></tr><tr><td>/etc/issue</td><td>

Welcome to SUSE Linux Enterprise Server 15 SP5  (x86_64) - Kernel \r (\l).

eth0: \4{eth0} \6{eth0}

Current As Of:            Tue Oct 10 09:40:42 2023
Network Interfaces
 eth0:                    (Unconfigured)



Authorized uses only. All activity may be monitored and reported.
</td></tr><tr><td>/etc/issue.d/80-hostinfo-02-date</td><td>Current As Of:            Tue Oct 10 09:40:42 2023
</td></tr><tr><td>/etc/issue.d/80-hostinfo-06-network</td><td>Network Interfaces
 eth0:                    (Unconfigured)
</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_banner_etc_motd" id="rule-detail-id34300"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Modify the System Message of the Day Bannerxccdf_org.ssgproject.content_rule_banner_etc_motd mediumCCE-91349-1 </div><div class="panel-heading"><h3 class="panel-title">Modify the System Message of the Day Banner</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_banner_etc_motd</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-banner_etc_motd:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:06+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
            <abbr title="https://ncp.nist.gov/cce: CCE-91349-1">CCE-91349-1</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
            <a href="https://www.cisecurity.org/benchmark/suse_linux/">1.8.1.1</a></p></td></tr><tr><td>Description</td><td><div class="description">To configure the system message banner edit <code>/etc/motd</code>. Replace the
default text with a message compliant with the local site policy or a legal
disclaimer.

The DoD required text is either:
<br><br>
<code>You are accessing a U.S. Government (USG) Information System (IS) that
is provided for USG-authorized use only. By using this IS (which includes
any device attached to this IS), you consent to the following conditions:
<br>-The USG routinely intercepts and monitors communications on this IS
for purposes including, but not limited to, penetration testing, COMSEC
monitoring, network operations and defense, personnel misconduct (PM), law
enforcement (LE), and counterintelligence (CI) investigations.
<br>-At any time, the USG may inspect and seize data stored on this IS.
<br>-Communications using, or data stored on, this IS are not private,
are subject to routine monitoring, interception, and search, and may be
disclosed or used for any USG-authorized purpose.
<br>-This IS includes security measures (e.g., authentication and access
controls) to protect USG interests -- not for your personal benefit or
privacy.
<br>-Notwithstanding the above, using this IS does not constitute consent
to PM, LE or CI investigative searching or monitoring of the content of
privileged communications, or work product, related to personal
representation or services by attorneys, psychotherapists, or clergy, and
their assistants. Such communications and work product are private and
confidential. See User Agreement for details.</code>
<br><br>
OR:
<br><br>
<code>I've read &amp; consent to terms in IS user agreem't.</code></div></td></tr><tr><td>Rationale</td><td><div class="rationale">Display of a standardized and approved use notification before granting
access to the operating system ensures privacy and security notification
verbiage used is consistent with applicable federal laws, Executive Orders,
directives, policies, regulations, standards, and guidance.
<br><br>
System use notifications are required only for access via login interfaces
with human users and are not required when such human interfaces do not
exist.</div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">correct banner in /etc/motd</span>Â 
        <span class="label label-default">oval:ssg-test_banner_etc_motd:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/motd</td><td>Authorized uses only. All activity may be monitored and reported.
</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_file_groupowner_etc_issue" id="rule-detail-id34301"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Verify Group Ownership of System Login Bannerxccdf_org.ssgproject.content_rule_file_groupowner_etc_issue mediumCCE-91355-8 </div><div class="panel-heading"><h3 class="panel-title">Verify Group Ownership of System Login Banner</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_file_groupowner_etc_issue</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-file_groupowner_etc_issue:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:06+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
            <abbr title="https://ncp.nist.gov/cce: CCE-91355-8">CCE-91355-8</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
            <a href="https://www.cisecurity.org/benchmark/suse_linux/">1.8.1.5</a></p></td></tr><tr><td>Description</td><td><div class="description">
To properly set the group owner of <code>/etc/issue</code>, run the command:
<pre>$ sudo chgrp root /etc/issue</pre></div></td></tr><tr><td>Rationale</td><td><div class="rationale">Display of a standardized and approved use notification before granting
access to the operating system ensures privacy and security notification
verbiage used is consistent with applicable federal laws, Executive Orders,
directives, policies, regulations, standards, and guidance.<br>
Proper group ownership will ensure that only root user can modify the banner.</div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">Testing group ownership of /etc/issue.d/</span>Â 
        <span class="label label-default">oval:ssg-test_file_groupowner_etc_issue_0:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="/etc/issue.d/">oval:ssg-object_file_groupowner_etc_issue_0:obj:1</abbr></strong> of type
                <strong>file_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Behaviors</th><th>Path</th><th>Filename</th><th>Filter</th><th>Filter</th></tr></thead><tbody><tr><td>no value</td><td>/etc/issue.d</td><td>^.*$</td><td>oval:ssg-symlink_file_groupowner_etc_issue_uid_0:ste:1</td><td>oval:ssg-state_file_groupowner_etc_issue_gid_0_0:ste:1</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_file_owner_etc_issue" id="rule-detail-id34302"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Verify ownership of System Login Bannerxccdf_org.ssgproject.content_rule_file_owner_etc_issue mediumCCE-91356-6 </div><div class="panel-heading"><h3 class="panel-title">Verify ownership of System Login Banner</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_file_owner_etc_issue</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-file_owner_etc_issue:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:06+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
            <abbr title="https://ncp.nist.gov/cce: CCE-91356-6">CCE-91356-6</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
            <a href="https://www.cisecurity.org/benchmark/suse_linux/">1.8.1.5</a></p></td></tr><tr><td>Description</td><td><div class="description">
To properly set the owner of <code>/etc/issue</code>, run the command:
<pre>$ sudo chown root /etc/issue </pre></div></td></tr><tr><td>Rationale</td><td><div class="rationale">Display of a standardized and approved use notification before granting
access to the operating system ensures privacy and security notification
verbiage used is consistent with applicable federal laws, Executive Orders,
directives, policies, regulations, standards, and guidance.<br>
Proper ownership will ensure that only root user can modify the banner.</div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">Testing user ownership of /etc/issue.d/</span>Â 
        <span class="label label-default">oval:ssg-test_file_owner_etc_issue_0:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="/etc/issue.d/">oval:ssg-object_file_owner_etc_issue_0:obj:1</abbr></strong> of type
                <strong>file_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Behaviors</th><th>Path</th><th>Filename</th><th>Filter</th><th>Filter</th></tr></thead><tbody><tr><td>no value</td><td>/etc/issue.d</td><td>^.*$</td><td>oval:ssg-symlink_file_owner_etc_issue_uid_0:ste:1</td><td>oval:ssg-state_file_owner_etc_issue_uid_0_0:ste:1</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_accounts_password_pam_pwhistory_remember" id="rule-detail-id34303"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Limit Password Reusexccdf_org.ssgproject.content_rule_accounts_password_pam_pwhistory_remember mediumCCE-91398-8 </div><div class="panel-heading"><h3 class="panel-title">Limit Password Reuse</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_accounts_password_pam_pwhistory_remember</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-accounts_password_pam_pwhistory_remember:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:06+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
            <abbr title="https://ncp.nist.gov/cce: CCE-91398-8">CCE-91398-8</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
            <a href="https://public.cyber.mil/stigs/cci/">CCI-000200</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000077-GPOS-00045</a>, <a href="https://www.cisecurity.org/benchmark/suse_linux/">5.3.3</a></p></td></tr><tr><td>Description</td><td><div class="description">Do not allow users to reuse recent passwords. This can be
accomplished by using the <code>remember</code> option for the
<code>pam_pwhistory</code> PAM modules.
<br><br>
In the file <code>/etc/pam.d/common-password</code>, make sure the parameters
<code>remember</code> and <code>use_authtok</code> are present, and that the value
for the <code>remember</code> parameter is <abbr title="from TestResult: xccdf_org.ssgproject.content_value_var_password_pam_remember">5</abbr> or greater. For example:
<pre>password requisite pam_pwhistory.so <i>...existing_options...</i> remember=<abbr title="from TestResult: xccdf_org.ssgproject.content_value_var_password_pam_remember">5</abbr> use_authtok</pre>
The DoD STIG requirement is 5 passwords.</div></td></tr><tr><td>Rationale</td><td><div class="rationale">Preventing re-use of previous passwords helps ensure that a compromised password is not re-used by a user.</div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">Verify remember configuation of pam_pwhistory.so</span>Â 
        <span class="label label-default">oval:ssg-test_pam_password_pam_pwhistory_remember:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/pam.d/common-password</td><td>password requisite pam_pwhistory.so remember=5  use_authtok</td></tr></tbody></table><h4><span class="label label-primary">Verify use_authtok configuation of pam_pwhistory.so</span>Â 
        <span class="label label-default">oval:ssg-test_pam_password_pam_pwhistory_use_authtok:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/pam.d/common-password</td><td>password requisite pam_pwhistory.so remember=5  use_authtok
</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_accounts_passwords_pam_faildelay_delay" id="rule-detail-id34304"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Enforce Delay After Failed Logon Attemptsxccdf_org.ssgproject.content_rule_accounts_passwords_pam_faildelay_delay mediumCCE-85619-5 </div><div class="panel-heading"><h3 class="panel-title">Enforce Delay After Failed Logon Attempts</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_accounts_passwords_pam_faildelay_delay</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-accounts_passwords_pam_faildelay_delay:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:06+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
            <abbr title="https://ncp.nist.gov/cce: CCE-85619-5">CCE-85619-5</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
            <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00226</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">SLES-15-040000</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-234982r622137_rule</a></p></td></tr><tr><td>Description</td><td><div class="description">To configure the system to introduce a delay after failed logon attempts,
add or correct the <code>pam_faildelay</code> settings in
<code>/etc/pam.d/common-auth</code> to make sure its <code>delay</code> parameter
is at least <abbr title="from TestResult: xccdf_org.ssgproject.content_value_var_password_pam_delay">4000000</abbr> or greater. For example:
<pre>auth required pam_faildelay.so delay=<abbr title="from TestResult: xccdf_org.ssgproject.content_value_var_password_pam_delay">4000000</abbr></pre></div></td></tr><tr><td>Rationale</td><td><div class="rationale">Limiting the number of logon attempts over a certain time interval reduces
the chances that an unauthorized user may gain access to an account.</div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">Verify delay configuation of pam_faildelay.so</span>Â 
        <span class="label label-default">oval:ssg-test_pam_auth_pam_faildelay_delay:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/pam.d/common-auth</td><td>auth required pam_faildelay.so delay=4000000
</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_accounts_passwords_pam_tally2" id="rule-detail-id34305"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Set Deny For Failed Password Attemptsxccdf_org.ssgproject.content_rule_accounts_passwords_pam_tally2 mediumCCE-85554-4 </div><div class="panel-heading"><h3 class="panel-title">Set Deny For Failed Password Attempts</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_accounts_passwords_pam_tally2</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-accounts_passwords_pam_tally2:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:06+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
            <abbr title="https://ncp.nist.gov/cce: CCE-85554-4">CCE-85554-4</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
            <a href="https://public.cyber.mil/stigs/cci/">CCI-000044</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-8.1.6</a>, <a href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">8.3.4</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000021-GPOS-00005</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">SLES-15-020010</a>, <a href="https://www.cisecurity.org/benchmark/suse_linux/">5.3.2</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-234867r622137_rule</a></p></td></tr><tr><td>Description</td><td><div class="description">The SUSE Linux Enterprise 15 operating system must lock an account after - at most - <abbr title="from TestResult: xccdf_org.ssgproject.content_value_var_password_pam_tally2">5</abbr>
consecutive invalid access attempts.</div></td></tr><tr><td>Rationale</td><td><div class="rationale">By limiting the number of failed logon attempts, the risk of unauthorized
system access via user password guessing, otherwise known as brute-force
attacks, is reduced. Limits are imposed by locking the account.

To configure the operating system to lock an account after three
unsuccessful consecutive access attempts using <code>pam_tally2.so</code>,
modify the content of both <code>/etc/pam.d/login</code> and
<code>/etc/pam.d/common-account</code> as follows:
<br><br>
<ul><li> add or modify the <code>pam_tally2.so</code> module line in
<code>/etc/pam.d/login</code> to ensure both <code>onerr=fail</code> and
<code>deny=<abbr title="from TestResult: xccdf_org.ssgproject.content_value_var_password_pam_tally2">5</abbr></code> are present. For example:
<pre>auth required pam_tally2.so onerr=fail silent audit deny=<abbr title="from TestResult: xccdf_org.ssgproject.content_value_var_password_pam_tally2">5</abbr></pre></li><li> add or modify the following line in <code>/etc/pam.d/common-account</code>:
<pre>account required pam_tally2.so</pre></li></ul></div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">Verify deny configuation of pam_tally2</span>Â 
        <span class="label label-default">oval:ssg-test_accounts_passwords_pam_tally2_deny_auth:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/pam.d/login</td><td>auth    required    pam_tally2.so deny=5 onerr=fail
</td></tr></tbody></table><h4><span class="label label-primary">Verify deny configuation of pam_tally2_account</span>Â 
        <span class="label label-default">oval:ssg-test_accounts_passwords_pam_tally2_deny_account:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/pam.d/common-account</td><td>account    required    pam_tally2.so </td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_cracklib_accounts_password_pam_dcredit" id="rule-detail-id34306"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Set Password Strength Minimum Digit Charactersxccdf_org.ssgproject.content_rule_cracklib_accounts_password_pam_dcredit mediumCCE-85564-3 </div><div class="panel-heading"><h3 class="panel-title">Set Password Strength Minimum Digit Characters</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_cracklib_accounts_password_pam_dcredit</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-cracklib_accounts_password_pam_dcredit:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:06+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
            <abbr title="https://ncp.nist.gov/cce: CCE-85564-3">CCE-85564-3</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
            <a href="https://public.cyber.mil/stigs/cci/">CCI-000194</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-8.2.3</a>, <a href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">8.3.6</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000071-GPOS-00039</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">SLES-15-020150</a>, <a href="https://www.cisecurity.org/benchmark/suse_linux/">5.3.1</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-234884r622137_rule</a></p></td></tr><tr><td>Description</td><td><div class="description">The pam_cracklib module's <code>dcredit</code> parameter controls requirements
for usage of digits in a password. When set to a negative number, any
password will be required to contain that many digits. When set to a
positive number, pam_cracklib will grant +1 additional length credit for
each digit. Add <code>dcredit=-1</code> after pam_cracklib.so to require use of
a digit in passwords.</div></td></tr><tr><td>Rationale</td><td><div class="rationale">Requiring digits makes password guessing attacks more difficult by ensuring
a larger search space.</div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">Verify dcredit configuation of pam_cracklib.so</span>Â 
        <span class="label label-default">oval:ssg-test_pam_password_pam_cracklib_dcredit:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/pam.d/common-password</td><td>password	requisite	pam_cracklib.so minlen=15 dcredit=-1 ucredit=-1 lcredit=-1 ocredit=-1 minclass=3	 difok=8  retry=3 </td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_cracklib_accounts_password_pam_difok" id="rule-detail-id34307"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Set Password Strength Minimum Different Charactersxccdf_org.ssgproject.content_rule_cracklib_accounts_password_pam_difok mediumCCE-85677-3 </div><div class="panel-heading"><h3 class="panel-title">Set Password Strength Minimum Different Characters</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_cracklib_accounts_password_pam_difok</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-cracklib_accounts_password_pam_difok:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:06+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
            <abbr title="https://ncp.nist.gov/cce: CCE-85677-3">CCE-85677-3</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
            <a href="https://public.cyber.mil/stigs/cci/">CCI-000195</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(1).1(v)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(1)(b)</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000072-GPOS-00040</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">SLES-15-020160</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-234885r622137_rule</a></p></td></tr><tr><td>Description</td><td><div class="description">The pam_cracklib module's <code>difok</code> parameter controls requirements for
usage of different characters during a password change. The number of
changed characters refers to the number of changes required with respect to
the total number of positions in the current password. In other words,
characters may be the same within the two passwords; however, the positions
of the like characters must be different.
Make sure the <code>difok</code> parameter for the pam_cracklib module is
configured to greater than or equal to <code><abbr title="from TestResult: xccdf_org.ssgproject.content_value_var_password_pam_difok">8</abbr></code>.</div></td></tr><tr><td>Rationale</td><td><div class="rationale">Requiring a minimum number of different characters during password changes
ensures that newly changed passwords should not resemble previously
compromised ones. Note that passwords which are changed on compromised
systems will still be compromised, however.</div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">Verify difok configuation of pam_cracklib.so</span>Â 
        <span class="label label-default">oval:ssg-test_pam_password_pam_cracklib_difok:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/pam.d/common-password</td><td>password	requisite	pam_cracklib.so minlen=15 dcredit=-1 ucredit=-1 lcredit=-1 ocredit=-1 minclass=3	 difok=8  retry=3 </td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_cracklib_accounts_password_pam_lcredit" id="rule-detail-id34308"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Set Password Strength Minimum Lowercase Charactersxccdf_org.ssgproject.content_rule_cracklib_accounts_password_pam_lcredit mediumCCE-85676-5 </div><div class="panel-heading"><h3 class="panel-title">Set Password Strength Minimum Lowercase Characters</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_cracklib_accounts_password_pam_lcredit</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-cracklib_accounts_password_pam_lcredit:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:06+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
            <abbr title="https://ncp.nist.gov/cce: CCE-85676-5">CCE-85676-5</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
            <a href="https://public.cyber.mil/stigs/cci/">CCI-000193</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(1)(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(1).1(v)</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-8.2.3</a>, <a href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">8.3.6</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000070-GPOS-00038</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">SLES-15-020140</a>, <a href="https://www.cisecurity.org/benchmark/suse_linux/">5.3.1</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-234883r622137_rule</a></p></td></tr><tr><td>Description</td><td><div class="description">The pam_cracklib module's <code>lcredit=</code> parameter controls requirements
for usage of lowercase letters in a password. When set to a negative
number, any password will be required to contain that many lowercase
characters. When set to a positive number, pam_cracklib will grant +1
additional length credit for each lowercase character.
Add <code>lcredit=-1</code> after pam_cracklib.so to require use of a
lowercase character in passwords.</div></td></tr><tr><td>Rationale</td><td><div class="rationale">Requiring a minimum number of lowercase characters makes password guessing
attacks more difficult by ensuring a larger search space.</div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">Verify lcredit configuation of pam_cracklib.so</span>Â 
        <span class="label label-default">oval:ssg-test_pam_password_pam_cracklib_lcredit:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/pam.d/common-password</td><td>password	requisite	pam_cracklib.so minlen=15 dcredit=-1 ucredit=-1 lcredit=-1 ocredit=-1 minclass=3	 difok=8  retry=3 </td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_cracklib_accounts_password_pam_minlen" id="rule-detail-id34309"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Set Password Minimum Lengthxccdf_org.ssgproject.content_rule_cracklib_accounts_password_pam_minlen mediumCCE-85573-4 </div><div class="panel-heading"><h3 class="panel-title">Set Password Minimum Length</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_cracklib_accounts_password_pam_minlen</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-cracklib_accounts_password_pam_minlen:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:06+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
            <abbr title="https://ncp.nist.gov/cce: CCE-85573-4">CCE-85573-4</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
            <a href="https://public.cyber.mil/stigs/cci/">CCI-000205</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-8.2.3</a>, <a href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">8.3.6</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000078-GPOS-00046</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">SLES-15-020260</a>, <a href="https://www.cisecurity.org/benchmark/suse_linux/">5.3.1</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-234895r622137_rule</a></p></td></tr><tr><td>Description</td><td><div class="description">The pam_cracklib module's <code>minlen</code> parameter controls requirements for
minimum characters required in a password. Add <code>minlen=<abbr title="from TestResult: xccdf_org.ssgproject.content_value_var_password_pam_minlen">15</abbr></code>
 to set minimum password length requirements.</div></td></tr><tr><td>Rationale</td><td><div class="rationale">Password length is one factor of several that helps to determine
strength and how long it takes to crack a password. Use of more characters in
a password helps to exponentially increase the time and/or resources
required to compromise the password.</div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">Verify minlen configuation of pam_cracklib.so</span>Â 
        <span class="label label-default">oval:ssg-test_pam_password_pam_cracklib_minlen:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/pam.d/common-password</td><td>password	requisite	pam_cracklib.so minlen=15 dcredit=-1 ucredit=-1 lcredit=-1 ocredit=-1 minclass=3	 difok=8  retry=3 </td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_cracklib_accounts_password_pam_ocredit" id="rule-detail-id34310"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Set Password Strength Minimum Special Charactersxccdf_org.ssgproject.content_rule_cracklib_accounts_password_pam_ocredit mediumCCE-85574-2 </div><div class="panel-heading"><h3 class="panel-title">Set Password Strength Minimum Special Characters</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_cracklib_accounts_password_pam_ocredit</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-cracklib_accounts_password_pam_ocredit:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:06+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
            <abbr title="https://ncp.nist.gov/cce: CCE-85574-2">CCE-85574-2</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
            <a href="https://public.cyber.mil/stigs/cci/">CCI-001619</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(v)</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-8.2.3</a>, <a href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">8.3.6</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000266-GPOS-00101</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">SLES-15-020270</a>, <a href="https://www.cisecurity.org/benchmark/suse_linux/">5.3.1</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-234896r622137_rule</a></p></td></tr><tr><td>Description</td><td><div class="description">The pam_cracklib module's <code>ocredit=</code> parameter controls requirements
for usage of special (or ``other'') characters in a password. When set to a
negative number, any password will be required to contain that many special
characters. When set to a positive number, pam_cracklib will grant +1
additional length credit for each special character.
Make sure the <code>ocredit</code> parameter for the pam_cracklib module is
set to less than or equal to <code><abbr title="from TestResult: xccdf_org.ssgproject.content_value_var_password_pam_ocredit">-1</abbr></code>. For example, <code>ocredit=<abbr title="from TestResult: xccdf_org.ssgproject.content_value_var_password_pam_ocredit">-1</abbr></code>.</div></td></tr><tr><td>Rationale</td><td><div class="rationale">Requiring a minimum number of special characters makes password guessing
attacks more difficult by ensuring a larger search space.</div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">Verify ocredit configuation of pam_cracklib.so</span>Â 
        <span class="label label-default">oval:ssg-test_pam_password_pam_cracklib_ocredit:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/pam.d/common-password</td><td>password	requisite	pam_cracklib.so minlen=15 dcredit=-1 ucredit=-1 lcredit=-1 ocredit=-1 minclass=3	 difok=8  retry=3 </td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_cracklib_accounts_password_pam_retry" id="rule-detail-id34311"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Set Password Retry Limitxccdf_org.ssgproject.content_rule_cracklib_accounts_password_pam_retry mediumCCE-85575-9 </div><div class="panel-heading"><h3 class="panel-title">Set Password Retry Limit</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_cracklib_accounts_password_pam_retry</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-cracklib_accounts_password_pam_retry:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:06+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
            <abbr title="https://ncp.nist.gov/cce: CCE-85575-9">CCE-85575-9</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
            <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-8.1.6</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-8.1.7</a>, <a href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">8.3.4</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00225</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">SLES-15-020290</a>, <a href="https://www.cisecurity.org/benchmark/suse_linux/">5.3.1</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-234897r622137_rule</a></p></td></tr><tr><td>Description</td><td><div class="description">The pam_cracklib module's <code>retry</code> parameter controls the maximum
number of times to prompt the user for the password before returning
with error. Make sure it is configured with a value that is no more than
<abbr title="from TestResult: xccdf_org.ssgproject.content_value_var_password_pam_retry">3</abbr>. For example, <code>retry=1</code>.</div></td></tr><tr><td>Rationale</td><td><div class="rationale">To reduce opportunities for successful guesses and brute-force attacks.</div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">Verify retry configuation of pam_cracklib.so</span>Â 
        <span class="label label-default">oval:ssg-test_pam_password_pam_cracklib_retry:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/pam.d/common-password</td><td>password	requisite	pam_cracklib.so minlen=15 dcredit=-1 ucredit=-1 lcredit=-1 ocredit=-1 minclass=3	 difok=8  retry=3 
password	required	pam_unix.so	use_authtok nullok shadow try_first_pass  sha512</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_cracklib_accounts_password_pam_ucredit" id="rule-detail-id34312"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Set Password Strength Minimum Uppercase Charactersxccdf_org.ssgproject.content_rule_cracklib_accounts_password_pam_ucredit mediumCCE-85675-7 </div><div class="panel-heading"><h3 class="panel-title">Set Password Strength Minimum Uppercase Characters</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_cracklib_accounts_password_pam_ucredit</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-cracklib_accounts_password_pam_ucredit:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:06+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
            <abbr title="https://ncp.nist.gov/cce: CCE-85675-7">CCE-85675-7</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
            <a href="https://public.cyber.mil/stigs/cci/">CCI-000192</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(1)(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(1).1(v)</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-8.2.3</a>, <a href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">8.3.6</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000069-GPOS-00037</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">SLES-15-020130</a>, <a href="https://www.cisecurity.org/benchmark/suse_linux/">5.3.1</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-234882r622137_rule</a></p></td></tr><tr><td>Description</td><td><div class="description">The pam_cracklib module's <code>ucredit=</code> parameter controls requirements
for usage of uppercase letters in a password. When set to a negative
number, any password will be required to contain that many uppercase
characters. When set to a positive number, pam_cracklib will grant +1
additional length credit for each uppercase character.
Add <code>ucredit=-1</code> after pam_cracklib.so to require use of an upper
case character in passwords.</div></td></tr><tr><td>Rationale</td><td><div class="rationale">Requiring a minimum number of uppercase characters makes password guessing
attacks more difficult by ensuring a larger search space.</div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">Verify ucredit configuation of pam_cracklib.so</span>Â 
        <span class="label label-default">oval:ssg-test_pam_password_pam_cracklib_ucredit:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/pam.d/common-password</td><td>password	requisite	pam_cracklib.so minlen=15 dcredit=-1 ucredit=-1 lcredit=-1 ocredit=-1 minclass=3	 difok=8  retry=3 </td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_set_password_hashing_algorithm_commonauth" id="rule-detail-id34313"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Set PAM's Common Authentication Hashing Algorithmxccdf_org.ssgproject.content_rule_set_password_hashing_algorithm_commonauth mediumCCE-85754-0 </div><div class="panel-heading"><h3 class="panel-title">Set PAM's Common Authentication Hashing Algorithm</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_set_password_hashing_algorithm_commonauth</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-set_password_hashing_algorithm_commonauth:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:06+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
            <abbr title="https://ncp.nist.gov/cce: CCE-85754-0">CCE-85754-0</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
            <a href="https://public.cyber.mil/stigs/cci/">CCI-000803</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-7</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-7.1</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-8.2.1</a>, <a href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">8.3.2</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000120-GPOS-00061</a></p></td></tr><tr><td>Description</td><td><div class="description">The PAM system service can be configured to only store encrypted
representations of passwords. In
<code>/etc/pam.d/common-auth</code>,
the
<code>auth</code> section of the file controls which PAM modules execute
during a password change. Set the <code>pam_unix.so</code> module in the
<code>auth</code> section to include the argument <code>sha512</code>, as shown
below:
<br>
<pre>auth   required    pam_unix.so sha512 <i>other arguments...</i></pre>
<br>
This will help ensure when local users change their authentication method,
hashes for the new authentications will be generated using the SHA-512
algorithm. This is the default.</div></td></tr><tr><td>Rationale</td><td><div class="rationale">Unapproved mechanisms used for authentication to the cryptographic module
are not verified and therefore cannot be relied on to provide
confidentiality or integrity, and data may be compromised.
This setting ensures user and group account administration utilities are
configured to store only encrypted representations of passwords.
Additionally, the <code>crypt_style</code> configuration option ensures the use
of a strong hashing algorithm that makes password cracking attacks more
difficult.</div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">Verify sha512 configuation of pam_unix.so</span>Â 
        <span class="label label-default">oval:ssg-test_pam_auth_pam_unix_sha512:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/pam.d/common-auth</td><td>auth	required	pam_unix.so	try_first_pass  sha512
auth required pam_faildelay.so delay=4000000
</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_set_password_hashing_algorithm_systemauth" id="rule-detail-id34314"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Set PAM''s Password Hashing Algorithmxccdf_org.ssgproject.content_rule_set_password_hashing_algorithm_systemauth mediumCCE-85565-0 </div><div class="panel-heading"><h3 class="panel-title">Set PAM''s Password Hashing Algorithm</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_set_password_hashing_algorithm_systemauth</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-set_password_hashing_algorithm_systemauth:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:06+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
            <abbr title="https://ncp.nist.gov/cce: CCE-85565-0">CCE-85565-0</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R32)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.6.2.2</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.10</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.10</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.13.11</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000196</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000803</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.cyber.gov.au/acsc/view-all-content/ism">0418</a>, <a href="https://www.cyber.gov.au/acsc/view-all-content/ism">1055</a>, <a href="https://www.cyber.gov.au/acsc/view-all-content/ism">1402</a>, <a href="https://www.iso.org/standard/54534.html">A.18.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.9.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.3</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(1)(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-6</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-7</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-8.2.1</a>, <a href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">8.3.2</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000073-GPOS-00041</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000120-GPOS-00061</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">SLES-15-020170</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-234886r622137_rule</a></p></td></tr><tr><td>Description</td><td><div class="description">The PAM system service can be configured to only store encrypted
representations of passwords. In "/etc/pam.d/common-password", the
<code>password</code> section of the file controls which PAM modules execute
during a password change. Set the <code>pam_unix.so</code> module in the
<code>password</code> section to include the argument <code>sha512</code>, as shown
below:
<br>

<pre>password    required    pam_unix.so sha512 <i>other arguments...</i></pre>

<br>
This will help ensure when local users change their passwords, hashes for
the new passwords will be generated using the SHA-512 algorithm. This is
the default.</div></td></tr><tr><td>Rationale</td><td><div class="rationale">Passwords need to be protected at all times, and encryption is the standard
method for protecting passwords. If passwords are not encrypted, they can
be plainly read (i.e., clear text) and easily compromised. Passwords that
are encrypted with a weak algorithm are no more protected than if they are
kepy in plain text.
<br><br>
This setting ensures user and group account administration utilities are
configured to store only encrypted representations of passwords.
Additionally, the <code>crypt_style</code> configuration option ensures the use
of a strong hashing algorithm that makes password cracking attacks more
difficult.</div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">check /etc/pam.d/system-auth for correct settings</span>Â 
        <span class="label label-default">oval:ssg-test_pam_unix_sha512:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/pam.d/common-password</td><td>password	required	pam_unix.so	use_authtok nullok shadow try_first_pass  sha512</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_display_login_attempts" id="rule-detail-id34315"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Ensure PAM Displays Last Logon/Access Notificationxccdf_org.ssgproject.content_rule_display_login_attempts lowCCE-85560-1 </div><div class="panel-heading"><h3 class="panel-title">Ensure PAM Displays Last Logon/Access Notification</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_display_login_attempts</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-display_login_attempts:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:06+00:00</td></tr><tr><td>Severity</td><td>low</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
            <abbr title="https://ncp.nist.gov/cce: CCE-85560-1">CCE-85560-1</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.5.2</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.10</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.10</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000052</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.9</a>, <a href="https://www.cyber.gov.au/acsc/view-all-content/ism">0582</a>, <a href="https://www.cyber.gov.au/acsc/view-all-content/ism">0584</a>, <a href="https://www.cyber.gov.au/acsc/view-all-content/ism">05885</a>, <a href="https://www.cyber.gov.au/acsc/view-all-content/ism">0586</a>, <a href="https://www.cyber.gov.au/acsc/view-all-content/ism">0846</a>, <a href="https://www.cyber.gov.au/acsc/view-all-content/ism">0957</a>, <a href="https://www.iso.org/standard/54534.html">A.18.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.3</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-9</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-9(1)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-7</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.2.4</a>, <a href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">10.2.1.4</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">SLES-15-020080</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-234873r622137_rule</a></p></td></tr><tr><td>Description</td><td><div class="description">To configure the system to notify users of last logon/access
using <code>pam_lastlog</code>, add or correct the <code>pam_lastlog</code>
settings in
<code>/etc/pam.d/login</code> to read as follows:
<pre>session     required pam_lastlog.so showfailed</pre>
And make sure that the <code>silent</code> option is not set for
<code>pam_lastlog</code> module.</div></td></tr><tr><td>Rationale</td><td><div class="rationale">Users need to be aware of activity that occurs regarding
their account. Providing users with information regarding the number
of unsuccessful attempts that were made to login to their account
allows the user to determine if any unauthorized activity has occurred
and gives them an opportunity to notify administrators.</div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">Check the pam_lastlog configuration</span>Â 
        <span class="label label-default">oval:ssg-test_display_login_attempts:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/pam.d/login</td><td>session     required    pam_lastlog.so showfailed
</td></tr></tbody></table><h4><span class="label label-primary">Forbid 'silent' option for pam_lastlog</span>Â 
        <span class="label label-default">oval:ssg-test_display_login_attempts_silent:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_display_login_attempts_silent:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/pam.d/login</td><td>^\s*session\s+.*\s+pam_lastlog\.so(?:\s+[\w=]+)*\s+silent(\s|$)</td><td>1</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_smartcard_configure_ca" id="rule-detail-id34316"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Configure Smart Card Certificate Authority Validationxccdf_org.ssgproject.content_rule_smartcard_configure_ca mediumCCE-83272-5 </div><div class="panel-heading"><h3 class="panel-title">Configure Smart Card Certificate Authority Validation</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_smartcard_configure_ca</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-smartcard_configure_ca:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:06+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
            <abbr title="https://ncp.nist.gov/cce: CCE-83272-5">CCE-83272-5</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
            <a href="https://public.cyber.mil/stigs/cci/">CCI-000185</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001991</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000066-GPOS-00034</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000384-GPOS-00167</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">SLES-15-010170</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-234817r622137_rule</a></p></td></tr><tr><td>Description</td><td><div class="description">Configure the operating system to do certificate status checking for PKI
authentication. Modify all of the <code>cert_policy</code> lines in
<code>/etc/pam_pkcs11/pam_pkcs11.conf</code> to include <code>ca</code> like so:
<pre>cert_policy = ca, ocsp_on, signature;</pre></div></td></tr><tr><td>Rationale</td><td><div class="rationale">Using an authentication device, such as a CAC or token that is separate from
the information system, ensures that even if the information system is
compromised, that compromise will not affect credentials stored on the
authentication device.
<br><br>
Multifactor solutions that require devices separate from
information systems gaining access include, for example, hardware tokens
providing time-based or challenge-response authenticators and smart cards such
as the U.S. Government Personal Identity Verification card and the DoD Common
Access Card.</div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">package pam_pkcs11 is installed</span>Â 
        <span class="label label-default">oval:ssg-test_package_pam_pkcs11_installed:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th><th>Arch</th><th>Epoch</th><th>Release</th><th>Version</th><th>Evr</th><th>Signature keyid</th><th>Extended name</th></tr></thead><tbody><tr><td>pam_pkcs11</td><td>x86_64</td><td>(none)</td><td>1.17</td><td>0.6.10</td><td>0:0.6.10-1.17</td><td>70af9e8139db7c82</td><td>pam_pkcs11-0:0.6.10-1.17.x86_64</td></tr></tbody></table><h4><span class="label label-primary">package mozilla-nss is installed</span>Â 
        <span class="label label-default">oval:ssg-test_package_mozilla-nss_installed:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th><th>Arch</th><th>Epoch</th><th>Release</th><th>Version</th><th>Evr</th><th>Signature keyid</th><th>Extended name</th></tr></thead><tbody><tr><td>mozilla-nss</td><td>x86_64</td><td>(none)</td><td>150400.3.32.1</td><td>3.90</td><td>0:3.90-150400.3.32.1</td><td>70af9e8139db7c82</td><td>mozilla-nss-0:3.90-150400.3.32.1.x86_64</td></tr></tbody></table><h4><span class="label label-primary">package mozilla-nss-tools is installed</span>Â 
        <span class="label label-default">oval:ssg-test_package_mozilla-nss-tools_installed:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th><th>Arch</th><th>Epoch</th><th>Release</th><th>Version</th><th>Evr</th><th>Signature keyid</th><th>Extended name</th></tr></thead><tbody><tr><td>mozilla-nss-tools</td><td>x86_64</td><td>(none)</td><td>150400.3.32.1</td><td>3.90</td><td>0:3.90-150400.3.32.1</td><td>70af9e8139db7c82</td><td>mozilla-nss-tools-0:3.90-150400.3.32.1.x86_64</td></tr></tbody></table><h4><span class="label label-primary">package pcsc-ccid is installed</span>Â 
        <span class="label label-default">oval:ssg-test_package_pcsc-ccid_installed:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th><th>Arch</th><th>Epoch</th><th>Release</th><th>Version</th><th>Evr</th><th>Signature keyid</th><th>Extended name</th></tr></thead><tbody><tr><td>pcsc-ccid</td><td>x86_64</td><td>(none)</td><td>150400.1.5</td><td>1.4.36</td><td>0:1.4.36-150400.1.5</td><td>70af9e8139db7c82</td><td>pcsc-ccid-0:1.4.36-150400.1.5.x86_64</td></tr></tbody></table><h4><span class="label label-primary">package pcsc-lite is installed</span>Â 
        <span class="label label-default">oval:ssg-test_package_pcsc-lite_installed:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th><th>Arch</th><th>Epoch</th><th>Release</th><th>Version</th><th>Evr</th><th>Signature keyid</th><th>Extended name</th></tr></thead><tbody><tr><td>pcsc-lite</td><td>x86_64</td><td>(none)</td><td>150400.1.9</td><td>1.9.4</td><td>0:1.9.4-150400.1.9</td><td>70af9e8139db7c82</td><td>pcsc-lite-0:1.9.4-150400.1.9.x86_64</td></tr></tbody></table><h4><span class="label label-primary">package pcsc-tools is installed</span>Â 
        <span class="label label-default">oval:ssg-test_package_pcsc-tools_installed:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th><th>Arch</th><th>Epoch</th><th>Release</th><th>Version</th><th>Evr</th><th>Signature keyid</th><th>Extended name</th></tr></thead><tbody><tr><td>pcsc-tools</td><td>x86_64</td><td>(none)</td><td>150400.1.6</td><td>1.5.8</td><td>0:1.5.8-150400.1.6</td><td>70af9e8139db7c82</td><td>pcsc-tools-0:1.5.8-150400.1.6.x86_64</td></tr></tbody></table><h4><span class="label label-primary">package opensc is installed</span>Â 
        <span class="label label-default">oval:ssg-test_package_opensc_installed:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th><th>Arch</th><th>Epoch</th><th>Release</th><th>Version</th><th>Evr</th><th>Signature keyid</th><th>Extended name</th></tr></thead><tbody><tr><td>opensc</td><td>x86_64</td><td>(none)</td><td>150400.3.3.1</td><td>0.22.0</td><td>0:0.22.0-150400.3.3.1</td><td>70af9e8139db7c82</td><td>opensc-0:0.22.0-150400.3.3.1.x86_64</td></tr></tbody></table><h4><span class="label label-primary">Test ca in /etc/pam_pkcs11/pkcs11.conf</span>Â 
        <span class="label label-default">oval:ssg-test_pam_pkcs11_cert_policy_ca:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/pam_pkcs11/pam_pkcs11.conf</td><td>    cert_policy = ca, ocsp_on, signature;</td></tr><tr><td>/etc/pam_pkcs11/pam_pkcs11.conf</td><td>    cert_policy = ca, ocsp_on, signature;</td></tr><tr><td>/etc/pam_pkcs11/pam_pkcs11.conf</td><td>    cert_policy = ca, ocsp_on, signature;</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_smartcard_configure_cert_checking" id="rule-detail-id34317"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Configure Smart Card Certificate Status Checkingxccdf_org.ssgproject.content_rule_smartcard_configure_cert_checking mediumCCE-83293-1 </div><div class="panel-heading"><h3 class="panel-title">Configure Smart Card Certificate Status Checking</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_smartcard_configure_cert_checking</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-smartcard_configure_cert_checking:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:06+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
            <abbr title="https://ncp.nist.gov/cce: CCE-83293-1">CCE-83293-1</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
            <a href="https://public.cyber.mil/stigs/cci/">CCI-001948</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001953</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001954</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000375-GPOS-00160</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000376-GPOS-00161</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000377-GPOS-00162</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000384-GPOS-00167</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">SLES-15-010470</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-234855r622137_rule</a></p></td></tr><tr><td>Description</td><td><div class="description">Configure the operating system to do certificate status checking for PKI
authentication. Modify all of the <code>cert_policy</code> lines in
<code>/etc/pam_pkcs11/pam_pkcs11.conf</code> to include <code>ocsp_on</code> like so:
<pre>cert_policy = ca, ocsp_on, signature;</pre></div></td></tr><tr><td>Rationale</td><td><div class="rationale">Using an authentication device, such as a CAC or token that is separate from
the information system, ensures that even if the information system is
compromised, that compromise will not affect credentials stored on the
authentication device.
<br><br>
Multifactor solutions that require devices separate from
information systems gaining access include, for example, hardware tokens
providing time-based or challenge-response authenticators and smart cards such
as the U.S. Government Personal Identity Verification card and the DoD Common
Access Card.</div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">package pam_pkcs11 is installed</span>Â 
        <span class="label label-default">oval:ssg-test_package_pam_pkcs11_installed:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th><th>Arch</th><th>Epoch</th><th>Release</th><th>Version</th><th>Evr</th><th>Signature keyid</th><th>Extended name</th></tr></thead><tbody><tr><td>pam_pkcs11</td><td>x86_64</td><td>(none)</td><td>1.17</td><td>0.6.10</td><td>0:0.6.10-1.17</td><td>70af9e8139db7c82</td><td>pam_pkcs11-0:0.6.10-1.17.x86_64</td></tr></tbody></table><h4><span class="label label-primary">package mozilla-nss is installed</span>Â 
        <span class="label label-default">oval:ssg-test_package_mozilla-nss_installed:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th><th>Arch</th><th>Epoch</th><th>Release</th><th>Version</th><th>Evr</th><th>Signature keyid</th><th>Extended name</th></tr></thead><tbody><tr><td>mozilla-nss</td><td>x86_64</td><td>(none)</td><td>150400.3.32.1</td><td>3.90</td><td>0:3.90-150400.3.32.1</td><td>70af9e8139db7c82</td><td>mozilla-nss-0:3.90-150400.3.32.1.x86_64</td></tr></tbody></table><h4><span class="label label-primary">package mozilla-nss-tools is installed</span>Â 
        <span class="label label-default">oval:ssg-test_package_mozilla-nss-tools_installed:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th><th>Arch</th><th>Epoch</th><th>Release</th><th>Version</th><th>Evr</th><th>Signature keyid</th><th>Extended name</th></tr></thead><tbody><tr><td>mozilla-nss-tools</td><td>x86_64</td><td>(none)</td><td>150400.3.32.1</td><td>3.90</td><td>0:3.90-150400.3.32.1</td><td>70af9e8139db7c82</td><td>mozilla-nss-tools-0:3.90-150400.3.32.1.x86_64</td></tr></tbody></table><h4><span class="label label-primary">package pcsc-ccid is installed</span>Â 
        <span class="label label-default">oval:ssg-test_package_pcsc-ccid_installed:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th><th>Arch</th><th>Epoch</th><th>Release</th><th>Version</th><th>Evr</th><th>Signature keyid</th><th>Extended name</th></tr></thead><tbody><tr><td>pcsc-ccid</td><td>x86_64</td><td>(none)</td><td>150400.1.5</td><td>1.4.36</td><td>0:1.4.36-150400.1.5</td><td>70af9e8139db7c82</td><td>pcsc-ccid-0:1.4.36-150400.1.5.x86_64</td></tr></tbody></table><h4><span class="label label-primary">package pcsc-lite is installed</span>Â 
        <span class="label label-default">oval:ssg-test_package_pcsc-lite_installed:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th><th>Arch</th><th>Epoch</th><th>Release</th><th>Version</th><th>Evr</th><th>Signature keyid</th><th>Extended name</th></tr></thead><tbody><tr><td>pcsc-lite</td><td>x86_64</td><td>(none)</td><td>150400.1.9</td><td>1.9.4</td><td>0:1.9.4-150400.1.9</td><td>70af9e8139db7c82</td><td>pcsc-lite-0:1.9.4-150400.1.9.x86_64</td></tr></tbody></table><h4><span class="label label-primary">package pcsc-tools is installed</span>Â 
        <span class="label label-default">oval:ssg-test_package_pcsc-tools_installed:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th><th>Arch</th><th>Epoch</th><th>Release</th><th>Version</th><th>Evr</th><th>Signature keyid</th><th>Extended name</th></tr></thead><tbody><tr><td>pcsc-tools</td><td>x86_64</td><td>(none)</td><td>150400.1.6</td><td>1.5.8</td><td>0:1.5.8-150400.1.6</td><td>70af9e8139db7c82</td><td>pcsc-tools-0:1.5.8-150400.1.6.x86_64</td></tr></tbody></table><h4><span class="label label-primary">package opensc is installed</span>Â 
        <span class="label label-default">oval:ssg-test_package_opensc_installed:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th><th>Arch</th><th>Epoch</th><th>Release</th><th>Version</th><th>Evr</th><th>Signature keyid</th><th>Extended name</th></tr></thead><tbody><tr><td>opensc</td><td>x86_64</td><td>(none)</td><td>150400.3.3.1</td><td>0.22.0</td><td>0:0.22.0-150400.3.3.1</td><td>70af9e8139db7c82</td><td>opensc-0:0.22.0-150400.3.3.1.x86_64</td></tr></tbody></table><h4><span class="label label-primary">Test ocsp_on in /etc/pam_pkcs11/pam_pkcs11.conf</span>Â 
        <span class="label label-default">oval:ssg-test_pam_pkcs11_all_cert_policy_ocsp_on:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/pam_pkcs11/pam_pkcs11.conf</td><td>    cert_policy = ca, ocsp_on, signature;</td></tr><tr><td>/etc/pam_pkcs11/pam_pkcs11.conf</td><td>    cert_policy = ca, ocsp_on, signature;</td></tr><tr><td>/etc/pam_pkcs11/pam_pkcs11.conf</td><td>    cert_policy = ca, ocsp_on, signature;</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_disable_ctrlaltdel_burstaction" id="rule-detail-id34318"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Disable Ctrl-Alt-Del Burst Actionxccdf_org.ssgproject.content_rule_disable_ctrlaltdel_burstaction highCCE-85665-8 </div><div class="panel-heading"><h3 class="panel-title">Disable Ctrl-Alt-Del Burst Action</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_disable_ctrlaltdel_burstaction</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-disable_ctrlaltdel_burstaction:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:06+00:00</td></tr><tr><td>Severity</td><td>high</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
            <abbr title="https://ncp.nist.gov/cce: CCE-85665-8">CCE-85665-8</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
            <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">18</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.isaca.org/resources/cobit">APO01.06</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.02</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.4.5</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(B)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(ii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(c)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.iso.org/standard/54534.html">A.10.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.6.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.5</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-003-8 R5.1.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-003-8 R5.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-004-6 R2.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R2.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R2.2</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R2.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.1.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.1.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(b)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6.1(iv)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.DS-5</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.2</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000324-GPOS-00125</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">SLES-15-040062</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-234990r622137_rule</a></p></td></tr><tr><td>Description</td><td><div class="description">By default, <code>SystemD</code> will reboot the system if the <code>Ctrl-Alt-Del</code>
key sequence is pressed Ctrl-Alt-Delete more than 7 times in 2 seconds.
<br><br>
To configure the system to ignore the <code>CtrlAltDelBurstAction</code>

setting, add or modify the following to <code>/etc/systemd/system.conf</code>:
<pre>CtrlAltDelBurstAction=none</pre></div></td></tr><tr><td>Rationale</td><td><div class="rationale">A locally logged-in user who presses Ctrl-Alt-Del, when at the console,
can reboot the system. If accidentally pressed, as could happen in
the case of mixed OS environment, this can create the risk of short-term
loss of availability of systems due to unintentional reboot.</div></td></tr><tr><td>Warnings</td><td><div class="panel panel-warning"><div class="panel-heading"><span class="label label-warning">warning</span>Â 
                                Disabling the <code>Ctrl-Alt-Del</code> key sequence
in <code>/etc/init/control-alt-delete.conf</code> DOES NOT disable the <code>Ctrl-Alt-Del</code>
key sequence if running in <code>runlevel 6</code> (e.g. in GNOME, KDE, etc.)! The
<code>Ctrl-Alt-Del</code> key sequence will only be disabled if running in
the non-graphical <code>runlevel 3</code>.</div></div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">check if CtrlAltDelBurstAction is set to none</span>Â 
        <span class="label label-default">oval:ssg-test_disable_ctrlaltdel_burstaction:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/systemd/system.conf</td><td>CtrlAltDelBurstAction=none</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_account_disable_post_pw_expiration" id="rule-detail-id34319"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Set Account Expiration Following Inactivityxccdf_org.ssgproject.content_rule_account_disable_post_pw_expiration mediumCCE-85558-5 </div><div class="panel-heading"><h3 class="panel-title">Set Account Expiration Following Inactivity</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_account_disable_post_pw_expiration</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-account_disable_post_pw_expiration:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:06+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
            <abbr title="https://ncp.nist.gov/cce: CCE-85558-5">CCE-85558-5</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">18</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.6.2.1.1</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.10</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.10</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.5.6</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000017</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000795</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.18.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.6.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.9.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.5</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-004-6 R2.2.2</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-004-6 R2.2.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R.1.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.1.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.1.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.2.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.2.3</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-4(e)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-2(3)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-6</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-7</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-8.1.4</a>, <a href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">8.2.6</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000118-GPOS-00060</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">SLES-15-020050</a>, <a href="https://www.cisecurity.org/benchmark/suse_linux/">5.4.1.5</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-234871r622137_rule</a></p></td></tr><tr><td>Description</td><td><div class="description">To specify the number of days after a password expires (which
signifies inactivity) until an account is permanently disabled, add or correct
the following line in <code>/etc/default/useradd</code>:
<pre>INACTIVE=<i><abbr title="from TestResult: xccdf_org.ssgproject.content_value_var_account_disable_post_pw_expiration">35</abbr></i></pre>
If a password is currently on the verge of expiration, then
<code><abbr title="from TestResult: xccdf_org.ssgproject.content_value_var_account_disable_post_pw_expiration">35</abbr></code>
day(s) remain(s) until the account is automatically
disabled. However, if the password will not expire for another 60 days, then 60
days plus <code><abbr title="from TestResult: xccdf_org.ssgproject.content_value_var_account_disable_post_pw_expiration">35</abbr></code> day(s) could
elapse until the account would be automatically disabled. See the
<code>useradd</code> man page for more information.</div></td></tr><tr><td>Rationale</td><td><div class="rationale">Inactive identifiers pose a risk to systems and applications because attackers may exploit an inactive identifier and potentially obtain undetected access to the system.
Disabling inactive accounts ensures that accounts which may not have been responsibly removed are not available to attackers who may have compromised their credentials.
Owners of inactive accounts will not notice if unauthorized access to their user account has been obtained.</div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">the value INACTIVE parameter should be set appropriately in /etc/default/useradd</span>Â 
        <span class="label label-default">oval:ssg-test_etc_default_useradd_inactive:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/default/useradd</td><td>INACTIVE=35</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_accounts_maximum_age_login_defs" id="rule-detail-id34320"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Set Password Maximum Agexccdf_org.ssgproject.content_rule_accounts_maximum_age_login_defs mediumCCE-85570-0 </div><div class="panel-heading"><h3 class="panel-title">Set Password Maximum Age</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_accounts_maximum_age_login_defs</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-accounts_maximum_age_login_defs:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:06+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
            <abbr title="https://ncp.nist.gov/cce: CCE-85570-0">CCE-85570-0</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R18)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.6.2.1</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.10</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.10</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.5.6</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000199</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.cyber.gov.au/acsc/view-all-content/ism">0418</a>, <a href="https://www.cyber.gov.au/acsc/view-all-content/ism">1055</a>, <a href="https://www.cyber.gov.au/acsc/view-all-content/ism">1402</a>, <a href="https://www.iso.org/standard/54534.html">A.18.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.9.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.3</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(f)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(1)(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-6</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-7</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-8.2.4</a>, <a href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">8.3.10.1</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000076-GPOS-00044</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">SLES-15-020220</a>, <a href="https://www.cisecurity.org/benchmark/suse_linux/">5.4.1.2</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-234891r622137_rule</a></p></td></tr><tr><td>Description</td><td><div class="description">To specify password maximum age for new accounts,
edit the file <code>/etc/login.defs</code>
and add or correct the following line:
<pre>PASS_MAX_DAYS <abbr title="from TestResult: xccdf_org.ssgproject.content_value_var_accounts_maximum_age_login_defs">60</abbr></pre>
A value of 180 days is sufficient for many environments.
The DoD requirement is 60.
The profile requirement is <code><abbr title="from TestResult: xccdf_org.ssgproject.content_value_var_accounts_maximum_age_login_defs">60</abbr></code>.</div></td></tr><tr><td>Rationale</td><td><div class="rationale">Any password, no matter how complex, can eventually be cracked. Therefore, passwords
need to be changed periodically. If the operating system does not limit the lifetime
of passwords and force users to change their passwords, there is the risk that the
operating system passwords could be compromised.
<br><br>
Setting the password maximum age ensures users are required to
periodically change their passwords. Requiring shorter password lifetimes
increases the risk of users writing down the password in a convenient
location subject to physical compromise.</div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">The value of PASS_MAX_DAYS should be set appropriately in /etc/login.defs</span>Â 
        <span class="label label-default">oval:ssg-test_pass_max_days:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Var ref</th><th>Value</th></tr></thead><tbody><tr><td>oval:ssg-variable_last_pass_max_days_instance_value:var:1</td><td>60</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_accounts_minimum_age_login_defs" id="rule-detail-id34321"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Set Password Minimum Agexccdf_org.ssgproject.content_rule_accounts_minimum_age_login_defs mediumCCE-85720-1 </div><div class="panel-heading"><h3 class="panel-title">Set Password Minimum Age</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_accounts_minimum_age_login_defs</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-accounts_minimum_age_login_defs:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:06+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
            <abbr title="https://ncp.nist.gov/cce: CCE-85720-1">CCE-85720-1</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.6.2.1.1</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.10</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.10</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.5.8</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000198</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.cyber.gov.au/acsc/view-all-content/ism">0418</a>, <a href="https://www.cyber.gov.au/acsc/view-all-content/ism">1055</a>, <a href="https://www.cyber.gov.au/acsc/view-all-content/ism">1402</a>, <a href="https://www.iso.org/standard/54534.html">A.18.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.9.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.3</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(1)(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(1).1(v)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-6</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-7</a>, <a href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">8.3.9</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000075-GPOS-00043</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">SLES-15-020200</a>, <a href="https://www.cisecurity.org/benchmark/suse_linux/">5.4.1.3</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-234889r622137_rule</a></p></td></tr><tr><td>Description</td><td><div class="description">To specify password minimum age for new accounts,
edit the file <code>/etc/login.defs</code>
and add or correct the following line:
<pre>PASS_MIN_DAYS <abbr title="from TestResult: xccdf_org.ssgproject.content_value_var_accounts_minimum_age_login_defs">7</abbr></pre>
A value of 1 day is considered sufficient for many
environments. The DoD requirement is 1.
The profile requirement is <code><abbr title="from TestResult: xccdf_org.ssgproject.content_value_var_accounts_minimum_age_login_defs">7</abbr></code>.</div></td></tr><tr><td>Rationale</td><td><div class="rationale">Enforcing a minimum password lifetime helps to prevent repeated password
changes to defeat the password reuse or history enforcement requirement. If
users are allowed to immediately and continually change their password,
then the password could be repeatedly changed in a short period of time to
defeat the organization's policy regarding password reuse.
<br><br>
Setting the minimum password age protects against users cycling back to a
favorite password after satisfying the password reuse requirement.</div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">The value of PASS_MIN_DAYS should be set appropriately in /etc/login.defs</span>Â 
        <span class="label label-default">oval:ssg-test_pass_min_days:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Var ref</th><th>Value</th></tr></thead><tbody><tr><td>oval:ssg-variable_last_pass_min_days_instance_value:var:1</td><td>7</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-fail rule-detail-id-xccdf_org.ssgproject.content_rule_accounts_password_set_max_life_existing" id="rule-detail-id34322"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Set Existing Passwords Maximum Agexccdf_org.ssgproject.content_rule_accounts_password_set_max_life_existing mediumCCE-85571-8 </div><div class="panel-heading"><h3 class="panel-title">Set Existing Passwords Maximum Age</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_accounts_password_set_max_life_existing</td></tr><tr><td>Result</td><td class="rule-result rule-result-fail"><div><abbr title="The target system or system component did not satisfy at least one condition of the rule.">fail</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-accounts_password_set_max_life_existing:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:06+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
            <abbr title="https://ncp.nist.gov/cce: CCE-85571-8">CCE-85571-8</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
            <a href="https://public.cyber.mil/stigs/cci/">CCI-000199</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(f)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(1)(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000076-GPOS-00044</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">SLES-15-020230</a>, <a href="https://www.cisecurity.org/benchmark/suse_linux/">5.4.1.2</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-234892r622137_rule</a></p></td></tr><tr><td>Description</td><td><div class="description">Configure non-compliant accounts to enforce a <abbr title="from TestResult: xccdf_org.ssgproject.content_value_var_accounts_maximum_age_login_defs">60</abbr>-day maximum password lifetime
restriction by running the following command:
<pre>$ sudo chage -M <abbr title="from TestResult: xccdf_org.ssgproject.content_value_var_accounts_maximum_age_login_defs">60</abbr> <i>USER</i></pre></div></td></tr><tr><td>Rationale</td><td><div class="rationale">Any password, no matter how complex, can eventually be cracked. Therefore,
passwords need to be changed periodically. If the operating system does
not limit the lifetime of passwords and force users to change their
passwords, there is the risk that the operating system passwords could be
compromised.</div></td></tr><tr class="noprint"><td colspan="2"><div class="remediation"><a class="btn btn-success" data-toggle="collapse" data-target="#id34453" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet â²</a><br><div class="panel-collapse collapse" id="id34453"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Reboot:</th><td>false</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>- name: XCCDF Value var_accounts_maximum_age_login_defs # promote to variable
  set_fact:
    var_accounts_maximum_age_login_defs: !!str <abbr title="from TestResult: xccdf_org.ssgproject.content_value_var_accounts_maximum_age_login_defs">60</abbr>
  tags:
    - always

- name: Collect users with not correct maximum time period between password changes
  ansible.builtin.command:
    cmd: awk -F':' '(/^[^:]+:[^!*]/ &amp;&amp; ($5 &gt; {{ var_accounts_maximum_age_login_defs
      }} || $5 == "")) {print $1}' /etc/shadow
  register: user_names
  tags:
  - CCE-85571-8
  - DISA-STIG-SLES-15-020230
  - NIST-800-53-CM-6(a)
  - NIST-800-53-IA-5(1)(d)
  - NIST-800-53-IA-5(f)
  - accounts_password_set_max_life_existing
  - low_complexity
  - low_disruption
  - medium_severity
  - no_reboot_needed
  - restrict_strategy

- name: Change the maximum time period between password changes
  ansible.builtin.command:
    cmd: passwd -q -x {{ var_accounts_maximum_age_login_defs }} {{ item }}
  with_items: '{{ user_names.stdout_lines }}'
  when: user_names.stdout_lines | length &gt; 0
  tags:
  - CCE-85571-8
  - DISA-STIG-SLES-15-020230
  - NIST-800-53-CM-6(a)
  - NIST-800-53-IA-5(1)(d)
  - NIST-800-53-IA-5(f)
  - accounts_password_set_max_life_existing
  - low_complexity
  - low_disruption
  - medium_severity
  - no_reboot_needed
  - restrict_strategy
</code></pre></div></div></td></tr><tr class="noprint"><td colspan="2"><div class="remediation"><a class="btn btn-success" data-toggle="collapse" data-target="#id34454" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script â²</a><br><div class="panel-collapse collapse" id="id34454"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Reboot:</th><td>false</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>
var_accounts_maximum_age_login_defs='<abbr title="from TestResult: xccdf_org.ssgproject.content_value_var_accounts_maximum_age_login_defs">60</abbr>'


while IFS= read -r i; do
    
    passwd -q -x $var_accounts_maximum_age_login_defs $i

done &lt;   &lt;(awk -v var="$var_accounts_maximum_age_login_defs" -F: '(/^[^:]+:[^!*]/ &amp;&amp; ($5 &gt; var || $5 == "")) {print $1}' /etc/shadow)
</code></pre></div></div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">Compares a specific field in /etc/shadow with a specific variable value</span>Â 
        <span class="label label-default">oval:ssg-test_accounts_password_set_max_life_existing_password_max_life_existing:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/shadow</td><td>bernhard:$6$xx2Cr31XbegkY0Jx$V0Xhl7QjOftSdXq1k1ejZahmx8dhysx2KpX3IF/qHX1lQU2eVDFcAfua9sgvK.DoXs8UGi80YIbT2hFMNp4Ov0:19640:7:60:7:35::
</td></tr></tbody></table><h4><span class="label label-primary">Compares a specific field in /etc/shadow with a specific variable value</span>Â 
        <span class="label label-default">oval:ssg-test_accounts_password_set_max_life_existing_password_max_life_existing_minimum:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/shadow</td><td>bernhard:$6$xx2Cr31XbegkY0Jx$V0Xhl7QjOftSdXq1k1ejZahmx8dhysx2KpX3IF/qHX1lQU2eVDFcAfua9sgvK.DoXs8UGi80YIbT2hFMNp4Ov0:19640:7:60:7:35::
</td></tr></tbody></table><h4><span class="label label-primary">Passwords must have the maximum password age set non-empty in /etc/shadow.</span>Â 
        <span class="label label-default">oval:ssg-test_accounts_password_set_max_life_existing_password_max_life_not_empty:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/shadow</td><td>root:$6$I.FmW36kPW.qLFcU$EB6aMvDmjklnyTxbT6gq8uniBa5hZJOqp1feBDeZaO3vJeaRYtoVAah81VD7sZzFd73DUJX1743uaRN3/zjFF.:19640::::::</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-fail rule-detail-id-xccdf_org.ssgproject.content_rule_accounts_password_set_min_life_existing" id="rule-detail-id34323"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Set Existing Passwords Minimum Agexccdf_org.ssgproject.content_rule_accounts_password_set_min_life_existing mediumCCE-85710-2 </div><div class="panel-heading"><h3 class="panel-title">Set Existing Passwords Minimum Age</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_accounts_password_set_min_life_existing</td></tr><tr><td>Result</td><td class="rule-result rule-result-fail"><div><abbr title="The target system or system component did not satisfy at least one condition of the rule.">fail</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-accounts_password_set_min_life_existing:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:06+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
            <abbr title="https://ncp.nist.gov/cce: CCE-85710-2">CCE-85710-2</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
            <a href="https://public.cyber.mil/stigs/cci/">CCI-000198</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(1).1(v)</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000075-GPOS-00043</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">SLES-15-020210</a>, <a href="https://www.cisecurity.org/benchmark/suse_linux/">5.4.1.3</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-234890r622137_rule</a></p></td></tr><tr><td>Description</td><td><div class="description">Configure non-compliant accounts to enforce a 24 hours/1 day minimum password
lifetime by running the following command:
<pre>$ sudo chage -m 1 <i>USER</i></pre></div></td></tr><tr><td>Rationale</td><td><div class="rationale">Enforcing a minimum password lifetime helps to prevent repeated password
changes to defeat the password reuse or history enforcement requirement. If
users are allowed to immediately and continually change their password, the
password could be repeatedly changed in a short period of time to defeat the
organization's policy regarding password reuse.</div></td></tr><tr class="noprint"><td colspan="2"><div class="remediation"><a class="btn btn-success" data-toggle="collapse" data-target="#id34455" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet â²</a><br><div class="panel-collapse collapse" id="id34455"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Reboot:</th><td>false</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>- name: XCCDF Value var_accounts_minimum_age_login_defs # promote to variable
  set_fact:
    var_accounts_minimum_age_login_defs: !!str <abbr title="from TestResult: xccdf_org.ssgproject.content_value_var_accounts_minimum_age_login_defs">7</abbr>
  tags:
    - always

- name: Collect users with not correct minimum time period between password changes
  command: |
    awk -F':' '(/^[^:]+:[^!*]/ &amp;&amp; ($4 &lt; {{ var_accounts_minimum_age_login_defs }} || $4 == "")) {print $1}' /etc/shadow
  register: user_names
  tags:
  - CCE-85710-2
  - DISA-STIG-SLES-15-020210
  - NIST-800-53-IA-5(1).1(v)
  - accounts_password_set_min_life_existing
  - low_complexity
  - low_disruption
  - medium_severity
  - no_reboot_needed
  - restrict_strategy

- name: Change the minimum time period between password changes
  command: |
    passwd -q -n {{ var_accounts_minimum_age_login_defs }} {{ item }}
  with_items: '{{ user_names.stdout_lines }}'
  when: user_names.stdout_lines | length &gt; 0
  tags:
  - CCE-85710-2
  - DISA-STIG-SLES-15-020210
  - NIST-800-53-IA-5(1).1(v)
  - accounts_password_set_min_life_existing
  - low_complexity
  - low_disruption
  - medium_severity
  - no_reboot_needed
  - restrict_strategy
</code></pre></div></div></td></tr><tr class="noprint"><td colspan="2"><div class="remediation"><a class="btn btn-success" data-toggle="collapse" data-target="#id34456" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script â²</a><br><div class="panel-collapse collapse" id="id34456"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Reboot:</th><td>false</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>
var_accounts_minimum_age_login_defs='<abbr title="from TestResult: xccdf_org.ssgproject.content_value_var_accounts_minimum_age_login_defs">7</abbr>'


while IFS= read -r i; do
    
    passwd -q -n $var_accounts_minimum_age_login_defs $i

done &lt;   &lt;(awk -v var="$var_accounts_minimum_age_login_defs" -F: '(/^[^:]+:[^!*]/ &amp;&amp; ($4 &lt; var || $4 == "")) {print $1}' /etc/shadow)
</code></pre></div></div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">Compares a specific field in /etc/shadow with a specific variable value</span>Â 
        <span class="label label-default">oval:ssg-test_accounts_password_set_min_life_existing_password_max_life_existing:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/shadow</td><td>bernhard:$6$xx2Cr31XbegkY0Jx$V0Xhl7QjOftSdXq1k1ejZahmx8dhysx2KpX3IF/qHX1lQU2eVDFcAfua9sgvK.DoXs8UGi80YIbT2hFMNp4Ov0:19640:7:60:7:35::
</td></tr></tbody></table><h4><span class="label label-primary">Compares a specific field in /etc/shadow with a specific variable value</span>Â 
        <span class="label label-default">oval:ssg-test_accounts_password_set_min_life_existing_password_max_life_existing_minimum:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/shadow</td><td>bernhard:$6$xx2Cr31XbegkY0Jx$V0Xhl7QjOftSdXq1k1ejZahmx8dhysx2KpX3IF/qHX1lQU2eVDFcAfua9sgvK.DoXs8UGi80YIbT2hFMNp4Ov0:19640:7:60:7:35::
</td></tr></tbody></table><h4><span class="label label-primary">Passwords must have the maximum password age set non-empty in /etc/shadow.</span>Â 
        <span class="label label-default">oval:ssg-test_accounts_password_set_min_life_existing_password_max_life_not_empty:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/shadow</td><td>root:$6$I.FmW36kPW.qLFcU$EB6aMvDmjklnyTxbT6gq8uniBa5hZJOqp1feBDeZaO3vJeaRYtoVAah81VD7sZzFd73DUJX1743uaRN3/zjFF.:19640::::::</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_no_direct_root_logins" id="rule-detail-id34324"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Direct root Logins Not Allowedxccdf_org.ssgproject.content_rule_no_direct_root_logins mediumCCE-91427-5 </div><div class="panel-heading"><h3 class="panel-title">Direct root Logins Not Allowed</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_no_direct_root_logins</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-no_direct_root_logins:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:06+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
            <abbr title="https://ncp.nist.gov/cce: CCE-91427-5">CCE-91427-5</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R19)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.10</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.10</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.6</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(B)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(ii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(c)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.18.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.9.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-003-8 R5.1.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-003-8 R5.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-004-6 R2.2.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-004-6 R2.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.1.2</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.2</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.3.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.3.2</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.3.3</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-6</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-7</a>, <a href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">8.6.1</a>, <a href="https://www.cisecurity.org/benchmark/suse_linux/">5.5</a></p></td></tr><tr><td>Description</td><td><div class="description">To further limit access to the <code>root</code> account, administrators
can disable root logins at the console by editing the <code>/etc/securetty</code> file.
This file lists all devices the root user is allowed to login to. If the file does
not exist at all, the root user can login through any communication device on the
system, whether via the console or via a raw network interface. This is dangerous
as user can login to the system as root via Telnet, which sends the password in
plain text over the network. By default, SUSE Linux Enterprise 15's
<code>/etc/securetty</code> file only allows the root user to login at the console
physically attached to the system. To prevent root from logging in, remove the
contents of this file. To prevent direct root logins, remove the contents of this
file by typing the following command:
<pre>
$ sudo echo &gt; /etc/securetty
</pre></div></td></tr><tr><td>Rationale</td><td><div class="rationale">Disabling direct root logins ensures proper accountability and multifactor
authentication to privileged accounts. Users will first login, then escalate
to privileged (root) access via su / sudo. This is required for FISMA Low
and FISMA Moderate systems.</div></td></tr><tr><td>Warnings</td><td><div class="panel panel-warning"><div class="panel-heading"><span class="label label-warning">warning</span>Â 
                                This rule only checks the <code>/etc/securetty</code> file existence and its content.
If you need to restrict user access using the <code>/etc/securetty</code> file, make sure
the <code>pam_securetty.so</code> PAM module is properly enabled in relevant PAM files.</div></div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">no entries in /etc/securetty</span>Â 
        <span class="label label-default">oval:ssg-test_no_direct_root_logins:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/securetty</td><td></td></tr></tbody></table><h4><span class="label label-primary">/etc/securetty file exists</span>Â 
        <span class="label label-default">oval:ssg-test_etc_securetty_exists:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/securetty</td><td></td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_accounts_umask_etc_login_defs" id="rule-detail-id34325"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Ensure the Default Umask is Set Correctly in login.defsxccdf_org.ssgproject.content_rule_accounts_umask_etc_login_defs mediumCCE-85659-1 </div><div class="panel-heading"><h3 class="panel-title">Ensure the Default Umask is Set Correctly in login.defs</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_accounts_umask_etc_login_defs</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-accounts_umask_etc_login_defs:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:06+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
            <abbr title="https://ncp.nist.gov/cce: CCE-85659-1">CCE-85659-1</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R35)</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">18</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.02</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.03</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.02</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.03</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.05</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.3.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.3.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.5.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.6.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.5</a>, <a href="https://www.iso.org/standard/54534.html">A.6.1.5</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-003-8 R5.1.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-003-8 R5.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-004-6 R2.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R2.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R2.2</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R2.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.1.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.1.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(1)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.IP-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.IP-2</a>, <a href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">8.6.1</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00228</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">SLES-15-040420</a>, <a href="https://www.cisecurity.org/benchmark/suse_linux/">5.4.5</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-235030r622137_rule</a></p></td></tr><tr><td>Description</td><td><div class="description">To ensure the default umask controlled by <code>/etc/login.defs</code> is set properly,
add or correct the <code>UMASK</code> setting in <code>/etc/login.defs</code> to read as follows:
<pre>UMASK <abbr title="from TestResult: xccdf_org.ssgproject.content_value_var_accounts_user_umask">027</abbr></pre></div></td></tr><tr><td>Rationale</td><td><div class="rationale">The umask value influences the permissions assigned to files when they are created.
A misconfigured umask value could result in files with excessive permissions that can be read and
written to by unauthorized users.</div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">Verify the existence of var_accounts_user_umask_as_number variable</span>Â 
        <span class="label label-default">oval:ssg-test_existence_of_var_accounts_user_umask_as_number_variable:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Var ref</th><th>Value</th></tr></thead><tbody><tr><td>oval:ssg-var_accounts_user_umask_umask_as_number:var:1</td><td>23</td></tr></tbody></table><h4><span class="label label-primary">Test the retrieved /etc/login.defs umask value(s) match the var_accounts_user_umask requirement</span>Â 
        <span class="label label-default">oval:ssg-tst_accounts_umask_etc_login_defs:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Var ref</th><th>Value</th></tr></thead><tbody><tr><td>oval:ssg-var_etc_login_defs_umask_as_number:var:1</td><td>23</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_accounts_umask_etc_profile" id="rule-detail-id34326"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Ensure the Default Umask is Set Correctly in /etc/profilexccdf_org.ssgproject.content_rule_accounts_umask_etc_profile mediumCCE-91216-2 </div><div class="panel-heading"><h3 class="panel-title">Ensure the Default Umask is Set Correctly in /etc/profile</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_accounts_umask_etc_profile</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-accounts_umask_etc_profile:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:06+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
            <abbr title="https://ncp.nist.gov/cce: CCE-91216-2">CCE-91216-2</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R35)</a>, <a href="https://www.cisecurity.org/controls/">18</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.02</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.03</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.3.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.5</a>, <a href="https://www.iso.org/standard/54534.html">A.6.1.5</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-003-8 R5.1.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-003-8 R5.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-004-6 R2.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R2.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R2.2</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R2.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.1.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.1.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(1)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.IP-2</a>, <a href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">8.6.1</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00228</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a>, <a href="https://www.cisecurity.org/benchmark/suse_linux/">5.4.5</a></p></td></tr><tr><td>Description</td><td><div class="description">To ensure the default umask controlled by <code>/etc/profile</code> is set properly,
add or correct the <code>umask</code> setting in <code>/etc/profile</code> to read as follows:
<pre>umask <abbr title="from TestResult: xccdf_org.ssgproject.content_value_var_accounts_user_umask">027</abbr></pre>

Note that <code>/etc/profile</code> also reads scrips within <code>/etc/profile.d</code> directory.
These scripts are also valid files to set umask value. Therefore, they should also be
considered during the check and properly remediated, if necessary.</div></td></tr><tr><td>Rationale</td><td><div class="rationale">The umask value influences the permissions assigned to files when they are created.
A misconfigured umask value could result in files with excessive permissions that can be read or
written to by unauthorized users.</div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">Verify the existence of var_accounts_user_umask_as_number variable</span>Â 
        <span class="label label-default">oval:ssg-test_existence_of_var_accounts_user_umask_as_number_variable:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Var ref</th><th>Value</th></tr></thead><tbody><tr><td>oval:ssg-var_accounts_user_umask_umask_as_number:var:1</td><td>23</td></tr></tbody></table><h4><span class="label label-primary">umask value(s) from profile configuration files match the requirement</span>Â 
        <span class="label label-default">oval:ssg-tst_accounts_umask_etc_profile:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Var ref</th><th>Value</th></tr></thead><tbody><tr><td>oval:ssg-var_etc_profile_umask_as_number:var:1</td><td>23</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_accounts_have_homedir_login_defs" id="rule-detail-id34327"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Ensure Home Directories are Created for New Usersxccdf_org.ssgproject.content_rule_accounts_have_homedir_login_defs mediumCCE-85562-7 </div><div class="panel-heading"><h3 class="panel-title">Ensure Home Directories are Created for New Users</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_accounts_have_homedir_login_defs</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-accounts_have_homedir_login_defs:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:06+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
            <abbr title="https://ncp.nist.gov/cce: CCE-85562-7">CCE-85562-7</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
            <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">SLES-15-020110</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-234880r622137_rule</a></p></td></tr><tr><td>Description</td><td><div class="description">All local interactive user accounts, upon creation, should be assigned a home directory.
<br><br>
Configure the operating system to assign home directories to all new local interactive users by setting the <code>CREATE_HOME</code>
parameter in <code>/etc/login.defs</code> to <code>yes</code> as follows:
<br><br>
<pre>CREATE_HOME yes</pre></div></td></tr><tr><td>Rationale</td><td><div class="rationale">If local interactive users are not assigned a valid home directory, there is no place
for the storage and control of files they should own.</div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">Check value of CREATE_HOME in /etc/login.defs</span>Â 
        <span class="label label-default">oval:ssg-test_accounts_have_homedir_login_defs:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/login.defs</td><td>CREATE_HOME yes
</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_accounts_tmout" id="rule-detail-id34328"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Set Interactive Session Timeoutxccdf_org.ssgproject.content_rule_accounts_tmout mediumCCE-83269-1 </div><div class="panel-heading"><h3 class="panel-title">Set Interactive Session Timeout</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_accounts_tmout</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-accounts_tmout:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:06+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
            <abbr title="https://ncp.nist.gov/cce: CCE-83269-1">CCE-83269-1</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R29)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.10</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.10</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.11</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000057</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001133</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002361</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.9</a>, <a href="https://www.iso.org/standard/54534.html">A.18.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-004-6 R2.2.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.2</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.3.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.3.2</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.3.3</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-12</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">SC-10</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-2(5)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-7</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FMT_MOF_EXT.1</a>, <a href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">8.6.1</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000163-GPOS-00072</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000029-GPOS-00010</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">SLES-15-010130</a>, <a href="https://www.cisecurity.org/benchmark/suse_linux/">5.4.4</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-234813r622137_rule</a></p></td></tr><tr><td>Description</td><td><div class="description">Setting the <code>TMOUT</code> option in <code>/etc/profile</code> ensures that
all user sessions will terminate based on inactivity.
The value of TMOUT should be exported and read only.
The <code>TMOUT</code>

setting in <code>/etc/profile.d/autologout.sh</code> should read as follows:
<pre>TMOUT=<abbr title="from TestResult: xccdf_org.ssgproject.content_value_var_accounts_tmout">900</abbr></pre>
readonly TMOUT
export TMOUT</div></td></tr><tr><td>Rationale</td><td><div class="rationale">Terminating an idle session within a short time period reduces
the window of opportunity for unauthorized personnel to take control of a
management session enabled on the console or console port that has been
left unattended.</div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">TMOUT in /etc/profile</span>Â 
        <span class="label label-default">oval:ssg-test_etc_profile_tmout:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_etc_profile_tmout:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/profile</td><td>^[\s]*TMOUT=([\w$]+)[\s]*readonly TMOUT[\s]*export TMOUT$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">TMOUT in /etc/profile.d/*.sh</span>Â 
        <span class="label label-default">oval:ssg-test_etc_profiled_tmout:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/profile.d/autologout.sh</td><td>TMOUT=900
readonly TMOUT
export TMOUT</td></tr></tbody></table><h4><span class="label label-primary">Check that at least one TMOUT is defined</span>Â 
        <span class="label label-default">oval:ssg-test_accounts_tmout_defined:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Var ref</th><th>Value</th></tr></thead><tbody><tr><td>oval:ssg-variable_count_of_tmout_instances:var:1</td><td>1</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_file_permissions_home_directories" id="rule-detail-id34329"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->All Interactive User Home Directories Must Have mode 0750 Or Less Permissivexccdf_org.ssgproject.content_rule_file_permissions_home_directories mediumCCE-85629-4 </div><div class="panel-heading"><h3 class="panel-title">All Interactive User Home Directories Must Have mode 0750 Or Less Permissive</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_file_permissions_home_directories</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-file_permissions_home_directories:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:06+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
            <abbr title="https://ncp.nist.gov/cce: CCE-85629-4">CCE-85629-4</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
            <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">SLES-15-040090</a>, <a href="https://www.cisecurity.org/benchmark/suse_linux/">6.2.6</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-234993r622137_rule</a></p></td></tr><tr><td>Description</td><td><div class="description">Change the mode of interactive users home directories to <code>0750</code>. To
change the mode of interactive users home directory, use the
following command:
<pre>$ sudo chmod 0750 /home/<i>USER</i></pre></div></td></tr><tr><td>Rationale</td><td><div class="rationale">Excessive permissions on local interactive user home directories may allow
unauthorized access to user files by other users.</div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">All home directories have proper permissions</span>Â 
        <span class="label label-default">oval:ssg-test_file_permissions_home_directories:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Type</th><th>UID</th><th>GID</th><th>Size (B)</th><th>Permissions</th></tr></thead><tbody><tr><td>/home/bernhard/</td><td>directory</td><td>1001</td><td>100</td><td>168</td><td><code>rwxr-x---Â </code></td></tr><tr><td>/home/azureuser/</td><td>directory</td><td>1000</td><td>100</td><td>168</td><td><code>rwxr-x---Â </code></td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_chmod" id="rule-detail-id34330"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Record Events that Modify the System's Discretionary Access Controls - chmodxccdf_org.ssgproject.content_rule_audit_rules_dac_modification_chmod mediumCCE-85693-0 </div><div class="panel-heading"><h3 class="panel-title">Record Events that Modify the System's Discretionary Access Controls - chmod</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_chmod</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-audit_rules_dac_modification_chmod:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:07+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
            <abbr title="https://ncp.nist.gov/cce: CCE-85693-0">CCE-85693-0</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R73)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000126</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000130</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000135</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000172</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002884</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-3</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-3.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12.1(iv)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12.1(ii)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">MA-4(1)(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.5.5</a>, <a href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">10.3.4</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000037-GPOS-00015</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000042-GPOS-00020</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000062-GPOS-00031</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000392-GPOS-00172</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000462-GPOS-00206</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000471-GPOS-00215</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000064-GPOS-00033</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000466-GPOS-00210</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000458-GPOS-00203</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">SLES-15-030290</a>, <a href="https://www.cisecurity.org/benchmark/suse_linux/">4.1.9</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-234928r622137_rule</a></p></td></tr><tr><td>Description</td><td><div class="description">At a minimum, the audit system should collect file permission
changes for all users and root. If the <code>auditd</code> daemon is configured to
use the <code>augenrules</code> program to read audit rules during daemon startup
(the default), add the following line to a file with suffix <code>.rules</code> in
the directory <code>/etc/audit/rules.d</code>:
<pre>-a always,exit -F arch=b32 -S chmod -F auid&gt;=1000 -F auid!=unset -F key=perm_mod</pre>
If the system is 64 bit then also add the following line:
<pre>-a always,exit -F arch=b64 -S chmod -F auid&gt;=1000 -F auid!=unset -F key=perm_mod</pre>
If the <code>auditd</code> daemon is configured to use the <code>auditctl</code>
utility to read audit rules during daemon startup, add the following line to
<code>/etc/audit/audit.rules</code> file:
<pre>-a always,exit -F arch=b32 -S chmod -F auid&gt;=1000 -F auid!=unset -F key=perm_mod</pre>
If the system is 64 bit then also add the following line:
<pre>-a always,exit -F arch=b64 -S chmod -F auid&gt;=1000 -F auid!=unset -F key=perm_mod</pre></div></td></tr><tr><td>Rationale</td><td><div class="rationale">The changing of file permissions could indicate that a user is attempting to
gain access to information that would otherwise be disallowed. Auditing DAC modifications
can facilitate the identification of patterns of abuse among both authorized and
unauthorized users.</div></td></tr><tr><td>Warnings</td><td><div class="panel panel-warning"><div class="panel-heading"><span class="label label-warning">warning</span>Â 
                                Note that these rules can be configured in a
number of ways while still achieving the desired effect.  Here the system calls
have been placed independent of other system calls.  Grouping these system
calls with others as identifying earlier in this guide is more efficient.</div></div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">audit augenrules</span>Â 
        <span class="label label-default">oval:ssg-test_audit_rules_augenrules:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>Requires=augenrules.service</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules 32-bit chmod</span>Â 
        <span class="label label-default">oval:ssg-test_32bit_ardm_chmod_augenrules:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/perm_mod.rules</td><td>-a always,exit -F arch=b32 -S chmod -F auid&gt;=1000 -F auid!=unset -F key=perm_mod</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_x86_64:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_ppc_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="64 bit architecture">oval:ssg-object_system_info_architecture_ppcle_64:obj:1</abbr></strong> of type
                <strong>uname_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_aarch_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_s390_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules 64-bit chmod</span>Â 
        <span class="label label-default">oval:ssg-test_64bit_ardm_chmod_augenrules:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/perm_mod.rules</td><td>-a always,exit -F arch=b64 -S chmod -F auid&gt;=1000 -F auid!=unset -F key=perm_mod</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl</span>Â 
        <span class="label label-default">oval:ssg-test_audit_rules_auditctl:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_audit_rules_auditctl:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>^ExecStartPost=\-\/sbin\/auditctl.*$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl 32-bit chmod</span>Â 
        <span class="label label-default">oval:ssg-test_32bit_ardm_chmod_auditctl:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-a always,exit -F arch=b32 -S chmod -F auid&gt;=1000 -F auid!=unset -F key=perm_mod</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_x86_64:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_ppc_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="64 bit architecture">oval:ssg-object_system_info_architecture_ppcle_64:obj:1</abbr></strong> of type
                <strong>uname_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_aarch_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_s390_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl 64-bit chmod</span>Â 
        <span class="label label-default">oval:ssg-test_64bit_ardm_chmod_auditctl:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-a always,exit -F arch=b64 -S chmod -F auid&gt;=1000 -F auid!=unset -F key=perm_mod</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_chown" id="rule-detail-id34331"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Record Events that Modify the System's Discretionary Access Controls - chownxccdf_org.ssgproject.content_rule_audit_rules_dac_modification_chown mediumCCE-85690-6 </div><div class="panel-heading"><h3 class="panel-title">Record Events that Modify the System's Discretionary Access Controls - chown</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_chown</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-audit_rules_dac_modification_chown:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:07+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
            <abbr title="https://ncp.nist.gov/cce: CCE-85690-6">CCE-85690-6</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R73)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000126</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000130</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000135</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000172</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002884</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-3</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-3.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12.1(iv)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12.1(ii)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">MA-4(1)(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.5.5</a>, <a href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">10.3.4</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000037-GPOS-00015</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000042-GPOS-00020</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000062-GPOS-00031</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000392-GPOS-00172</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000462-GPOS-00206</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000471-GPOS-00215</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000064-GPOS-00033</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000466-GPOS-00210</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000458-GPOS-00203</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000474-GPOS-00219</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">SLES-15-030250</a>, <a href="https://www.cisecurity.org/benchmark/suse_linux/">4.1.9</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-234924r622137_rule</a></p></td></tr><tr><td>Description</td><td><div class="description">At a minimum, the audit system should collect file permission
changes for all users and root. If the <code>auditd</code> daemon is configured to
use the <code>augenrules</code> program to read audit rules during daemon startup
(the default), add the following line to a file with suffix <code>.rules</code> in
the directory <code>/etc/audit/rules.d</code>:
<pre>-a always,exit -F arch=b32 -S chown -F auid&gt;=1000 -F auid!=unset -F key=perm_mod</pre>
If the system is 64 bit then also add the following line:
<pre>-a always,exit -F arch=b64 -S chown -F auid&gt;=1000 -F auid!=unset -F key=perm_mod</pre>
If the <code>auditd</code> daemon is configured to use the <code>auditctl</code>
utility to read audit rules during daemon startup, add the following line to
<code>/etc/audit/audit.rules</code> file:
<pre>-a always,exit -F arch=b32 -S chown -F auid&gt;=1000 -F auid!=unset -F key=perm_mod</pre>
If the system is 64 bit then also add the following line:
<pre>-a always,exit -F arch=b64 -S chown -F auid&gt;=1000 -F auid!=unset -F key=perm_mod</pre></div></td></tr><tr><td>Rationale</td><td><div class="rationale">The changing of file permissions could indicate that a user is attempting to
gain access to information that would otherwise be disallowed. Auditing DAC modifications
can facilitate the identification of patterns of abuse among both authorized and
unauthorized users.</div></td></tr><tr><td>Warnings</td><td><div class="panel panel-warning"><div class="panel-heading"><span class="label label-warning">warning</span>Â 
                                Note that these rules can be configured in a
number of ways while still achieving the desired effect.  Here the system calls
have been placed independent of other system calls.  Grouping these system
calls with others as identifying earlier in this guide is more efficient.</div></div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">audit augenrules</span>Â 
        <span class="label label-default">oval:ssg-test_audit_rules_augenrules:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>Requires=augenrules.service</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules 32-bit chown</span>Â 
        <span class="label label-default">oval:ssg-test_32bit_ardm_chown_augenrules:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/perm_mod.rules</td><td>-a always,exit -F arch=b32 -S chown -F auid&gt;=1000 -F auid!=unset -F key=perm_mod</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_x86_64:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_ppc_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="64 bit architecture">oval:ssg-object_system_info_architecture_ppcle_64:obj:1</abbr></strong> of type
                <strong>uname_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_aarch_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_s390_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules 64-bit chown</span>Â 
        <span class="label label-default">oval:ssg-test_64bit_ardm_chown_augenrules:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/perm_mod.rules</td><td>-a always,exit -F arch=b64 -S chown -F auid&gt;=1000 -F auid!=unset -F key=perm_mod</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl</span>Â 
        <span class="label label-default">oval:ssg-test_audit_rules_auditctl:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_audit_rules_auditctl:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>^ExecStartPost=\-\/sbin\/auditctl.*$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl 32-bit chown</span>Â 
        <span class="label label-default">oval:ssg-test_32bit_ardm_chown_auditctl:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-a always,exit -F arch=b32 -S chown -F auid&gt;=1000 -F auid!=unset -F key=perm_mod</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_x86_64:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_ppc_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="64 bit architecture">oval:ssg-object_system_info_architecture_ppcle_64:obj:1</abbr></strong> of type
                <strong>uname_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_aarch_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_s390_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl 64-bit chown</span>Â 
        <span class="label label-default">oval:ssg-test_64bit_ardm_chown_auditctl:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-a always,exit -F arch=b64 -S chown -F auid&gt;=1000 -F auid!=unset -F key=perm_mod</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_fchmod" id="rule-detail-id34332"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Record Events that Modify the System's Discretionary Access Controls - fchmodxccdf_org.ssgproject.content_rule_audit_rules_dac_modification_fchmod mediumCCE-85694-8 </div><div class="panel-heading"><h3 class="panel-title">Record Events that Modify the System's Discretionary Access Controls - fchmod</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_fchmod</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-audit_rules_dac_modification_fchmod:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:07+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
            <abbr title="https://ncp.nist.gov/cce: CCE-85694-8">CCE-85694-8</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R73)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000126</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000130</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000135</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000172</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002884</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-3</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-3.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12.1(iv)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12.1(ii)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">MA-4(1)(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.5.5</a>, <a href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">10.3.4</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000037-GPOS-00015</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000042-GPOS-00020</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000062-GPOS-00031</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000392-GPOS-00172</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000462-GPOS-00206</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000471-GPOS-00215</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000064-GPOS-00033</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000466-GPOS-00210</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000458-GPOS-00203</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">SLES-15-030290</a>, <a href="https://www.cisecurity.org/benchmark/suse_linux/">4.1.9</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-234928r622137_rule</a></p></td></tr><tr><td>Description</td><td><div class="description">At a minimum, the audit system should collect file permission
changes for all users and root. If the <code>auditd</code> daemon is configured to
use the <code>augenrules</code> program to read audit rules during daemon startup
(the default), add the following line to a file with suffix <code>.rules</code> in
the directory <code>/etc/audit/rules.d</code>:
<pre>-a always,exit -F arch=b32 -S fchmod -F auid&gt;=1000 -F auid!=unset -F key=perm_mod</pre>
If the system is 64 bit then also add the following line:
<pre>-a always,exit -F arch=b64 -S fchmod -F auid&gt;=1000 -F auid!=unset -F key=perm_mod</pre>
If the <code>auditd</code> daemon is configured to use the <code>auditctl</code>
utility to read audit rules during daemon startup, add the following line to
<code>/etc/audit/audit.rules</code> file:
<pre>-a always,exit -F arch=b32 -S fchmod -F auid&gt;=1000 -F auid!=unset -F key=perm_mod</pre>
If the system is 64 bit then also add the following line:
<pre>-a always,exit -F arch=b64 -S fchmod -F auid&gt;=1000 -F auid!=unset -F key=perm_mod</pre></div></td></tr><tr><td>Rationale</td><td><div class="rationale">The changing of file permissions could indicate that a user is attempting to
gain access to information that would otherwise be disallowed. Auditing DAC modifications
can facilitate the identification of patterns of abuse among both authorized and
unauthorized users.</div></td></tr><tr><td>Warnings</td><td><div class="panel panel-warning"><div class="panel-heading"><span class="label label-warning">warning</span>Â 
                                Note that these rules can be configured in a
number of ways while still achieving the desired effect. Here the system calls
have been placed independent of other system calls. Grouping these system
calls with others as identifying earlier in this guide is more efficient.</div></div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">audit augenrules</span>Â 
        <span class="label label-default">oval:ssg-test_audit_rules_augenrules:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>Requires=augenrules.service</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules 32-bit fchmod</span>Â 
        <span class="label label-default">oval:ssg-test_32bit_ardm_fchmod_augenrules:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/perm_mod.rules</td><td>-a always,exit -F arch=b32 -S fchmod -F auid&gt;=1000 -F auid!=unset -F key=perm_mod</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_x86_64:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_ppc_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="64 bit architecture">oval:ssg-object_system_info_architecture_ppcle_64:obj:1</abbr></strong> of type
                <strong>uname_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_aarch_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_s390_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules 64-bit fchmod</span>Â 
        <span class="label label-default">oval:ssg-test_64bit_ardm_fchmod_augenrules:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/perm_mod.rules</td><td>-a always,exit -F arch=b64 -S fchmod -F auid&gt;=1000 -F auid!=unset -F key=perm_mod</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl</span>Â 
        <span class="label label-default">oval:ssg-test_audit_rules_auditctl:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_audit_rules_auditctl:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>^ExecStartPost=\-\/sbin\/auditctl.*$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl 32-bit fchmod</span>Â 
        <span class="label label-default">oval:ssg-test_32bit_ardm_fchmod_auditctl:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-a always,exit -F arch=b32 -S fchmod -F auid&gt;=1000 -F auid!=unset -F key=perm_mod</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_x86_64:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_ppc_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="64 bit architecture">oval:ssg-object_system_info_architecture_ppcle_64:obj:1</abbr></strong> of type
                <strong>uname_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_aarch_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_s390_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl 64-bit fchmod</span>Â 
        <span class="label label-default">oval:ssg-test_64bit_ardm_fchmod_auditctl:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-a always,exit -F arch=b64 -S fchmod -F auid&gt;=1000 -F auid!=unset -F key=perm_mod</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_fchmodat" id="rule-detail-id34333"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Record Events that Modify the System's Discretionary Access Controls - fchmodatxccdf_org.ssgproject.content_rule_audit_rules_dac_modification_fchmodat mediumCCE-85695-5 </div><div class="panel-heading"><h3 class="panel-title">Record Events that Modify the System's Discretionary Access Controls - fchmodat</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_fchmodat</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-audit_rules_dac_modification_fchmodat:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:07+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
            <abbr title="https://ncp.nist.gov/cce: CCE-85695-5">CCE-85695-5</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R73)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000126</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000130</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000135</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000172</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002884</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-3</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-3.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12.1(iv)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12.1(ii)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">MA-4(1)(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.5.5</a>, <a href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">10.3.4</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000037-GPOS-00015</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000042-GPOS-00020</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000062-GPOS-00031</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000392-GPOS-00172</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000462-GPOS-00206</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000471-GPOS-00215</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000064-GPOS-00033</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000466-GPOS-00210</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000458-GPOS-00203</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">SLES-15-030290</a>, <a href="https://www.cisecurity.org/benchmark/suse_linux/">4.1.9</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-234928r622137_rule</a></p></td></tr><tr><td>Description</td><td><div class="description">At a minimum, the audit system should collect file permission
changes for all users and root. If the <code>auditd</code> daemon is configured to
use the <code>augenrules</code> program to read audit rules during daemon startup
(the default), add the following line to a file with suffix <code>.rules</code> in
the directory <code>/etc/audit/rules.d</code>:
<pre>-a always,exit -F arch=b32 -S fchmodat -F auid&gt;=1000 -F auid!=unset -F key=perm_mod</pre>
If the system is 64 bit then also add the following line:
<pre>-a always,exit -F arch=b64 -S fchmodat -F auid&gt;=1000 -F auid!=unset -F key=perm_mod</pre>
If the <code>auditd</code> daemon is configured to use the <code>auditctl</code>
utility to read audit rules during daemon startup, add the following line to
<code>/etc/audit/audit.rules</code> file:
<pre>-a always,exit -F arch=b32 -S fchmodat -F auid&gt;=1000 -F auid!=unset -F key=perm_mod</pre>
If the system is 64 bit then also add the following line:
<pre>-a always,exit -F arch=b64 -S fchmodat -F auid&gt;=1000 -F auid!=unset -F key=perm_mod</pre></div></td></tr><tr><td>Rationale</td><td><div class="rationale">The changing of file permissions could indicate that a user is attempting to
gain access to information that would otherwise be disallowed. Auditing DAC modifications
can facilitate the identification of patterns of abuse among both authorized and
unauthorized users.</div></td></tr><tr><td>Warnings</td><td><div class="panel panel-warning"><div class="panel-heading"><span class="label label-warning">warning</span>Â 
                                Note that these rules can be configured in a
number of ways while still achieving the desired effect. Here the system calls
have been placed independent of other system calls. Grouping these system
calls with others as identifying earlier in this guide is more efficient.</div></div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">audit augenrules</span>Â 
        <span class="label label-default">oval:ssg-test_audit_rules_augenrules:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>Requires=augenrules.service</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules 32-bit fchmodat</span>Â 
        <span class="label label-default">oval:ssg-test_32bit_ardm_fchmodat_augenrules:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/perm_mod.rules</td><td>-a always,exit -F arch=b32 -S fchmodat -F auid&gt;=1000 -F auid!=unset -F key=perm_mod</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_x86_64:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_ppc_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="64 bit architecture">oval:ssg-object_system_info_architecture_ppcle_64:obj:1</abbr></strong> of type
                <strong>uname_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_aarch_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_s390_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules 64-bit fchmodat</span>Â 
        <span class="label label-default">oval:ssg-test_64bit_ardm_fchmodat_augenrules:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/perm_mod.rules</td><td>-a always,exit -F arch=b64 -S fchmodat -F auid&gt;=1000 -F auid!=unset -F key=perm_mod</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl</span>Â 
        <span class="label label-default">oval:ssg-test_audit_rules_auditctl:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_audit_rules_auditctl:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>^ExecStartPost=\-\/sbin\/auditctl.*$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl 32-bit fchmodat</span>Â 
        <span class="label label-default">oval:ssg-test_32bit_ardm_fchmodat_auditctl:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-a always,exit -F arch=b32 -S fchmodat -F auid&gt;=1000 -F auid!=unset -F key=perm_mod</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_x86_64:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_ppc_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="64 bit architecture">oval:ssg-object_system_info_architecture_ppcle_64:obj:1</abbr></strong> of type
                <strong>uname_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_aarch_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_s390_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl 64-bit fchmodat</span>Â 
        <span class="label label-default">oval:ssg-test_64bit_ardm_fchmodat_auditctl:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-a always,exit -F arch=b64 -S fchmodat -F auid&gt;=1000 -F auid!=unset -F key=perm_mod</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_fchown" id="rule-detail-id34334"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Record Events that Modify the System's Discretionary Access Controls - fchownxccdf_org.ssgproject.content_rule_audit_rules_dac_modification_fchown mediumCCE-85721-9 </div><div class="panel-heading"><h3 class="panel-title">Record Events that Modify the System's Discretionary Access Controls - fchown</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_fchown</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-audit_rules_dac_modification_fchown:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:07+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
            <abbr title="https://ncp.nist.gov/cce: CCE-85721-9">CCE-85721-9</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R73)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000126</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000130</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000135</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000172</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002884</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-3</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-3.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12.1(iv)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12.1(ii)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">MA-4(1)(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.5.5</a>, <a href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">10.3.4</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000037-GPOS-00015</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000042-GPOS-00020</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000062-GPOS-00031</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000392-GPOS-00172</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000462-GPOS-00206</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000471-GPOS-00215</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000064-GPOS-00033</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000466-GPOS-00210</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000458-GPOS-00203</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000474-GPOS-00219</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">SLES-15-030250</a>, <a href="https://www.cisecurity.org/benchmark/suse_linux/">4.1.9</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-234924r622137_rule</a></p></td></tr><tr><td>Description</td><td><div class="description">At a minimum, the audit system should collect file permission
changes for all users and root. If the <code>auditd</code> daemon is configured
to use the <code>augenrules</code> program to read audit rules during daemon
startup (the default), add the following line to a file with suffix
<code>.rules</code> in the directory <code>/etc/audit/rules.d</code>:
<pre>-a always,exit -F arch=b32 -S fchown -F auid&gt;=1000 -F auid!=unset -F key=perm_mod</pre>

If the system is 64 bit then also add the following line:
<pre>-a always,exit -F arch=b64 -S fchown -F auid&gt;=1000 -F auid!=unset -F key=perm_mod</pre>

If the <code>auditd</code> daemon is configured to use the <code>auditctl</code>
utility to read audit rules during daemon startup, add the following line to
<code>/etc/audit/audit.rules</code> file:
<pre>-a always,exit -F arch=b32 -S fchown -F auid&gt;=1000 -F auid!=unset -F key=perm_mod</pre>

If the system is 64 bit then also add the following line:
<pre>-a always,exit -F arch=b64 -S fchown -F auid&gt;=1000 -F auid!=unset -F key=perm_mod</pre></div></td></tr><tr><td>Rationale</td><td><div class="rationale">The changing of file permissions could indicate that a user is attempting to
gain access to information that would otherwise be disallowed. Auditing DAC modifications
can facilitate the identification of patterns of abuse among both authorized and
unauthorized users.</div></td></tr><tr><td>Warnings</td><td><div class="panel panel-warning"><div class="panel-heading"><span class="label label-warning">warning</span>Â 
                                Note that these rules can be configured in a
number of ways while still achieving the desired effect. Here the system calls
have been placed independent of other system calls. Grouping these system
calls with others as identifying earlier in this guide is more efficient.</div></div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">audit augenrules</span>Â 
        <span class="label label-default">oval:ssg-test_audit_rules_augenrules:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>Requires=augenrules.service</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules 32-bit fchown</span>Â 
        <span class="label label-default">oval:ssg-test_32bit_ardm_fchown_augenrules:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/perm_mod.rules</td><td>-a always,exit -F arch=b32 -S fchown -F auid&gt;=1000 -F auid!=unset -F key=perm_mod</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_x86_64:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_ppc_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="64 bit architecture">oval:ssg-object_system_info_architecture_ppcle_64:obj:1</abbr></strong> of type
                <strong>uname_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_aarch_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_s390_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules 64-bit fchown</span>Â 
        <span class="label label-default">oval:ssg-test_64bit_ardm_fchown_augenrules:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/perm_mod.rules</td><td>-a always,exit -F arch=b64 -S fchown -F auid&gt;=1000 -F auid!=unset -F key=perm_mod</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl</span>Â 
        <span class="label label-default">oval:ssg-test_audit_rules_auditctl:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_audit_rules_auditctl:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>^ExecStartPost=\-\/sbin\/auditctl.*$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl 32-bit fchown</span>Â 
        <span class="label label-default">oval:ssg-test_32bit_ardm_fchown_auditctl:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-a always,exit -F arch=b32 -S fchown -F auid&gt;=1000 -F auid!=unset -F key=perm_mod</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_x86_64:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_ppc_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="64 bit architecture">oval:ssg-object_system_info_architecture_ppcle_64:obj:1</abbr></strong> of type
                <strong>uname_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_aarch_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_s390_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl 64-bit fchown</span>Â 
        <span class="label label-default">oval:ssg-test_64bit_ardm_fchown_auditctl:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-a always,exit -F arch=b64 -S fchown -F auid&gt;=1000 -F auid!=unset -F key=perm_mod</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_fchownat" id="rule-detail-id34335"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Record Events that Modify the System's Discretionary Access Controls - fchownatxccdf_org.ssgproject.content_rule_audit_rules_dac_modification_fchownat mediumCCE-85692-2 </div><div class="panel-heading"><h3 class="panel-title">Record Events that Modify the System's Discretionary Access Controls - fchownat</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_fchownat</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-audit_rules_dac_modification_fchownat:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:07+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
            <abbr title="https://ncp.nist.gov/cce: CCE-85692-2">CCE-85692-2</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R73)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000126</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000130</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000135</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000172</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002884</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-3</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-3.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12.1(iv)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12.1(ii)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">MA-4(1)(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.5.5</a>, <a href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">10.3.4</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000037-GPOS-00015</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000042-GPOS-00020</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000062-GPOS-00031</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000392-GPOS-00172</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000462-GPOS-00206</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000471-GPOS-00215</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000064-GPOS-00033</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000466-GPOS-00210</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000458-GPOS-00203</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000474-GPOS-00219</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">SLES-15-030250</a>, <a href="https://www.cisecurity.org/benchmark/suse_linux/">4.1.9</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-234924r622137_rule</a></p></td></tr><tr><td>Description</td><td><div class="description">At a minimum, the audit system should collect file permission
changes for all users and root. If the <code>auditd</code> daemon is configured
to use the <code>augenrules</code> program to read audit rules during daemon
startup (the default), add the following line to a file with suffix
<code>.rules</code> in the directory <code>/etc/audit/rules.d</code>:
<pre>-a always,exit -F arch=b32 -S fchownat -F auid&gt;=1000 -F auid!=unset -F key=perm_mod</pre>
If the system is 64 bit then also add the following line:
<pre>-a always,exit -F arch=b64 -S fchownat -F auid&gt;=1000 -F auid!=unset -F key=perm_mod</pre>
If the <code>auditd</code> daemon is configured to use the <code>auditctl</code>
utility to read audit rules during daemon startup, add the following line to
<code>/etc/audit/audit.rules</code> file:
<pre>-a always,exit -F arch=b32 -S fchownat -F auid&gt;=1000 -F auid!=unset -F key=perm_mod</pre>
If the system is 64 bit then also add the following line:
<pre>-a always,exit -F arch=b64 -S fchownat -F auid&gt;=1000 -F auid!=unset -F key=perm_mod</pre></div></td></tr><tr><td>Rationale</td><td><div class="rationale">The changing of file permissions could indicate that a user is attempting to
gain access to information that would otherwise be disallowed. Auditing DAC modifications
can facilitate the identification of patterns of abuse among both authorized and
unauthorized users.</div></td></tr><tr><td>Warnings</td><td><div class="panel panel-warning"><div class="panel-heading"><span class="label label-warning">warning</span>Â 
                                Note that these rules can be configured in a
number of ways while still achieving the desired effect. Here the system calls
have been placed independent of other system calls. Grouping these system
calls with others as identifying earlier in this guide is more efficient.</div></div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">audit augenrules</span>Â 
        <span class="label label-default">oval:ssg-test_audit_rules_augenrules:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>Requires=augenrules.service</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules 32-bit fchownat</span>Â 
        <span class="label label-default">oval:ssg-test_32bit_ardm_fchownat_augenrules:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/perm_mod.rules</td><td>-a always,exit -F arch=b32 -S fchownat -F auid&gt;=1000 -F auid!=unset -F key=perm_mod</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_x86_64:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_ppc_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="64 bit architecture">oval:ssg-object_system_info_architecture_ppcle_64:obj:1</abbr></strong> of type
                <strong>uname_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_aarch_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_s390_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules 64-bit fchownat</span>Â 
        <span class="label label-default">oval:ssg-test_64bit_ardm_fchownat_augenrules:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/perm_mod.rules</td><td>-a always,exit -F arch=b64 -S fchownat -F auid&gt;=1000 -F auid!=unset -F key=perm_mod</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl</span>Â 
        <span class="label label-default">oval:ssg-test_audit_rules_auditctl:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_audit_rules_auditctl:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>^ExecStartPost=\-\/sbin\/auditctl.*$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl 32-bit fchownat</span>Â 
        <span class="label label-default">oval:ssg-test_32bit_ardm_fchownat_auditctl:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-a always,exit -F arch=b32 -S fchownat -F auid&gt;=1000 -F auid!=unset -F key=perm_mod</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_x86_64:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_ppc_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="64 bit architecture">oval:ssg-object_system_info_architecture_ppcle_64:obj:1</abbr></strong> of type
                <strong>uname_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_aarch_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_s390_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl 64-bit fchownat</span>Â 
        <span class="label label-default">oval:ssg-test_64bit_ardm_fchownat_auditctl:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-a always,exit -F arch=b64 -S fchownat -F auid&gt;=1000 -F auid!=unset -F key=perm_mod</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_fremovexattr" id="rule-detail-id34336"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Record Events that Modify the System's Discretionary Access Controls - fremovexattrxccdf_org.ssgproject.content_rule_audit_rules_dac_modification_fremovexattr mediumCCE-85686-4 </div><div class="panel-heading"><h3 class="panel-title">Record Events that Modify the System's Discretionary Access Controls - fremovexattr</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_fremovexattr</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-audit_rules_dac_modification_fremovexattr:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:07+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
            <abbr title="https://ncp.nist.gov/cce: CCE-85686-4">CCE-85686-4</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R73)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000130</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000135</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000172</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002884</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12.1(ii)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12.1(iv)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-3</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-3.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">MA-4(1)(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.5.5</a>, <a href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">10.3.4</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000037-GPOS-00015</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000042-GPOS-00020</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000062-GPOS-00031</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000392-GPOS-00172</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000458-GPOS-00203</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000462-GPOS-00206</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000463-GPOS-00207</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000471-GPOS-00215</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000474-GPOS-00219</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000466-GPOS-00210</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000468-GPOS-00212</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000064-GPOS-00033</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">SLES-15-030190</a>, <a href="https://www.cisecurity.org/benchmark/suse_linux/">4.1.9</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-234918r622137_rule</a></p></td></tr><tr><td>Description</td><td><div class="description">At a minimum, the audit system should collect file permission
changes for all users and root.
<br><br>
If the <code>auditd</code> daemon is configured
to use the <code>augenrules</code> program to read audit rules during daemon
startup (the default), add the following line to a file with suffix
<code>.rules</code> in the directory <code>/etc/audit/rules.d</code>:
<pre>-a always,exit -F arch=b32 -S fremovexattr -F auid&gt;=1000 -F auid!=unset -F key=perm_mod</pre>
<br><br>
If the system is 64 bit then also add the following line:
<pre>-a always,exit -F arch=b64 -S fremovexattr -F auid&gt;=1000 -F auid!=unset -F key=perm_mod</pre>
<br><br>
If the <code>auditd</code> daemon is configured to use the <code>auditctl</code>
utility to read audit rules during daemon startup, add the following line to
<code>/etc/audit/audit.rules</code> file:
<pre>-a always,exit -F arch=b32 -S fremovexattr -F auid&gt;=1000 -F auid!=unset -F key=perm_mod</pre>
<br><br>
If the system is 64 bit then also add the following line:
<pre>-a always,exit -F arch=b64 -S fremovexattr -F auid&gt;=1000 -F auid!=unset -F key=perm_mod</pre></div></td></tr><tr><td>Rationale</td><td><div class="rationale">The changing of file permissions could indicate that a user is attempting to
gain access to information that would otherwise be disallowed. Auditing DAC modifications
can facilitate the identification of patterns of abuse among both authorized and
unauthorized users.</div></td></tr><tr><td>Warnings</td><td><div class="panel panel-warning"><div class="panel-heading"><span class="label label-warning">warning</span>Â 
                                Note that these rules can be configured in a
number of ways while still achieving the desired effect. Here the system calls
have been placed independent of other system calls. Grouping these system
calls with others as identifying earlier in this guide is more efficient.</div></div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">audit augenrules</span>Â 
        <span class="label label-default">oval:ssg-test_audit_rules_augenrules:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>Requires=augenrules.service</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules 32-bit fremovexattr</span>Â 
        <span class="label label-default">oval:ssg-test_32bit_ardm_fremovexattr_augenrules:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/perm_mod.rules</td><td>-a always,exit -F arch=b32 -S fremovexattr -F auid&gt;=1000 -F auid!=unset -F key=perm_mod</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_x86_64:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_ppc_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="64 bit architecture">oval:ssg-object_system_info_architecture_ppcle_64:obj:1</abbr></strong> of type
                <strong>uname_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_aarch_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_s390_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules 64-bit fremovexattr</span>Â 
        <span class="label label-default">oval:ssg-test_64bit_ardm_fremovexattr_augenrules:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/perm_mod.rules</td><td>-a always,exit -F arch=b64 -S fremovexattr -F auid&gt;=1000 -F auid!=unset -F key=perm_mod</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl</span>Â 
        <span class="label label-default">oval:ssg-test_audit_rules_auditctl:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_audit_rules_auditctl:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>^ExecStartPost=\-\/sbin\/auditctl.*$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl 32-bit fremovexattr</span>Â 
        <span class="label label-default">oval:ssg-test_32bit_ardm_fremovexattr_auditctl:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-a always,exit -F arch=b32 -S fremovexattr -F auid&gt;=1000 -F auid!=unset -F key=perm_mod</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_x86_64:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_ppc_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="64 bit architecture">oval:ssg-object_system_info_architecture_ppcle_64:obj:1</abbr></strong> of type
                <strong>uname_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_aarch_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_s390_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl 64-bit fremovexattr</span>Â 
        <span class="label label-default">oval:ssg-test_64bit_ardm_fremovexattr_auditctl:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-a always,exit -F arch=b64 -S fremovexattr -F auid&gt;=1000 -F auid!=unset -F key=perm_mod</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_fsetxattr" id="rule-detail-id34337"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Record Events that Modify the System's Discretionary Access Controls - fsetxattrxccdf_org.ssgproject.content_rule_audit_rules_dac_modification_fsetxattr mediumCCE-85688-0 </div><div class="panel-heading"><h3 class="panel-title">Record Events that Modify the System's Discretionary Access Controls - fsetxattr</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_fsetxattr</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-audit_rules_dac_modification_fsetxattr:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:07+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
            <abbr title="https://ncp.nist.gov/cce: CCE-85688-0">CCE-85688-0</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R73)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000126</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000130</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000135</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000172</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002884</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12.1(ii)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12.1(iv)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-3</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-3.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">MA-4(1)(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.5.5</a>, <a href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">10.3.4</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000037-GPOS-00015</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000042-GPOS-00020</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000062-GPOS-00031</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000392-GPOS-00172</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000458-GPOS-00203</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000462-GPOS-00206</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000463-GPOS-00207</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000466-GPOS-00210</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000468-GPOS-00212</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000471-GPOS-00215</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000474-GPOS-00219</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000064-GPOS-00033</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">SLES-15-030190</a>, <a href="https://www.cisecurity.org/benchmark/suse_linux/">4.1.9</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-234918r622137_rule</a></p></td></tr><tr><td>Description</td><td><div class="description">At a minimum, the audit system should collect file permission
changes for all users and root. If the <code>auditd</code> daemon is configured
to use the <code>augenrules</code> program to read audit rules during daemon
startup (the default), add the following line to a file with suffix
<code>.rules</code> in the directory <code>/etc/audit/rules.d</code>:
<pre>-a always,exit -F arch=b32 -S fsetxattr -F auid&gt;=1000 -F auid!=unset -F key=perm_mod</pre>
If the system is 64 bit then also add the following line:
<pre>-a always,exit -F arch=b64 -S fsetxattr -F auid&gt;=1000 -F auid!=unset -F key=perm_mod</pre>
If the <code>auditd</code> daemon is configured to use the <code>auditctl</code>
utility to read audit rules during daemon startup, add the following line to
<code>/etc/audit/audit.rules</code> file:
<pre>-a always,exit -F arch=b32 -S fsetxattr -F auid&gt;=1000 -F auid!=unset -F key=perm_mod</pre>
If the system is 64 bit then also add the following line:
<pre>-a always,exit -F arch=b64 -S fsetxattr -F auid&gt;=1000 -F auid!=unset -F key=perm_mod</pre></div></td></tr><tr><td>Rationale</td><td><div class="rationale">The changing of file permissions could indicate that a user is attempting to
gain access to information that would otherwise be disallowed. Auditing DAC modifications
can facilitate the identification of patterns of abuse among both authorized and
unauthorized users.</div></td></tr><tr><td>Warnings</td><td><div class="panel panel-warning"><div class="panel-heading"><span class="label label-warning">warning</span>Â 
                                Note that these rules can be configured in a
number of ways while still achieving the desired effect. Here the system calls
have been placed independent of other system calls. Grouping these system
calls with others as identifying earlier in this guide is more efficient.</div></div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">audit augenrules</span>Â 
        <span class="label label-default">oval:ssg-test_audit_rules_augenrules:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>Requires=augenrules.service</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules 32-bit fsetxattr</span>Â 
        <span class="label label-default">oval:ssg-test_32bit_ardm_fsetxattr_augenrules:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/perm_mod.rules</td><td>-a always,exit -F arch=b32 -S fsetxattr -F auid&gt;=1000 -F auid!=unset -F key=perm_mod</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_x86_64:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_ppc_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="64 bit architecture">oval:ssg-object_system_info_architecture_ppcle_64:obj:1</abbr></strong> of type
                <strong>uname_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_aarch_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_s390_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules 64-bit fsetxattr</span>Â 
        <span class="label label-default">oval:ssg-test_64bit_ardm_fsetxattr_augenrules:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/perm_mod.rules</td><td>-a always,exit -F arch=b64 -S fsetxattr -F auid&gt;=1000 -F auid!=unset -F key=perm_mod</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl</span>Â 
        <span class="label label-default">oval:ssg-test_audit_rules_auditctl:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_audit_rules_auditctl:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>^ExecStartPost=\-\/sbin\/auditctl.*$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl 32-bit fsetxattr</span>Â 
        <span class="label label-default">oval:ssg-test_32bit_ardm_fsetxattr_auditctl:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-a always,exit -F arch=b32 -S fsetxattr -F auid&gt;=1000 -F auid!=unset -F key=perm_mod</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_x86_64:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_ppc_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="64 bit architecture">oval:ssg-object_system_info_architecture_ppcle_64:obj:1</abbr></strong> of type
                <strong>uname_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_aarch_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_s390_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl 64-bit fsetxattr</span>Â 
        <span class="label label-default">oval:ssg-test_64bit_ardm_fsetxattr_auditctl:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-a always,exit -F arch=b64 -S fsetxattr -F auid&gt;=1000 -F auid!=unset -F key=perm_mod</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_lchown" id="rule-detail-id34338"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Record Events that Modify the System's Discretionary Access Controls - lchownxccdf_org.ssgproject.content_rule_audit_rules_dac_modification_lchown mediumCCE-85691-4 </div><div class="panel-heading"><h3 class="panel-title">Record Events that Modify the System's Discretionary Access Controls - lchown</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_lchown</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-audit_rules_dac_modification_lchown:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:07+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
            <abbr title="https://ncp.nist.gov/cce: CCE-85691-4">CCE-85691-4</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R73)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000126</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000130</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000135</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000172</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002884</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-3</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-3.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12.1(iv)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12.1(ii)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">MA-4(1)(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.5.5</a>, <a href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">10.3.4</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000037-GPOS-00015</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000042-GPOS-00020</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000062-GPOS-00031</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000392-GPOS-00172</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000462-GPOS-00206</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000471-GPOS-00215</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000064-GPOS-00033</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000466-GPOS-00210</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000458-GPOS-00203</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000474-GPOS-00219</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">SLES-15-030250</a>, <a href="https://www.cisecurity.org/benchmark/suse_linux/">4.1.9</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-234924r622137_rule</a></p></td></tr><tr><td>Description</td><td><div class="description">At a minimum, the audit system should collect file permission
changes for all users and root. If the <code>auditd</code> daemon is configured
to use the <code>augenrules</code> program to read audit rules during daemon
startup (the default), add the following line to a file with suffix
<code>.rules</code> in the directory <code>/etc/audit/rules.d</code>:
<pre>-a always,exit -F arch=b32 -S lchown -F auid&gt;=1000 -F auid!=unset -F key=perm_mod</pre>
If the system is 64 bit then also add the following line:
<pre>-a always,exit -F arch=b64 -S lchown -F auid&gt;=1000 -F auid!=unset -F key=perm_mod</pre>
If the <code>auditd</code> daemon is configured to use the <code>auditctl</code>
utility to read audit rules during daemon startup, add the following line to
<code>/etc/audit/audit.rules</code> file:
<pre>-a always,exit -F arch=b32 -S lchown -F auid&gt;=1000 -F auid!=unset -F key=perm_mod</pre>
If the system is 64 bit then also add the following line:
<pre>-a always,exit -F arch=b64 -S lchown -F auid&gt;=1000 -F auid!=unset -F key=perm_mod</pre></div></td></tr><tr><td>Rationale</td><td><div class="rationale">The changing of file permissions could indicate that a user is attempting to
gain access to information that would otherwise be disallowed. Auditing DAC modifications
can facilitate the identification of patterns of abuse among both authorized and
unauthorized users.</div></td></tr><tr><td>Warnings</td><td><div class="panel panel-warning"><div class="panel-heading"><span class="label label-warning">warning</span>Â 
                                Note that these rules can be configured in a
number of ways while still achieving the desired effect. Here the system calls
have been placed independent of other system calls. Grouping these system
calls with others as identifying earlier in this guide is more efficient.</div></div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">audit augenrules</span>Â 
        <span class="label label-default">oval:ssg-test_audit_rules_augenrules:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>Requires=augenrules.service</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules 32-bit lchown</span>Â 
        <span class="label label-default">oval:ssg-test_32bit_ardm_lchown_augenrules:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/perm_mod.rules</td><td>-a always,exit -F arch=b32 -S lchown -F auid&gt;=1000 -F auid!=unset -F key=perm_mod</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_x86_64:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_ppc_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="64 bit architecture">oval:ssg-object_system_info_architecture_ppcle_64:obj:1</abbr></strong> of type
                <strong>uname_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_aarch_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_s390_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules 64-bit lchown</span>Â 
        <span class="label label-default">oval:ssg-test_64bit_ardm_lchown_augenrules:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/perm_mod.rules</td><td>-a always,exit -F arch=b64 -S lchown -F auid&gt;=1000 -F auid!=unset -F key=perm_mod</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl</span>Â 
        <span class="label label-default">oval:ssg-test_audit_rules_auditctl:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_audit_rules_auditctl:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>^ExecStartPost=\-\/sbin\/auditctl.*$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl 32-bit lchown</span>Â 
        <span class="label label-default">oval:ssg-test_32bit_ardm_lchown_auditctl:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-a always,exit -F arch=b32 -S lchown -F auid&gt;=1000 -F auid!=unset -F key=perm_mod</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_x86_64:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_ppc_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="64 bit architecture">oval:ssg-object_system_info_architecture_ppcle_64:obj:1</abbr></strong> of type
                <strong>uname_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_aarch_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_s390_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl 64-bit lchown</span>Â 
        <span class="label label-default">oval:ssg-test_64bit_ardm_lchown_auditctl:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-a always,exit -F arch=b64 -S lchown -F auid&gt;=1000 -F auid!=unset -F key=perm_mod</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_lremovexattr" id="rule-detail-id34339"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Record Events that Modify the System's Discretionary Access Controls - lremovexattrxccdf_org.ssgproject.content_rule_audit_rules_dac_modification_lremovexattr mediumCCE-85685-6 </div><div class="panel-heading"><h3 class="panel-title">Record Events that Modify the System's Discretionary Access Controls - lremovexattr</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_lremovexattr</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-audit_rules_dac_modification_lremovexattr:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:07+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
            <abbr title="https://ncp.nist.gov/cce: CCE-85685-6">CCE-85685-6</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R73)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000130</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000135</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000172</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002884</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-3</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-3.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12.1(iv)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12.1(ii)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">MA-4(1)(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.5.5</a>, <a href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">10.3.4</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000037-GPOS-00015</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000042-GPOS-00020</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000062-GPOS-00031</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000392-GPOS-00172</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000458-GPOS-00203</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000462-GPOS-00206</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000463-GPOS-00207</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000468-GPOS-00212</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000471-GPOS-00215</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000474-GPOS-00219</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000466-GPOS-00210</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000064-GPOS-00033</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">SLES-15-030190</a>, <a href="https://www.cisecurity.org/benchmark/suse_linux/">4.1.9</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-234918r622137_rule</a></p></td></tr><tr><td>Description</td><td><div class="description">At a minimum, the audit system should collect file permission
changes for all users and root.
<br><br>
If the <code>auditd</code> daemon is configured
to use the <code>augenrules</code> program to read audit rules during daemon
startup (the default), add the following line to a file with suffix
<code>.rules</code> in the directory <code>/etc/audit/rules.d</code>:
<pre>-a always,exit -F arch=b32 -S lremovexattr -F auid&gt;=1000 -F auid!=unset -F key=perm_mod</pre>
<br><br>
If the system is 64 bit then also add the following line:
<pre>-a always,exit -F arch=b64 -S lremovexattr -F auid&gt;=1000 -F auid!=unset -F key=perm_mod</pre>
<br><br>
If the <code>auditd</code> daemon is configured to use the <code>auditctl</code>
utility to read audit rules during daemon startup, add the following line to
<code>/etc/audit/audit.rules</code> file:
<pre>-a always,exit -F arch=b32 -S lremovexattr -F auid&gt;=1000 -F auid!=unset -F key=perm_mod</pre>
<br><br>
If the system is 64 bit then also add the following line:
<pre>-a always,exit -F arch=b64 -S lremovexattr -F auid&gt;=1000 -F auid!=unset -F key=perm_mod</pre></div></td></tr><tr><td>Rationale</td><td><div class="rationale">The changing of file permissions could indicate that a user is attempting to
gain access to information that would otherwise be disallowed. Auditing DAC modifications
can facilitate the identification of patterns of abuse among both authorized and
unauthorized users.</div></td></tr><tr><td>Warnings</td><td><div class="panel panel-warning"><div class="panel-heading"><span class="label label-warning">warning</span>Â 
                                Note that these rules can be configured in a
number of ways while still achieving the desired effect. Here the system calls
have been placed independent of other system calls. Grouping these system
calls with others as identifying earlier in this guide is more efficient.</div></div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">audit augenrules</span>Â 
        <span class="label label-default">oval:ssg-test_audit_rules_augenrules:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>Requires=augenrules.service</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules 32-bit lremovexattr</span>Â 
        <span class="label label-default">oval:ssg-test_32bit_ardm_lremovexattr_augenrules:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/perm_mod.rules</td><td>-a always,exit -F arch=b32 -S lremovexattr -F auid&gt;=1000 -F auid!=unset -F key=perm_mod</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_x86_64:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_ppc_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="64 bit architecture">oval:ssg-object_system_info_architecture_ppcle_64:obj:1</abbr></strong> of type
                <strong>uname_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_aarch_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_s390_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules 64-bit lremovexattr</span>Â 
        <span class="label label-default">oval:ssg-test_64bit_ardm_lremovexattr_augenrules:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/perm_mod.rules</td><td>-a always,exit -F arch=b64 -S lremovexattr -F auid&gt;=1000 -F auid!=unset -F key=perm_mod</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl</span>Â 
        <span class="label label-default">oval:ssg-test_audit_rules_auditctl:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_audit_rules_auditctl:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>^ExecStartPost=\-\/sbin\/auditctl.*$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl 32-bit lremovexattr</span>Â 
        <span class="label label-default">oval:ssg-test_32bit_ardm_lremovexattr_auditctl:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-a always,exit -F arch=b32 -S lremovexattr -F auid&gt;=1000 -F auid!=unset -F key=perm_mod</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_x86_64:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_ppc_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="64 bit architecture">oval:ssg-object_system_info_architecture_ppcle_64:obj:1</abbr></strong> of type
                <strong>uname_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_aarch_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_s390_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl 64-bit lremovexattr</span>Â 
        <span class="label label-default">oval:ssg-test_64bit_ardm_lremovexattr_auditctl:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-a always,exit -F arch=b64 -S lremovexattr -F auid&gt;=1000 -F auid!=unset -F key=perm_mod</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_lsetxattr" id="rule-detail-id34340"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Record Events that Modify the System's Discretionary Access Controls - lsetxattrxccdf_org.ssgproject.content_rule_audit_rules_dac_modification_lsetxattr mediumCCE-85689-8 </div><div class="panel-heading"><h3 class="panel-title">Record Events that Modify the System's Discretionary Access Controls - lsetxattr</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_lsetxattr</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-audit_rules_dac_modification_lsetxattr:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:07+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
            <abbr title="https://ncp.nist.gov/cce: CCE-85689-8">CCE-85689-8</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R73)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000126</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000130</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000135</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000172</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002884</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12.1(ii)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12.1(iv)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-3</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-3.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">MA-4(1)(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.5.5</a>, <a href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">10.3.4</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000037-GPOS-00015</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000042-GPOS-00020</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000062-GPOS-00031</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000392-GPOS-00172</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000458-GPOS-00203</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000462-GPOS-00206</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000463-GPOS-00207</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000466-GPOS-00210</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000468-GPOS-00212</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000471-GPOS-00215</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000474-GPOS-00219</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000064-GPOS-00033</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">SLES-15-030190</a>, <a href="https://www.cisecurity.org/benchmark/suse_linux/">4.1.9</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-234918r622137_rule</a></p></td></tr><tr><td>Description</td><td><div class="description">At a minimum, the audit system should collect file permission
changes for all users and root. If the <code>auditd</code> daemon is configured
to use the <code>augenrules</code> program to read audit rules during daemon
startup (the default), add the following line to a file with suffix
<code>.rules</code> in the directory <code>/etc/audit/rules.d</code>:
<pre>-a always,exit -F arch=b32 -S lsetxattr -F auid&gt;=1000 -F auid!=unset -F key=perm_mod</pre>
If the system is 64 bit then also add the following line:
<pre>-a always,exit -F arch=b64 -S lsetxattr -F auid&gt;=1000 -F auid!=unset -F key=perm_mod</pre>
If the <code>auditd</code> daemon is configured to use the <code>auditctl</code>
utility to read audit rules during daemon startup, add the following line to
<code>/etc/audit/audit.rules</code> file:
<pre>-a always,exit -F arch=b32 -S lsetxattr -F auid&gt;=1000 -F auid!=unset -F key=perm_mod</pre>
If the system is 64 bit then also add the following line:
<pre>-a always,exit -F arch=b64 -S lsetxattr -F auid&gt;=1000 -F auid!=unset -F key=perm_mod</pre></div></td></tr><tr><td>Rationale</td><td><div class="rationale">The changing of file permissions could indicate that a user is attempting to
gain access to information that would otherwise be disallowed. Auditing DAC modifications
can facilitate the identification of patterns of abuse among both authorized and
unauthorized users.</div></td></tr><tr><td>Warnings</td><td><div class="panel panel-warning"><div class="panel-heading"><span class="label label-warning">warning</span>Â 
                                Note that these rules can be configured in a
number of ways while still achieving the desired effect. Here the system calls
have been placed independent of other system calls. Grouping these system
calls with others as identifying earlier in this guide is more efficient.</div></div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">audit augenrules</span>Â 
        <span class="label label-default">oval:ssg-test_audit_rules_augenrules:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>Requires=augenrules.service</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules 32-bit lsetxattr</span>Â 
        <span class="label label-default">oval:ssg-test_32bit_ardm_lsetxattr_augenrules:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/perm_mod.rules</td><td>-a always,exit -F arch=b32 -S lsetxattr -F auid&gt;=1000 -F auid!=unset -F key=perm_mod</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_x86_64:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_ppc_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="64 bit architecture">oval:ssg-object_system_info_architecture_ppcle_64:obj:1</abbr></strong> of type
                <strong>uname_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_aarch_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_s390_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules 64-bit lsetxattr</span>Â 
        <span class="label label-default">oval:ssg-test_64bit_ardm_lsetxattr_augenrules:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/perm_mod.rules</td><td>-a always,exit -F arch=b64 -S lsetxattr -F auid&gt;=1000 -F auid!=unset -F key=perm_mod</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl</span>Â 
        <span class="label label-default">oval:ssg-test_audit_rules_auditctl:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_audit_rules_auditctl:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>^ExecStartPost=\-\/sbin\/auditctl.*$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl 32-bit lsetxattr</span>Â 
        <span class="label label-default">oval:ssg-test_32bit_ardm_lsetxattr_auditctl:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-a always,exit -F arch=b32 -S lsetxattr -F auid&gt;=1000 -F auid!=unset -F key=perm_mod</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_x86_64:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_ppc_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="64 bit architecture">oval:ssg-object_system_info_architecture_ppcle_64:obj:1</abbr></strong> of type
                <strong>uname_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_aarch_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_s390_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl 64-bit lsetxattr</span>Â 
        <span class="label label-default">oval:ssg-test_64bit_ardm_lsetxattr_auditctl:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-a always,exit -F arch=b64 -S lsetxattr -F auid&gt;=1000 -F auid!=unset -F key=perm_mod</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_removexattr" id="rule-detail-id34341"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Record Events that Modify the System's Discretionary Access Controls - removexattrxccdf_org.ssgproject.content_rule_audit_rules_dac_modification_removexattr mediumCCE-85684-9 </div><div class="panel-heading"><h3 class="panel-title">Record Events that Modify the System's Discretionary Access Controls - removexattr</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_removexattr</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-audit_rules_dac_modification_removexattr:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:07+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
            <abbr title="https://ncp.nist.gov/cce: CCE-85684-9">CCE-85684-9</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R73)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000130</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000135</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000172</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002884</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12.1(ii)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12.1(iv)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-3</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-3.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">MA-4(1)(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.5.5</a>, <a href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">10.3.4</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000037-GPOS-00015</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000042-GPOS-00020</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000062-GPOS-00031</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000392-GPOS-00172</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000458-GPOS-00203</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000462-GPOS-00206</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000463-GPOS-00207</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000468-GPOS-00212</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000471-GPOS-00215</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000474-GPOS-00219</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000466-GPOS-00210</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000064-GPOS-00033</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">SLES-15-030190</a>, <a href="https://www.cisecurity.org/benchmark/suse_linux/">4.1.9</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-234918r622137_rule</a></p></td></tr><tr><td>Description</td><td><div class="description">At a minimum, the audit system should collect file permission
changes for all users and root.
<br><br>
If the <code>auditd</code> daemon is configured to use the <code>augenrules</code>
program to read audit rules during daemon startup (the default), add the
following line to a file with suffix <code>.rules</code> in the directory <code>/etc/audit/rules.d</code>:
<pre>-a always,exit -F arch=b32 -S removexattr -F auid&gt;=1000 -F auid!=unset -F key=perm_mod</pre>
<br><br>
If the system is 64 bit then also add the following line:
<pre>-a always,exit -F arch=b64 -S removexattr -F auid&gt;=1000 -F auid!=unset -F key=perm_mod</pre>
<br><br>
If the <code>auditd</code> daemon is configured to use the <code>auditctl</code>
utility to read audit rules during daemon startup, add the following line to
<code>/etc/audit/audit.rules</code> file:
<pre>-a always,exit -F arch=b32 -S removexattr -F auid&gt;=1000 -F auid!=unset -F key=perm_mod</pre>
<br><br>
If the system is 64 bit then also add the following line:
<pre>-a always,exit -F arch=b64 -S removexattr -F auid&gt;=1000 -F auid!=unset -F key=perm_mod</pre></div></td></tr><tr><td>Rationale</td><td><div class="rationale">The changing of file permissions could indicate that a user is attempting to
gain access to information that would otherwise be disallowed. Auditing DAC modifications
can facilitate the identification of patterns of abuse among both authorized and
unauthorized users.</div></td></tr><tr><td>Warnings</td><td><div class="panel panel-warning"><div class="panel-heading"><span class="label label-warning">warning</span>Â 
                                Note that these rules can be configured in a
number of ways while still achieving the desired effect. Here the system calls
have been placed independent of other system calls. Grouping these system
calls with others as identifying earlier in this guide is more efficient.</div></div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">audit augenrules</span>Â 
        <span class="label label-default">oval:ssg-test_audit_rules_augenrules:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>Requires=augenrules.service</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules 32-bit removexattr</span>Â 
        <span class="label label-default">oval:ssg-test_32bit_ardm_removexattr_augenrules:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/perm_mod.rules</td><td>-a always,exit -F arch=b32 -S removexattr -F auid&gt;=1000 -F auid!=unset -F key=perm_mod</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_x86_64:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_ppc_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="64 bit architecture">oval:ssg-object_system_info_architecture_ppcle_64:obj:1</abbr></strong> of type
                <strong>uname_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_aarch_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_s390_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules 64-bit removexattr</span>Â 
        <span class="label label-default">oval:ssg-test_64bit_ardm_removexattr_augenrules:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/perm_mod.rules</td><td>-a always,exit -F arch=b64 -S removexattr -F auid&gt;=1000 -F auid!=unset -F key=perm_mod</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl</span>Â 
        <span class="label label-default">oval:ssg-test_audit_rules_auditctl:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_audit_rules_auditctl:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>^ExecStartPost=\-\/sbin\/auditctl.*$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl 32-bit removexattr</span>Â 
        <span class="label label-default">oval:ssg-test_32bit_ardm_removexattr_auditctl:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-a always,exit -F arch=b32 -S removexattr -F auid&gt;=1000 -F auid!=unset -F key=perm_mod</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_x86_64:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_ppc_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="64 bit architecture">oval:ssg-object_system_info_architecture_ppcle_64:obj:1</abbr></strong> of type
                <strong>uname_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_aarch_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_s390_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl 64-bit removexattr</span>Â 
        <span class="label label-default">oval:ssg-test_64bit_ardm_removexattr_auditctl:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-a always,exit -F arch=b64 -S removexattr -F auid&gt;=1000 -F auid!=unset -F key=perm_mod</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_setxattr" id="rule-detail-id34342"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Record Events that Modify the System's Discretionary Access Controls - setxattrxccdf_org.ssgproject.content_rule_audit_rules_dac_modification_setxattr mediumCCE-85687-2 </div><div class="panel-heading"><h3 class="panel-title">Record Events that Modify the System's Discretionary Access Controls - setxattr</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_setxattr</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-audit_rules_dac_modification_setxattr:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:07+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
            <abbr title="https://ncp.nist.gov/cce: CCE-85687-2">CCE-85687-2</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R73)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000126</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000130</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000135</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000172</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002884</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-3</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-3.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12.1(iv)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12.1(ii)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">MA-4(1)(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.5.5</a>, <a href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">10.3.4</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000037-GPOS-00015</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000042-GPOS-00020</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000062-GPOS-00031</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000392-GPOS-00172</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000462-GPOS-00206</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000466-GPOS-00210</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000471-GPOS-00215</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000064-GPOS-00033</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000458-GPOS-00203</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">SLES-15-030190</a>, <a href="https://www.cisecurity.org/benchmark/suse_linux/">4.1.9</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-234918r622137_rule</a></p></td></tr><tr><td>Description</td><td><div class="description">At a minimum, the audit system should collect file permission
changes for all users and root. If the <code>auditd</code> daemon is configured
to use the <code>augenrules</code> program to read audit rules during daemon
startup (the default), add the following line to a file with suffix
<code>.rules</code> in the directory <code>/etc/audit/rules.d</code>:
<pre>-a always,exit -F arch=b32 -S setxattr -F auid&gt;=1000 -F auid!=unset -F key=perm_mod</pre>
If the system is 64 bit then also add the following line:
<pre>-a always,exit -F arch=b64 -S setxattr -F auid&gt;=1000 -F auid!=unset -F key=perm_mod</pre>
If the <code>auditd</code> daemon is configured to use the <code>auditctl</code>
utility to read audit rules during daemon startup, add the following line to
<code>/etc/audit/audit.rules</code> file:
<pre>-a always,exit -F arch=b32 -S setxattr -F auid&gt;=1000 -F auid!=unset -F key=perm_mod</pre>
If the system is 64 bit then also add the following line:
<pre>-a always,exit -F arch=b64 -S setxattr -F auid&gt;=1000 -F auid!=unset -F key=perm_mod</pre></div></td></tr><tr><td>Rationale</td><td><div class="rationale">The changing of file permissions could indicate that a user is attempting to
gain access to information that would otherwise be disallowed. Auditing DAC modifications
can facilitate the identification of patterns of abuse among both authorized and
unauthorized users.</div></td></tr><tr><td>Warnings</td><td><div class="panel panel-warning"><div class="panel-heading"><span class="label label-warning">warning</span>Â 
                                Note that these rules can be configured in a
number of ways while still achieving the desired effect. Here the system calls
have been placed independent of other system calls. Grouping these system
calls with others as identifying earlier in this guide is more efficient.</div></div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">audit augenrules</span>Â 
        <span class="label label-default">oval:ssg-test_audit_rules_augenrules:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>Requires=augenrules.service</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules 32-bit setxattr</span>Â 
        <span class="label label-default">oval:ssg-test_32bit_ardm_setxattr_augenrules:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/perm_mod.rules</td><td>-a always,exit -F arch=b32 -S setxattr -F auid&gt;=1000 -F auid!=unset -F key=perm_mod</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_x86_64:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_ppc_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="64 bit architecture">oval:ssg-object_system_info_architecture_ppcle_64:obj:1</abbr></strong> of type
                <strong>uname_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_aarch_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_s390_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules 64-bit setxattr</span>Â 
        <span class="label label-default">oval:ssg-test_64bit_ardm_setxattr_augenrules:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/perm_mod.rules</td><td>-a always,exit -F arch=b64 -S setxattr -F auid&gt;=1000 -F auid!=unset -F key=perm_mod</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl</span>Â 
        <span class="label label-default">oval:ssg-test_audit_rules_auditctl:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_audit_rules_auditctl:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>^ExecStartPost=\-\/sbin\/auditctl.*$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl 32-bit setxattr</span>Â 
        <span class="label label-default">oval:ssg-test_32bit_ardm_setxattr_auditctl:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-a always,exit -F arch=b32 -S setxattr -F auid&gt;=1000 -F auid!=unset -F key=perm_mod</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_x86_64:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_ppc_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="64 bit architecture">oval:ssg-object_system_info_architecture_ppcle_64:obj:1</abbr></strong> of type
                <strong>uname_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_aarch_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_s390_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl 64-bit setxattr</span>Â 
        <span class="label label-default">oval:ssg-test_64bit_ardm_setxattr_auditctl:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-a always,exit -F arch=b64 -S setxattr -F auid&gt;=1000 -F auid!=unset -F key=perm_mod</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_umount" id="rule-detail-id34343"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Record Events that Modify the System's Discretionary Access Controls - umountxccdf_org.ssgproject.content_rule_audit_rules_dac_modification_umount mediumCCE-85734-2 </div><div class="panel-heading"><h3 class="panel-title">Record Events that Modify the System's Discretionary Access Controls - umount</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_umount</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-audit_rules_dac_modification_umount:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:07+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
            <abbr title="https://ncp.nist.gov/cce: CCE-85734-2">CCE-85734-2</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
            <a href="https://public.cyber.mil/stigs/cci/">CCI-000130</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000172</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002884</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000037-GPOS-00015</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000062-GPOS-00031</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000392-GPOS-00172</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000462-GPOS-00206</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000471-GPOS-00215</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">SLES-15-030360</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-234935r622137_rule</a></p></td></tr><tr><td>Description</td><td><div class="description">At a minimum, the audit system should collect file system umount
changes. If the <code>auditd</code> daemon is configured
to use the <code>augenrules</code> program to read audit rules during daemon
startup (the default), add the following line to a file with suffix
<code>.rules</code> in the directory <code>/etc/audit/rules.d</code>:
<pre>-a always,exit -F arch=b32 -S umount -F auid&gt;=1000 -F auid!=unset -F key=perm_mod</pre>
If the <code>auditd</code> daemon is configured to use the <code>auditctl</code>
utility to read audit rules during daemon startup, add the following line to
<code>/etc/audit/audit.rules</code> file:
<pre>-a always,exit -F arch=b32 -S umount -F auid&gt;=1000 -F auid!=unset -F key=perm_mod</pre></div></td></tr><tr><td>Rationale</td><td><div class="rationale">The changing of file permissions could indicate that a user is attempting to
gain access to information that would otherwise be disallowed. Auditing DAC modifications
can facilitate the identification of patterns of abuse among both authorized and
unauthorized users.</div></td></tr><tr><td>Warnings</td><td><div class="panel panel-warning"><div class="panel-heading"><span class="label label-warning">warning</span>Â 
                                Note that these rules can be configured in a
number of ways while still achieving the desired effect. Here the system calls
have been placed independent of other system calls. Grouping these system
calls with others as identifying earlier in this guide is more efficient.</div></div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">audit augenrules</span>Â 
        <span class="label label-default">oval:ssg-test_audit_rules_augenrules:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>Requires=augenrules.service</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules 32-bit umount</span>Â 
        <span class="label label-default">oval:ssg-test_32bit_ardm_umount_augenrules:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/perm_mod.rules</td><td>-a always,exit -F arch=b32 -S umount -F auid&gt;=1000 -F auid!=unset -F key=perm_mod</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl</span>Â 
        <span class="label label-default">oval:ssg-test_audit_rules_auditctl:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_audit_rules_auditctl:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>^ExecStartPost=\-\/sbin\/auditctl.*$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl 32-bit umount</span>Â 
        <span class="label label-default">oval:ssg-test_32bit_ardm_umount_auditctl:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-a always,exit -F arch=b32 -S umount -F auid&gt;=1000 -F auid!=unset -F key=perm_mod</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_umount2" id="rule-detail-id34344"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Record Events that Modify the System's Discretionary Access Controls - umount2xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_umount2 mediumCCE-91250-1 </div><div class="panel-heading"><h3 class="panel-title">Record Events that Modify the System's Discretionary Access Controls - umount2</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_umount2</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-audit_rules_dac_modification_umount2:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:07+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
            <abbr title="https://ncp.nist.gov/cce: CCE-91250-1">CCE-91250-1</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R73)</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000130</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000172</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002884</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000037-GPOS-00015</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000062-GPOS-00031</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000392-GPOS-00172</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000462-GPOS-00206</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000471-GPOS-00215</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">SLES-15-030360</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-234935r622137_rule</a></p></td></tr><tr><td>Description</td><td><div class="description">At a minimum, the audit system should collect file system umount2
changes. If the <code>auditd</code> daemon is configured
to use the <code>augenrules</code> program to read audit rules during daemon
startup (the default), add the following line to a file with suffix
<code>.rules</code> in the directory <code>/etc/audit/rules.d</code>:
<pre>-a always,exit -F arch=b32 -S umount2 -F auid&gt;=1000 -F auid!=unset -F key=perm_mod</pre>
If the system is 64 bit then also add the following line:
<pre>-a always,exit -F arch=b64 -S umount2 -F auid&gt;=1000 -F auid!=unset -F key=perm_mod</pre>
If the <code>auditd</code> daemon is configured to use the <code>auditctl</code>
utility to read audit rules during daemon startup, add the following line to
<code>/etc/audit/audit.rules</code> file:
<pre>-a always,exit -F arch=b32 -S umount2 -F auid&gt;=1000 -F auid!=unset -F key=perm_mod</pre>
If the system is 64 bit then also add the following line:
<pre>-a always,exit -F arch=b64 -S umount2 -F auid&gt;=1000 -F auid!=unset -F key=perm_mod</pre></div></td></tr><tr><td>Rationale</td><td><div class="rationale">The changing of file permissions could indicate that a user is attempting to
gain access to information that would otherwise be disallowed. Auditing DAC modifications
can facilitate the identification of patterns of abuse among both authorized and
unauthorized users.</div></td></tr><tr><td>Warnings</td><td><div class="panel panel-warning"><div class="panel-heading"><span class="label label-warning">warning</span>Â 
                                Note that these rules can be configured in a
number of ways while still achieving the desired effect. Here the system calls
have been placed independent of other system calls. Grouping these system
calls with others as identifying earlier in this guide is more efficient.</div></div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">audit augenrules</span>Â 
        <span class="label label-default">oval:ssg-test_audit_rules_augenrules:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>Requires=augenrules.service</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules 32-bit umount2</span>Â 
        <span class="label label-default">oval:ssg-test_32bit_ardm_umount2_augenrules:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/perm_mod.rules</td><td>-a always,exit -F arch=b32 -S umount2 -F auid&gt;=1000 -F auid!=unset -F key=perm_mod</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_x86_64:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_ppc_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="64 bit architecture">oval:ssg-object_system_info_architecture_ppcle_64:obj:1</abbr></strong> of type
                <strong>uname_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_aarch_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_s390_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules 64-bit umount2</span>Â 
        <span class="label label-default">oval:ssg-test_64bit_ardm_umount2_augenrules:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/perm_mod.rules</td><td>-a always,exit -F arch=b64 -S umount2 -F auid&gt;=1000 -F auid!=unset -F key=perm_mod
</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl</span>Â 
        <span class="label label-default">oval:ssg-test_audit_rules_auditctl:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_audit_rules_auditctl:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>^ExecStartPost=\-\/sbin\/auditctl.*$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl 32-bit umount2</span>Â 
        <span class="label label-default">oval:ssg-test_32bit_ardm_umount2_auditctl:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-a always,exit -F arch=b32 -S umount2 -F auid&gt;=1000 -F auid!=unset -F key=perm_mod</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_x86_64:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_ppc_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="64 bit architecture">oval:ssg-object_system_info_architecture_ppcle_64:obj:1</abbr></strong> of type
                <strong>uname_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_aarch_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_s390_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl 64-bit umount2</span>Â 
        <span class="label label-default">oval:ssg-test_64bit_ardm_umount2_auditctl:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-a always,exit -F arch=b64 -S umount2 -F auid&gt;=1000 -F auid!=unset -F key=perm_mod</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_execution_chacl" id="rule-detail-id34345"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Record Any Attempts to Run chaclxccdf_org.ssgproject.content_rule_audit_rules_execution_chacl mediumCCE-85595-7 </div><div class="panel-heading"><h3 class="panel-title">Record Any Attempts to Run chacl</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_execution_chacl</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-audit_rules_execution_chacl:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:07+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
            <abbr title="https://ncp.nist.gov/cce: CCE-85595-7">CCE-85595-7</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
            <a href="https://public.cyber.mil/stigs/cci/">CCI-000130</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000135</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000172</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002884</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000037-GPOS-00015</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000042-GPOS-00020</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000062-GPOS-00031</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000392-GPOS-00172</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000462-GPOS-00206</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000471-GPOS-00215</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000466-GPOS-00210</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">SLES-15-030440</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-234943r622137_rule</a></p></td></tr><tr><td>Description</td><td><div class="description">At a minimum, the audit system should collect any execution attempt
of the <code>chacl</code> command for all users and root. If the <code>auditd</code>
daemon is configured to use the <code>augenrules</code> program to read audit rules
during daemon startup (the default), add the following lines to a file with suffix
<code>.rules</code> in the directory <code>/etc/audit/rules.d</code>:
<pre>-a always,exit -F path=/usr/bin/chacl -F perm=x -F auid&gt;=1000 -F auid!=unset -F key=privileged</pre>
If the <code>auditd</code> daemon is configured to use the <code>auditctl</code>
utility to read audit rules during daemon startup, add the following lines to
<code>/etc/audit/audit.rules</code> file:
<pre>-a always,exit -F path=/usr/bin/chacl -F perm=x -F auid&gt;=1000 -F auid!=unset -F key=privileged</pre></div></td></tr><tr><td>Rationale</td><td><div class="rationale">Without generating audit records that are specific to the security and
mission needs of the organization, it would be difficult to establish,
correlate, and investigate the events relating to an incident or identify
those responsible for one.
Audit records can be generated from various components within the
information system (e.g., module or policy filter).</div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">audit augenrules</span>Â 
        <span class="label label-default">oval:ssg-test_audit_rules_augenrules:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>Requires=augenrules.service</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules chacl</span>Â 
        <span class="label label-default">oval:ssg-test_audit_rules_execution_chacl_augenrules:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/privileged.rules</td><td>-a always,exit -F path=/usr/bin/chacl -F perm=x -F auid&gt;=1000 -F auid!=unset -F key=privileged</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl</span>Â 
        <span class="label label-default">oval:ssg-test_audit_rules_auditctl:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_audit_rules_auditctl:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>^ExecStartPost=\-\/sbin\/auditctl.*$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl chacl</span>Â 
        <span class="label label-default">oval:ssg-test_audit_rules_execution_chacl_auditctl:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-a always,exit -F path=/usr/bin/chacl -F perm=x -F auid&gt;=1000 -F auid!=unset -F key=privileged</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_execution_chmod" id="rule-detail-id34346"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Record Any Attempts to Run chmodxccdf_org.ssgproject.content_rule_audit_rules_execution_chmod mediumCCE-85593-2 </div><div class="panel-heading"><h3 class="panel-title">Record Any Attempts to Run chmod</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_execution_chmod</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-audit_rules_execution_chmod:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:07+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
            <abbr title="https://ncp.nist.gov/cce: CCE-85593-2">CCE-85593-2</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
            <a href="https://public.cyber.mil/stigs/cci/">CCI-000130</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000172</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002884</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000037-GPOS-00015</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000062-GPOS-00031</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000392-GPOS-00172</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000462-GPOS-00206</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000471-GPOS-00215</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">SLES-15-030420</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-234941r622137_rule</a></p></td></tr><tr><td>Description</td><td><div class="description">At a minimum, the audit system should collect any execution attempt
of the <code>chmod</code> command for all users and root. If the <code>auditd</code>
daemon is configured to use the <code>augenrules</code> program to read audit rules
during daemon startup (the default), add the following lines to a file with suffix
<code>.rules</code> in the directory <code>/etc/audit/rules.d</code>:
<pre>-a always,exit -F path=/usr/bin/chmod -F perm=x -F auid&gt;=1000 -F auid!=unset -F key=privileged</pre>
If the <code>auditd</code> daemon is configured to use the <code>auditctl</code>
utility to read audit rules during daemon startup, add the following lines to
<code>/etc/audit/audit.rules</code> file:
<pre>-a always,exit -F path=/usr/bin/chmod -F perm=x -F auid&gt;=1000 -F auid!=unset -F key=privileged</pre></div></td></tr><tr><td>Rationale</td><td><div class="rationale">Without generating audit records that are specific to the security and
mission needs of the organization, it would be difficult to establish,
correlate, and investigate the events relating to an incident or identify
those responsible for one.

Audit records can be generated from various components within the
information system (e.g., module or policy filter).</div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">audit augenrules</span>Â 
        <span class="label label-default">oval:ssg-test_audit_rules_augenrules:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>Requires=augenrules.service</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules chmod</span>Â 
        <span class="label label-default">oval:ssg-test_audit_rules_execution_chmod_augenrules:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/privileged.rules</td><td>-a always,exit -F path=/usr/bin/chmod -F perm=x -F auid&gt;=1000 -F auid!=unset -F key=privileged</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl</span>Â 
        <span class="label label-default">oval:ssg-test_audit_rules_auditctl:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_audit_rules_auditctl:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>^ExecStartPost=\-\/sbin\/auditctl.*$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl chmod</span>Â 
        <span class="label label-default">oval:ssg-test_audit_rules_execution_chmod_auditctl:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-a always,exit -F path=/usr/bin/chmod -F perm=x -F auid&gt;=1000 -F auid!=unset -F key=privileged</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_execution_setfacl" id="rule-detail-id34347"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Record Any Attempts to Run setfaclxccdf_org.ssgproject.content_rule_audit_rules_execution_setfacl mediumCCE-85594-0 </div><div class="panel-heading"><h3 class="panel-title">Record Any Attempts to Run setfacl</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_execution_setfacl</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-audit_rules_execution_setfacl:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:07+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
            <abbr title="https://ncp.nist.gov/cce: CCE-85594-0">CCE-85594-0</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
            <a href="https://public.cyber.mil/stigs/cci/">CCI-000130</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000135</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000172</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002884</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000037-GPOS-00015</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000042-GPOS-00020</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000062-GPOS-00031</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000392-GPOS-00172</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000462-GPOS-00206</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000471-GPOS-00215</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">SLES-15-030430</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-234942r622137_rule</a></p></td></tr><tr><td>Description</td><td><div class="description">At a minimum, the audit system should collect any execution attempt
of the <code>setfacl</code> command for all users and root. If the <code>auditd</code>
daemon is configured to use the <code>augenrules</code> program to read audit rules
during daemon startup (the default), add the following lines to a file with suffix
<code>.rules</code> in the directory <code>/etc/audit/rules.d</code>:
<pre>-a always,exit -F path=/usr/bin/setfacl -F perm=x -F auid&gt;=1000 -F auid!=unset -F key=privileged</pre>
If the <code>auditd</code> daemon is configured to use the <code>auditctl</code>
utility to read audit rules during daemon startup, add the following lines to
<code>/etc/audit/audit.rules</code> file:
<pre>-a always,exit -F path=/usr/bin/setfacl -F perm=x -F auid&gt;=1000 -F auid!=unset -F key=privileged</pre></div></td></tr><tr><td>Rationale</td><td><div class="rationale">Without generating audit records that are specific to the security and
mission needs of the organization, it would be difficult to establish,
correlate, and investigate the events relating to an incident or identify
those responsible for one.
Audit records can be generated from various components within the
information system (e.g., module or policy filter).</div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">audit augenrules</span>Â 
        <span class="label label-default">oval:ssg-test_audit_rules_augenrules:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>Requires=augenrules.service</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules setfacl</span>Â 
        <span class="label label-default">oval:ssg-test_audit_rules_execution_setfacl_augenrules:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/privileged.rules</td><td>-a always,exit -F path=/usr/bin/setfacl -F perm=x -F auid&gt;=1000 -F auid!=unset -F key=privileged</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl</span>Â 
        <span class="label label-default">oval:ssg-test_audit_rules_auditctl:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_audit_rules_auditctl:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>^ExecStartPost=\-\/sbin\/auditctl.*$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl setfacl</span>Â 
        <span class="label label-default">oval:ssg-test_audit_rules_execution_setfacl_auditctl:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-a always,exit -F path=/usr/bin/setfacl -F perm=x -F auid&gt;=1000 -F auid!=unset -F key=privileged</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_execution_chcon" id="rule-detail-id34348"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Record Any Attempts to Run chconxccdf_org.ssgproject.content_rule_audit_rules_execution_chcon mediumCCE-85716-9 </div><div class="panel-heading"><h3 class="panel-title">Record Any Attempts to Run chcon</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_execution_chcon</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-audit_rules_execution_chcon:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:07+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
            <abbr title="https://ncp.nist.gov/cce: CCE-85716-9">CCE-85716-9</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000130</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000135</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000172</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002884</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-3</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-3.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12.1(ii)AU-12.1(iv)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">MA-4(1)(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000037-GPOS-00015</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000042-GPOS-00020</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000062-GPOS-00031</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000392-GPOS-00172</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000462-GPOS-00206</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000468-GPOS-00212</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000471-GPOS-00215</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000463-GPOS-00207</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000465-GPOS-00209</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">SLES-15-030450</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-234944r622137_rule</a></p></td></tr><tr><td>Description</td><td><div class="description">At a minimum, the audit system should collect any execution attempt
of the <code>chcon</code> command for all users and root. If the <code>auditd</code>
daemon is configured to use the <code>augenrules</code> program to read audit rules
during daemon startup (the default), add the following lines to a file with suffix
<code>.rules</code> in the directory <code>/etc/audit/rules.d</code>:
<pre>-a always,exit -F path=/usr/bin/chcon -F perm=x -F auid&gt;=1000 -F auid!=unset -F key=privileged</pre>
If the <code>auditd</code> daemon is configured to use the <code>auditctl</code>
utility to read audit rules during daemon startup, add the following lines to
<code>/etc/audit/audit.rules</code> file:
<pre>-a always,exit -F path=/usr/bin/chcon -F perm=x -F auid&gt;=1000 -F auid!=unset -F key=privileged</pre></div></td></tr><tr><td>Rationale</td><td><div class="rationale">Misuse of privileged functions, either intentionally or unintentionally by
authorized users, or by unauthorized external entities that have compromised system accounts,
is a serious and ongoing concern and can have significant adverse impacts on organizations.
Auditing the use of privileged functions is one way to detect such misuse and identify
the risk from insider and advanced persistent threats.
<br><br>
Privileged programs are subject to escalation-of-privilege attacks,
which attempt to subvert their normal role of providing some necessary but
limited capability. As such, motivation exists to monitor these programs for
unusual activity.</div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">audit augenrules</span>Â 
        <span class="label label-default">oval:ssg-test_audit_rules_augenrules:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>Requires=augenrules.service</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules chcon</span>Â 
        <span class="label label-default">oval:ssg-test_audit_rules_execution_chcon_augenrules:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/privileged.rules</td><td>-a always,exit -F path=/usr/bin/chcon -F perm=x -F auid&gt;=1000 -F auid!=unset -F key=privileged</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl</span>Â 
        <span class="label label-default">oval:ssg-test_audit_rules_auditctl:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_audit_rules_auditctl:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>^ExecStartPost=\-\/sbin\/auditctl.*$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl chcon</span>Â 
        <span class="label label-default">oval:ssg-test_audit_rules_execution_chcon_auditctl:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-a always,exit -F path=/usr/bin/chcon -F perm=x -F auid&gt;=1000 -F auid!=unset -F key=privileged</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_execution_rm" id="rule-detail-id34349"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Record Any Attempts to Run rmxccdf_org.ssgproject.content_rule_audit_rules_execution_rm mediumCCE-85596-5 </div><div class="panel-heading"><h3 class="panel-title">Record Any Attempts to Run rm</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_execution_rm</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-audit_rules_execution_rm:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:07+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
            <abbr title="https://ncp.nist.gov/cce: CCE-85596-5">CCE-85596-5</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
            <a href="https://public.cyber.mil/stigs/cci/">CCI-000130</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000172</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002884</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000037-GPOS-00015</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000062-GPOS-00031</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000392-GPOS-00172</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000462-GPOS-00206</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000471-GPOS-00215</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">SLES-15-030460</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-234945r622137_rule</a></p></td></tr><tr><td>Description</td><td><div class="description">At a minimum, the audit system should collect any execution attempt
of the <code>rm</code> command for all users and root. If the <code>auditd</code>
daemon is configured to use the <code>augenrules</code> program to read audit rules
during daemon startup (the default), add the following lines to a file with suffix
<code>.rules</code> in the directory <code>/etc/audit/rules.d</code>:
<pre>-a always,exit -F path=/usr/bin/rm -F perm=x -F auid&gt;=1000 -F auid!=unset -F key=privileged</pre>
If the <code>auditd</code> daemon is configured to use the <code>auditctl</code>
utility to read audit rules during daemon startup, add the following lines to
<code>/etc/audit/audit.rules</code> file:
<pre>-a always,exit -F path=/usr/bin/rm -F perm=x -F auid&gt;=1000 -F auid!=unset -F key=privileged</pre></div></td></tr><tr><td>Rationale</td><td><div class="rationale">Without generating audit records that are specific to the security and
mission needs of the organization, it would be difficult to establish,
correlate, and investigate the events relating to an incident or identify
those responsible for one.

Audit records can be generated from various components within the
information system (e.g., module or policy filter).</div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">audit augenrules</span>Â 
        <span class="label label-default">oval:ssg-test_audit_rules_augenrules:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>Requires=augenrules.service</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules rm</span>Â 
        <span class="label label-default">oval:ssg-test_audit_rules_execution_rm_augenrules:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/privileged.rules</td><td>-a always,exit -F path=/usr/bin/rm -F perm=x -F auid&gt;=1000 -F auid!=unset -F key=privileged</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl</span>Â 
        <span class="label label-default">oval:ssg-test_audit_rules_auditctl:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_audit_rules_auditctl:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>^ExecStartPost=\-\/sbin\/auditctl.*$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl rm</span>Â 
        <span class="label label-default">oval:ssg-test_audit_rules_execution_rm_auditctl:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-a always,exit -F path=/usr/bin/rm -F perm=x -F auid&gt;=1000 -F auid!=unset -F key=privileged</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_file_deletion_events_rename" id="rule-detail-id34350"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Ensure auditd Collects File Deletion Events by User - renamexccdf_org.ssgproject.content_rule_audit_rules_file_deletion_events_rename mediumCCE-85768-0 </div><div class="panel-heading"><h3 class="panel-title">Ensure auditd Collects File Deletion Events by User - rename</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_file_deletion_events_rename</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-audit_rules_file_deletion_events_rename:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:07+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
            <abbr title="https://ncp.nist.gov/cce: CCE-85768-0">CCE-85768-0</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R73)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000130</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000135</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000172</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002884</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.MA-2</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.2.7</a>, <a href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">10.2.1.7</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000037-GPOS-00015</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000042-GPOS-00020</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000062-GPOS-00031</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000392-GPOS-00172</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000462-GPOS-00206</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000471-GPOS-00215</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000466-GPOS-00210</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000467-GPOS-00211</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000468-GPOS-00212</a>, <a href="https://www.cisecurity.org/benchmark/suse_linux/">4.1.13</a></p></td></tr><tr><td>Description</td><td><div class="description">At a minimum, the audit system should collect file deletion events
for all users and root. If the <code>auditd</code> daemon is configured to use the
<code>augenrules</code> program to read audit rules during daemon startup (the
default), add the following line to a file with suffix <code>.rules</code> in the
directory <code>/etc/audit/rules.d</code>, setting ARCH to either b32 or b64 as
appropriate for your system:
<pre>-a always,exit -F arch=ARCH -S rename -F auid&gt;=1000 -F auid!=unset -F key=delete</pre>
If the <code>auditd</code> daemon is configured to use the <code>auditctl</code>
utility to read audit rules during daemon startup, add the following line to
<code>/etc/audit/audit.rules</code> file, setting ARCH to either b32 or b64 as
appropriate for your system:
<pre>-a always,exit -F arch=ARCH -S rename -F auid&gt;=1000 -F auid!=unset -F key=delete</pre></div></td></tr><tr><td>Rationale</td><td><div class="rationale">Auditing file deletions will create an audit trail for files that are removed
from the system. The audit trail could aid in system troubleshooting, as well as, detecting
malicious processes that attempt to delete log files to conceal their presence.</div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">audit augenrules</span>Â 
        <span class="label label-default">oval:ssg-test_audit_rules_augenrules:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>Requires=augenrules.service</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules 32-bit rename</span>Â 
        <span class="label label-default">oval:ssg-test_32bit_ardm_rename_augenrules:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/access.rules</td><td>-a always,exit -F arch=b32 -S rename -F exit=-EACCES -F auid&gt;=1000 -F auid!=unset -F key=access</td></tr><tr><td>/etc/audit/rules.d/delete.rules</td><td>-a always,exit -F arch=b32 -S rename -F auid&gt;=1000 -F auid!=unset -F key=delete</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_x86_64:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_ppc_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="64 bit architecture">oval:ssg-object_system_info_architecture_ppcle_64:obj:1</abbr></strong> of type
                <strong>uname_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_aarch_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_s390_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules 64-bit rename</span>Â 
        <span class="label label-default">oval:ssg-test_64bit_ardm_rename_augenrules:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/access.rules</td><td>-a always,exit -F arch=b64 -S rename -F exit=-EACCES -F auid&gt;=1000 -F auid!=unset -F key=access</td></tr><tr><td>/etc/audit/rules.d/delete.rules</td><td>-a always,exit -F arch=b64 -S rename -F auid&gt;=1000 -F auid!=unset -F key=delete</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl</span>Â 
        <span class="label label-default">oval:ssg-test_audit_rules_auditctl:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_audit_rules_auditctl:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>^ExecStartPost=\-\/sbin\/auditctl.*$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl 32-bit rename</span>Â 
        <span class="label label-default">oval:ssg-test_32bit_ardm_rename_auditctl:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-a always,exit -F arch=b32 -S rename -F exit=-EACCES -F auid&gt;=1000 -F auid!=unset -F key=access</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_x86_64:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_ppc_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="64 bit architecture">oval:ssg-object_system_info_architecture_ppcle_64:obj:1</abbr></strong> of type
                <strong>uname_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_aarch_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_s390_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl 64-bit rename</span>Â 
        <span class="label label-default">oval:ssg-test_64bit_ardm_rename_auditctl:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-a always,exit -F arch=b64 -S rename -F exit=-EACCES -F auid&gt;=1000 -F auid!=unset -F key=access</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_file_deletion_events_renameat" id="rule-detail-id34351"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Ensure auditd Collects File Deletion Events by User - renameatxccdf_org.ssgproject.content_rule_audit_rules_file_deletion_events_renameat mediumCCE-85769-8 </div><div class="panel-heading"><h3 class="panel-title">Ensure auditd Collects File Deletion Events by User - renameat</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_file_deletion_events_renameat</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-audit_rules_file_deletion_events_renameat:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:07+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
            <abbr title="https://ncp.nist.gov/cce: CCE-85769-8">CCE-85769-8</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R73)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000130</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000135</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000172</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002884</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.MA-2</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.2.7</a>, <a href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">10.2.1.7</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000037-GPOS-00015</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000042-GPOS-00020</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000062-GPOS-00031</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000392-GPOS-00172</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000462-GPOS-00206</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000471-GPOS-00215</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000466-GPOS-00210</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000467-GPOS-00211</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000468-GPOS-00212</a>, <a href="https://www.cisecurity.org/benchmark/suse_linux/">4.1.13</a></p></td></tr><tr><td>Description</td><td><div class="description">At a minimum, the audit system should collect file deletion events
for all users and root. If the <code>auditd</code> daemon is configured to use the
<code>augenrules</code> program to read audit rules during daemon startup (the
default), add the following line to a file with suffix <code>.rules</code> in the
directory <code>/etc/audit/rules.d</code>, setting ARCH to either b32 or b64 as
appropriate for your system:
<pre>-a always,exit -F arch=ARCH -S renameat -F auid&gt;=1000 -F auid!=unset -F key=delete</pre>
If the <code>auditd</code> daemon is configured to use the <code>auditctl</code>
utility to read audit rules during daemon startup, add the following line to
<code>/etc/audit/audit.rules</code> file, setting ARCH to either b32 or b64 as
appropriate for your system:
<pre>-a always,exit -F arch=ARCH -S renameat -F auid&gt;=1000 -F auid!=unset -F key=delete</pre></div></td></tr><tr><td>Rationale</td><td><div class="rationale">Auditing file deletions will create an audit trail for files that are removed
from the system. The audit trail could aid in system troubleshooting, as well as, detecting
malicious processes that attempt to delete log files to conceal their presence.</div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">audit augenrules</span>Â 
        <span class="label label-default">oval:ssg-test_audit_rules_augenrules:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>Requires=augenrules.service</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules 32-bit renameat</span>Â 
        <span class="label label-default">oval:ssg-test_32bit_ardm_renameat_augenrules:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/access.rules</td><td>-a always,exit -F arch=b32 -S renameat -F exit=-EACCES -F auid&gt;=1000 -F auid!=unset -F key=access</td></tr><tr><td>/etc/audit/rules.d/delete.rules</td><td>-a always,exit -F arch=b32 -S renameat -F auid&gt;=1000 -F auid!=unset -F key=delete</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_x86_64:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_ppc_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="64 bit architecture">oval:ssg-object_system_info_architecture_ppcle_64:obj:1</abbr></strong> of type
                <strong>uname_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_aarch_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_s390_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules 64-bit renameat</span>Â 
        <span class="label label-default">oval:ssg-test_64bit_ardm_renameat_augenrules:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/access.rules</td><td>-a always,exit -F arch=b64 -S renameat -F exit=-EACCES -F auid&gt;=1000 -F auid!=unset -F key=access</td></tr><tr><td>/etc/audit/rules.d/delete.rules</td><td>-a always,exit -F arch=b64 -S renameat -F auid&gt;=1000 -F auid!=unset -F key=delete</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl</span>Â 
        <span class="label label-default">oval:ssg-test_audit_rules_auditctl:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_audit_rules_auditctl:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>^ExecStartPost=\-\/sbin\/auditctl.*$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl 32-bit renameat</span>Â 
        <span class="label label-default">oval:ssg-test_32bit_ardm_renameat_auditctl:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-a always,exit -F arch=b32 -S renameat -F exit=-EACCES -F auid&gt;=1000 -F auid!=unset -F key=access</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_x86_64:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_ppc_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="64 bit architecture">oval:ssg-object_system_info_architecture_ppcle_64:obj:1</abbr></strong> of type
                <strong>uname_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_aarch_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_s390_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl 64-bit renameat</span>Â 
        <span class="label label-default">oval:ssg-test_64bit_ardm_renameat_auditctl:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-a always,exit -F arch=b64 -S renameat -F exit=-EACCES -F auid&gt;=1000 -F auid!=unset -F key=access</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_file_deletion_events_unlink" id="rule-detail-id34352"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Ensure auditd Collects File Deletion Events by User - unlinkxccdf_org.ssgproject.content_rule_audit_rules_file_deletion_events_unlink mediumCCE-85771-4 </div><div class="panel-heading"><h3 class="panel-title">Ensure auditd Collects File Deletion Events by User - unlink</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_file_deletion_events_unlink</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-audit_rules_file_deletion_events_unlink:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:07+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
            <abbr title="https://ncp.nist.gov/cce: CCE-85771-4">CCE-85771-4</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R73)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000130</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000135</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000172</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002884</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.MA-2</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.2.7</a>, <a href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">10.2.1.7</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000037-GPOS-00015</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000042-GPOS-00020</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000062-GPOS-00031</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000392-GPOS-00172</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000462-GPOS-00206</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000471-GPOS-00215</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000466-GPOS-00210</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000467-GPOS-00211</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000468-GPOS-00212</a>, <a href="https://www.cisecurity.org/benchmark/suse_linux/">4.1.13</a></p></td></tr><tr><td>Description</td><td><div class="description">At a minimum, the audit system should collect file deletion events
for all users and root. If the <code>auditd</code> daemon is configured to use the
<code>augenrules</code> program to read audit rules during daemon startup (the
default), add the following line to a file with suffix <code>.rules</code> in the
directory <code>/etc/audit/rules.d</code>, setting ARCH to either b32 or b64 as
appropriate for your system:
<pre>-a always,exit -F arch=ARCH -S unlink -F auid&gt;=1000 -F auid!=unset -F key=delete</pre>
If the <code>auditd</code> daemon is configured to use the <code>auditctl</code>
utility to read audit rules during daemon startup, add the following line to
<code>/etc/audit/audit.rules</code> file, setting ARCH to either b32 or b64 as
appropriate for your system:
<pre>-a always,exit -F arch=ARCH -S unlink -F auid&gt;=1000 -F auid!=unset -F key=delete</pre></div></td></tr><tr><td>Rationale</td><td><div class="rationale">Auditing file deletions will create an audit trail for files that are removed
from the system. The audit trail could aid in system troubleshooting, as well as, detecting
malicious processes that attempt to delete log files to conceal their presence.</div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">audit augenrules</span>Â 
        <span class="label label-default">oval:ssg-test_audit_rules_augenrules:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>Requires=augenrules.service</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules 32-bit unlink</span>Â 
        <span class="label label-default">oval:ssg-test_32bit_ardm_unlink_augenrules:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/access.rules</td><td>-a always,exit -F arch=b32 -S unlink -F exit=-EACCES -F auid&gt;=1000 -F auid!=unset -F key=access</td></tr><tr><td>/etc/audit/rules.d/delete.rules</td><td>-a always,exit -F arch=b32 -S unlink -F auid&gt;=1000 -F auid!=unset -F key=delete</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_x86_64:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_ppc_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="64 bit architecture">oval:ssg-object_system_info_architecture_ppcle_64:obj:1</abbr></strong> of type
                <strong>uname_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_aarch_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_s390_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules 64-bit unlink</span>Â 
        <span class="label label-default">oval:ssg-test_64bit_ardm_unlink_augenrules:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/delete.rules</td><td>-a always,exit -F arch=b64 -S unlink -F auid&gt;=1000 -F auid!=unset -F key=delete</td></tr><tr><td>/etc/audit/rules.d/access.rules</td><td>-a always,exit -F arch=b64 -S unlink -F exit=-EACCES -F auid&gt;=1000 -F auid!=unset -F key=access</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl</span>Â 
        <span class="label label-default">oval:ssg-test_audit_rules_auditctl:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_audit_rules_auditctl:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>^ExecStartPost=\-\/sbin\/auditctl.*$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl 32-bit unlink</span>Â 
        <span class="label label-default">oval:ssg-test_32bit_ardm_unlink_auditctl:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-a always,exit -F arch=b32 -S unlink -F exit=-EACCES -F auid&gt;=1000 -F auid!=unset -F key=access</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_x86_64:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_ppc_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="64 bit architecture">oval:ssg-object_system_info_architecture_ppcle_64:obj:1</abbr></strong> of type
                <strong>uname_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_aarch_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_s390_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl 64-bit unlink</span>Â 
        <span class="label label-default">oval:ssg-test_64bit_ardm_unlink_auditctl:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-a always,exit -F arch=b64 -S unlink -F exit=-EACCES -F auid&gt;=1000 -F auid!=unset -F key=access</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_file_deletion_events_unlinkat" id="rule-detail-id34353"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Ensure auditd Collects File Deletion Events by User - unlinkatxccdf_org.ssgproject.content_rule_audit_rules_file_deletion_events_unlinkat mediumCCE-85772-2 </div><div class="panel-heading"><h3 class="panel-title">Ensure auditd Collects File Deletion Events by User - unlinkat</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_file_deletion_events_unlinkat</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-audit_rules_file_deletion_events_unlinkat:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:07+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
            <abbr title="https://ncp.nist.gov/cce: CCE-85772-2">CCE-85772-2</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R73)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000130</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000135</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000172</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002884</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.MA-2</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.2.7</a>, <a href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">10.2.1.7</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000037-GPOS-00015</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000042-GPOS-00020</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000062-GPOS-00031</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000392-GPOS-00172</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000462-GPOS-00206</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000471-GPOS-00215</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000466-GPOS-00210</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000467-GPOS-00211</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000468-GPOS-00212</a>, <a href="https://www.cisecurity.org/benchmark/suse_linux/">4.1.13</a></p></td></tr><tr><td>Description</td><td><div class="description">At a minimum, the audit system should collect file deletion events
for all users and root. If the <code>auditd</code> daemon is configured to use the
<code>augenrules</code> program to read audit rules during daemon startup (the
default), add the following line to a file with suffix <code>.rules</code> in the
directory <code>/etc/audit/rules.d</code>, setting ARCH to either b32 or b64 as
appropriate for your system:
<pre>-a always,exit -F arch=ARCH -S unlinkat -F auid&gt;=1000 -F auid!=unset -F key=delete</pre>
If the <code>auditd</code> daemon is configured to use the <code>auditctl</code>
utility to read audit rules during daemon startup, add the following line to
<code>/etc/audit/audit.rules</code> file, setting ARCH to either b32 or b64 as
appropriate for your system:
<pre>-a always,exit -F arch=ARCH -S unlinkat -F auid&gt;=1000 -F auid!=unset -F key=delete</pre></div></td></tr><tr><td>Rationale</td><td><div class="rationale">Auditing file deletions will create an audit trail for files that are removed
from the system. The audit trail could aid in system troubleshooting, as well as, detecting
malicious processes that attempt to delete log files to conceal their presence.</div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">audit augenrules</span>Â 
        <span class="label label-default">oval:ssg-test_audit_rules_augenrules:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>Requires=augenrules.service</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules 32-bit unlinkat</span>Â 
        <span class="label label-default">oval:ssg-test_32bit_ardm_unlinkat_augenrules:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/delete.rules</td><td>-a always,exit -F arch=b32 -S unlinkat -F auid&gt;=1000 -F auid!=unset -F key=delete</td></tr><tr><td>/etc/audit/rules.d/access.rules</td><td>-a always,exit -F arch=b32 -S unlinkat -F exit=-EACCES -F auid&gt;=1000 -F auid!=unset -F key=access</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_x86_64:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_ppc_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="64 bit architecture">oval:ssg-object_system_info_architecture_ppcle_64:obj:1</abbr></strong> of type
                <strong>uname_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_aarch_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_s390_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules 64-bit unlinkat</span>Â 
        <span class="label label-default">oval:ssg-test_64bit_ardm_unlinkat_augenrules:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/delete.rules</td><td>-a always,exit -F arch=b64 -S unlinkat -F auid&gt;=1000 -F auid!=unset -F key=delete
</td></tr><tr><td>/etc/audit/rules.d/access.rules</td><td>-a always,exit -F arch=b64 -S unlinkat -F exit=-EACCES -F auid&gt;=1000 -F auid!=unset -F key=access</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl</span>Â 
        <span class="label label-default">oval:ssg-test_audit_rules_auditctl:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_audit_rules_auditctl:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>^ExecStartPost=\-\/sbin\/auditctl.*$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl 32-bit unlinkat</span>Â 
        <span class="label label-default">oval:ssg-test_32bit_ardm_unlinkat_auditctl:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-a always,exit -F arch=b32 -S unlinkat -F exit=-EACCES -F auid&gt;=1000 -F auid!=unset -F key=access</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_x86_64:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_ppc_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="64 bit architecture">oval:ssg-object_system_info_architecture_ppcle_64:obj:1</abbr></strong> of type
                <strong>uname_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_aarch_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_s390_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl 64-bit unlinkat</span>Â 
        <span class="label label-default">oval:ssg-test_64bit_ardm_unlinkat_auditctl:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-a always,exit -F arch=b64 -S unlinkat -F exit=-EACCES -F auid&gt;=1000 -F auid!=unset -F key=access</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_creat" id="rule-detail-id34354"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Record Unsuccessful Access Attempts to Files - creatxccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_creat mediumCCE-85681-5 </div><div class="panel-heading"><h3 class="panel-title">Record Unsuccessful Access Attempts to Files - creat</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_creat</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-audit_rules_unsuccessful_file_modification_creat:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:07+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
            <abbr title="https://ncp.nist.gov/cce: CCE-85681-5">CCE-85681-5</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R73)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000130</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000135</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000172</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002884</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-3</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-3.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12.1(ii)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12.1(iv)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">MA-4(1)(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.2.4</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.2.1</a>, <a href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">10.2.1.1</a>, <a href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">10.2.1.4</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000037-GPOS-00015</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000042-GPOS-00020</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000062-GPOS-00031</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000392-GPOS-00172</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000462-GPOS-00206</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000471-GPOS-00215</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000064-GPOS-00033</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000458-GPOS-00203</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000461-GPOS-00205</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">SLES-15-030150</a>, <a href="https://www.cisecurity.org/benchmark/suse_linux/">4.1.10</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-234914r622137_rule</a></p></td></tr><tr><td>Description</td><td><div class="description">At a minimum, the audit system should collect unauthorized file
accesses for all users and root. If the <code>auditd</code> daemon is configured
to use the <code>augenrules</code> program to read audit rules during daemon
startup (the default), add the following lines to a file with suffix
<code>.rules</code> in the directory <code>/etc/audit/rules.d</code>:
<pre>-a always,exit -F arch=b32 -S creat -F exit=-EACCES -F auid&gt;=1000 -F auid!=unset -F key=access
-a always,exit -F arch=b32 -S creat -F exit=-EPERM -F auid&gt;=1000 -F auid!=unset -F key=access</pre>
If the system is 64 bit then also add the following lines:
<pre>
-a always,exit -F arch=b64 -S creat -F exit=-EACCES -F auid&gt;=1000 -F auid!=unset -F key=access
-a always,exit -F arch=b64 -S creat -F exit=-EPERM -F auid&gt;=1000 -F auid!=unset -F key=access</pre>
If the <code>auditd</code> daemon is configured to use the <code>auditctl</code>
utility to read audit rules during daemon startup, add the following lines to
<code>/etc/audit/audit.rules</code> file:
<pre>-a always,exit -F arch=b32 -S creat -F exit=-EACCES -F auid&gt;=1000 -F auid!=unset -F key=access
-a always,exit -F arch=b32 -S creat -F exit=-EPERM -F auid&gt;=1000 -F auid!=unset -F key=access</pre>
If the system is 64 bit then also add the following lines:
<pre>
-a always,exit -F arch=b64 -S creat -F exit=-EACCES -F auid&gt;=1000 -F auid!=unset -F key=access
-a always,exit -F arch=b64 -S creat -F exit=-EPERM -F auid&gt;=1000 -F auid!=unset -F key=access</pre></div></td></tr><tr><td>Rationale</td><td><div class="rationale">Unsuccessful attempts to access files could be an indicator of malicious activity on a system. Auditing
these events could serve as evidence of potential system compromise.</div></td></tr><tr><td>Warnings</td><td><div class="panel panel-warning"><div class="panel-heading"><span class="label label-warning">warning</span>Â 
                                Note that these rules can be configured in a
number of ways while still achieving the desired effect. Here the system calls
have been placed independent of other system calls. Grouping these system
calls with others as identifying earlier in this guide is more efficient.</div></div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">audit augenrules</span>Â 
        <span class="label label-default">oval:ssg-test_audit_rules_augenrules:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>Requires=augenrules.service</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules 32-bit file eacces</span>Â 
        <span class="label label-default">oval:ssg-test_32bit_arufm_eacces_creat_augenrules:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/access.rules</td><td>-a always,exit -F arch=b32 -S creat -F exit=-EACCES -F auid&gt;=1000 -F auid!=unset -F key=access</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules 32-bit file eperm</span>Â 
        <span class="label label-default">oval:ssg-test_32bit_arufm_eperm_creat_augenrules:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/access.rules</td><td>-a always,exit -F arch=b32 -S creat -F exit=-EPERM -F auid&gt;=1000 -F auid!=unset -F key=access</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_x86_64:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_ppc_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="64 bit architecture">oval:ssg-object_system_info_architecture_ppcle_64:obj:1</abbr></strong> of type
                <strong>uname_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_aarch_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_s390_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules 64-bit file eacces</span>Â 
        <span class="label label-default">oval:ssg-test_64bit_arufm_eacces_creat_augenrules:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/access.rules</td><td>-a always,exit -F arch=b64 -S creat -F exit=-EACCES -F auid&gt;=1000 -F auid!=unset -F key=access</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules 64-bit file eperm</span>Â 
        <span class="label label-default">oval:ssg-test_64bit_arufm_eperm_creat_augenrules:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/access.rules</td><td>-a always,exit -F arch=b64 -S creat -F exit=-EPERM -F auid&gt;=1000 -F auid!=unset -F key=access</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl</span>Â 
        <span class="label label-default">oval:ssg-test_audit_rules_auditctl:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_audit_rules_auditctl:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>^ExecStartPost=\-\/sbin\/auditctl.*$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl 32-bit file eacces</span>Â 
        <span class="label label-default">oval:ssg-test_32bit_arufm_eacces_creat_auditctl:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-a always,exit -F arch=b32 -S creat -F exit=-EACCES -F auid&gt;=1000 -F auid!=unset -F key=access</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl 32-bit file eperm</span>Â 
        <span class="label label-default">oval:ssg-test_32bit_arufm_eperm_creat_auditctl:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-a always,exit -F arch=b32 -S creat -F exit=-EPERM -F auid&gt;=1000 -F auid!=unset -F key=access</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_x86_64:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_ppc_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="64 bit architecture">oval:ssg-object_system_info_architecture_ppcle_64:obj:1</abbr></strong> of type
                <strong>uname_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_aarch_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_s390_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl 64-bit file eacces</span>Â 
        <span class="label label-default">oval:ssg-test_64bit_arufm_eacces_creat_auditctl:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-a always,exit -F arch=b64 -S creat -F exit=-EACCES -F auid&gt;=1000 -F auid!=unset -F key=access</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl 64-bit file eperm</span>Â 
        <span class="label label-default">oval:ssg-test_64bit_arufm_eperm_creat_auditctl:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-a always,exit -F arch=b64 -S creat -F exit=-EPERM -F auid&gt;=1000 -F auid!=unset -F key=access</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_ftruncate" id="rule-detail-id34355"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Record Unsuccessful Access Attempts to Files - ftruncatexccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_ftruncate mediumCCE-85696-3 </div><div class="panel-heading"><h3 class="panel-title">Record Unsuccessful Access Attempts to Files - ftruncate</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_ftruncate</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-audit_rules_unsuccessful_file_modification_ftruncate:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:07+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
            <abbr title="https://ncp.nist.gov/cce: CCE-85696-3">CCE-85696-3</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R73)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000130</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000135</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000172</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002884</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-3</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-3.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12.1(iv)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12.1(ii)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">MA-4(1)(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.2.4</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.2.1</a>, <a href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">10.2.1.1</a>, <a href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">10.2.1.4</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000037-GPOS-00015</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000042-GPOS-00020</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000062-GPOS-00031</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000392-GPOS-00172</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000462-GPOS-00206</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000471-GPOS-00215</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000064-GPOS-00033</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000458-GPOS-00203</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000461-GPOS-00205</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">SLES-15-030150</a>, <a href="https://www.cisecurity.org/benchmark/suse_linux/">4.1.10</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-234914r622137_rule</a></p></td></tr><tr><td>Description</td><td><div class="description">At a minimum, the audit system should collect unauthorized file
accesses for all users and root. If the <code>auditd</code> daemon is configured
to use the <code>augenrules</code> program to read audit rules during daemon
startup (the default), add the following lines to a file with suffix
<code>.rules</code> in the directory <code>/etc/audit/rules.d</code>:
<pre>-a always,exit -F arch=b32 -S ftruncate -F exit=-EACCES -F auid&gt;=1000 -F auid!=unset -F key=access
-a always,exit -F arch=b32 -S ftruncate -F exit=-EPERM -F auid&gt;=1000 -F auid!=unset -F key=access</pre>

If the system is 64 bit then also add the following lines:
<pre>
-a always,exit -F arch=b64 -S ftruncate -F exit=-EACCES -F auid&gt;=1000 -F auid!=unset -F key=access
-a always,exit -F arch=b64 -S ftruncate -F exit=-EPERM -F auid&gt;=1000 -F auid!=unset -F key=access</pre>

If the <code>auditd</code> daemon is configured to use the <code>auditctl</code>
utility to read audit rules during daemon startup, add the following lines to
<code>/etc/audit/audit.rules</code> file:
<pre>-a always,exit -F arch=b32 -S ftruncate -F exit=-EACCES -F auid&gt;=1000 -F auid!=unset -F key=access
-a always,exit -F arch=b32 -S ftruncate -F exit=-EPERM -F auid&gt;=1000 -F auid!=unset -F key=access</pre>

If the system is 64 bit then also add the following lines:
<pre>
-a always,exit -F arch=b64 -S ftruncate -F exit=-EACCES -F auid&gt;=1000 -F auid!=unset -F key=access
-a always,exit -F arch=b64 -S ftruncate -F exit=-EPERM -F auid&gt;=1000 -F auid!=unset -F key=access</pre></div></td></tr><tr><td>Rationale</td><td><div class="rationale">Unsuccessful attempts to access files could be an indicator of malicious activity on a system. Auditing
these events could serve as evidence of potential system compromise.</div></td></tr><tr><td>Warnings</td><td><div class="panel panel-warning"><div class="panel-heading"><span class="label label-warning">warning</span>Â 
                                Note that these rules can be configured in a
number of ways while still achieving the desired effect. Here the system calls
have been placed independent of other system calls. Grouping these system
calls with others as identifying earlier in this guide is more efficient.</div></div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">audit augenrules</span>Â 
        <span class="label label-default">oval:ssg-test_audit_rules_augenrules:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>Requires=augenrules.service</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules 32-bit file eacces</span>Â 
        <span class="label label-default">oval:ssg-test_32bit_arufm_eacces_ftruncate_augenrules:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/access.rules</td><td>-a always,exit -F arch=b32 -S ftruncate -F exit=-EACCES -F auid&gt;=1000 -F auid!=unset -F key=access</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules 32-bit file eperm</span>Â 
        <span class="label label-default">oval:ssg-test_32bit_arufm_eperm_ftruncate_augenrules:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/access.rules</td><td>-a always,exit -F arch=b32 -S ftruncate -F exit=-EPERM -F auid&gt;=1000 -F auid!=unset -F key=access</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_x86_64:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_ppc_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="64 bit architecture">oval:ssg-object_system_info_architecture_ppcle_64:obj:1</abbr></strong> of type
                <strong>uname_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_aarch_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_s390_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules 64-bit file eacces</span>Â 
        <span class="label label-default">oval:ssg-test_64bit_arufm_eacces_ftruncate_augenrules:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/access.rules</td><td>-a always,exit -F arch=b64 -S ftruncate -F exit=-EACCES -F auid&gt;=1000 -F auid!=unset -F key=access</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules 64-bit file eperm</span>Â 
        <span class="label label-default">oval:ssg-test_64bit_arufm_eperm_ftruncate_augenrules:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/access.rules</td><td>-a always,exit -F arch=b64 -S ftruncate -F exit=-EPERM -F auid&gt;=1000 -F auid!=unset -F key=access</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl</span>Â 
        <span class="label label-default">oval:ssg-test_audit_rules_auditctl:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_audit_rules_auditctl:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>^ExecStartPost=\-\/sbin\/auditctl.*$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl 32-bit file eacces</span>Â 
        <span class="label label-default">oval:ssg-test_32bit_arufm_eacces_ftruncate_auditctl:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-a always,exit -F arch=b32 -S ftruncate -F exit=-EACCES -F auid&gt;=1000 -F auid!=unset -F key=access</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl 32-bit file eperm</span>Â 
        <span class="label label-default">oval:ssg-test_32bit_arufm_eperm_ftruncate_auditctl:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-a always,exit -F arch=b32 -S ftruncate -F exit=-EPERM -F auid&gt;=1000 -F auid!=unset -F key=access</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_x86_64:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_ppc_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="64 bit architecture">oval:ssg-object_system_info_architecture_ppcle_64:obj:1</abbr></strong> of type
                <strong>uname_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_aarch_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_s390_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl 64-bit file eacces</span>Â 
        <span class="label label-default">oval:ssg-test_64bit_arufm_eacces_ftruncate_auditctl:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-a always,exit -F arch=b64 -S ftruncate -F exit=-EACCES -F auid&gt;=1000 -F auid!=unset -F key=access</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl 64-bit file eperm</span>Â 
        <span class="label label-default">oval:ssg-test_64bit_arufm_eperm_ftruncate_auditctl:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-a always,exit -F arch=b64 -S ftruncate -F exit=-EPERM -F auid&gt;=1000 -F auid!=unset -F key=access</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_open" id="rule-detail-id34356"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Record Unsuccessful Access Attempts to Files - openxccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_open mediumCCE-85680-7 </div><div class="panel-heading"><h3 class="panel-title">Record Unsuccessful Access Attempts to Files - open</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_open</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-audit_rules_unsuccessful_file_modification_open:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:07+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
            <abbr title="https://ncp.nist.gov/cce: CCE-85680-7">CCE-85680-7</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R73)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000130</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000135</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000172</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002884</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12.1(iv)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12.1(ii)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-3</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-3.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">MA-4(1)(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.2.4</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.2.1</a>, <a href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">10.2.1.1</a>, <a href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">10.2.1.4</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000037-GPOS-00015</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000042-GPOS-00020</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000062-GPOS-00031</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000392-GPOS-00172</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000462-GPOS-00206</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000471-GPOS-00215</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000064-GPOS-00033</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000458-GPOS-00203</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000461-GPOS-00205</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">SLES-15-030150</a>, <a href="https://www.cisecurity.org/benchmark/suse_linux/">4.1.10</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-234914r622137_rule</a></p></td></tr><tr><td>Description</td><td><div class="description">At a minimum, the audit system should collect unauthorized file
accesses for all users and root. If the <code>auditd</code> daemon is configured
to use the <code>augenrules</code> program to read audit rules during daemon
startup (the default), add the following lines to a file with suffix
<code>.rules</code> in the directory <code>/etc/audit/rules.d</code>:
<pre>-a always,exit -F arch=b32 -S open -F exit=-EACCES -F auid&gt;=1000 -F auid!=unset -F key=access
-a always,exit -F arch=b32 -S open -F exit=-EPERM -F auid&gt;=1000 -F auid!=unset -F key=access</pre>

If the system is 64 bit then also add the following lines:
<pre>
-a always,exit -F arch=b64 -S open -F exit=-EACCES -F auid&gt;=1000 -F auid!=unset -F key=access
-a always,exit -F arch=b64 -S open -F exit=-EPERM -F auid&gt;=1000 -F auid!=unset -F key=access</pre>

If the <code>auditd</code> daemon is configured to use the <code>auditctl</code>
utility to read audit rules during daemon startup, add the following lines to
<code>/etc/audit/audit.rules</code> file:
<pre>-a always,exit -F arch=b32 -S open -F exit=-EACCES -F auid&gt;=1000 -F auid!=unset -F key=access
-a always,exit -F arch=b32 -S open -F exit=-EPERM -F auid&gt;=1000 -F auid!=unset -F key=access</pre>

If the system is 64 bit then also add the following lines:
<pre>
-a always,exit -F arch=b64 -S open -F exit=-EACCES -F auid&gt;=1000 -F auid!=unset -F key=access
-a always,exit -F arch=b64 -S open -F exit=-EPERM -F auid&gt;=1000 -F auid!=unset -F key=access</pre></div></td></tr><tr><td>Rationale</td><td><div class="rationale">Unsuccessful attempts to access files could be an indicator of malicious activity on a system. Auditing
these events could serve as evidence of potential system compromise.</div></td></tr><tr><td>Warnings</td><td><div class="panel panel-warning"><div class="panel-heading"><span class="label label-warning">warning</span>Â 
                                Note that these rules can be configured in a
number of ways while still achieving the desired effect. Here the system calls
have been placed independent of other system calls. Grouping these system
calls with others as identifying earlier in this guide is more efficient.</div></div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">audit augenrules</span>Â 
        <span class="label label-default">oval:ssg-test_audit_rules_augenrules:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>Requires=augenrules.service</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules 32-bit file eacces</span>Â 
        <span class="label label-default">oval:ssg-test_32bit_arufm_eacces_open_augenrules:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/access.rules</td><td>-a always,exit -F arch=b32 -S open -F exit=-EACCES -F auid&gt;=1000 -F auid!=unset -F key=access</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules 32-bit file eperm</span>Â 
        <span class="label label-default">oval:ssg-test_32bit_arufm_eperm_open_augenrules:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/access.rules</td><td>-a always,exit -F arch=b32 -S open -F exit=-EPERM -F auid&gt;=1000 -F auid!=unset -F key=access</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_x86_64:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_ppc_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="64 bit architecture">oval:ssg-object_system_info_architecture_ppcle_64:obj:1</abbr></strong> of type
                <strong>uname_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_aarch_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_s390_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules 64-bit file eacces</span>Â 
        <span class="label label-default">oval:ssg-test_64bit_arufm_eacces_open_augenrules:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/access.rules</td><td>-a always,exit -F arch=b64 -S open -F exit=-EACCES -F auid&gt;=1000 -F auid!=unset -F key=access</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules 64-bit file eperm</span>Â 
        <span class="label label-default">oval:ssg-test_64bit_arufm_eperm_open_augenrules:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/access.rules</td><td>-a always,exit -F arch=b64 -S open -F exit=-EPERM -F auid&gt;=1000 -F auid!=unset -F key=access</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl</span>Â 
        <span class="label label-default">oval:ssg-test_audit_rules_auditctl:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_audit_rules_auditctl:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>^ExecStartPost=\-\/sbin\/auditctl.*$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl 32-bit file eacces</span>Â 
        <span class="label label-default">oval:ssg-test_32bit_arufm_eacces_open_auditctl:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-a always,exit -F arch=b32 -S open -F exit=-EACCES -F auid&gt;=1000 -F auid!=unset -F key=access</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl 32-bit file eperm</span>Â 
        <span class="label label-default">oval:ssg-test_32bit_arufm_eperm_open_auditctl:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-a always,exit -F arch=b32 -S open -F exit=-EPERM -F auid&gt;=1000 -F auid!=unset -F key=access</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_x86_64:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_ppc_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="64 bit architecture">oval:ssg-object_system_info_architecture_ppcle_64:obj:1</abbr></strong> of type
                <strong>uname_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_aarch_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_s390_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl 64-bit file eacces</span>Â 
        <span class="label label-default">oval:ssg-test_64bit_arufm_eacces_open_auditctl:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-a always,exit -F arch=b64 -S open -F exit=-EACCES -F auid&gt;=1000 -F auid!=unset -F key=access</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl 64-bit file eperm</span>Â 
        <span class="label label-default">oval:ssg-test_64bit_arufm_eperm_open_auditctl:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-a always,exit -F arch=b64 -S open -F exit=-EPERM -F auid&gt;=1000 -F auid!=unset -F key=access</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_open_by_handle_at" id="rule-detail-id34357"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Record Unsuccessful Access Attempts to Files - open_by_handle_atxccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_open_by_handle_at mediumCCE-85683-1 </div><div class="panel-heading"><h3 class="panel-title">Record Unsuccessful Access Attempts to Files - open_by_handle_at</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_open_by_handle_at</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-audit_rules_unsuccessful_file_modification_open_by_handle_at:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:07+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
            <abbr title="https://ncp.nist.gov/cce: CCE-85683-1">CCE-85683-1</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000130</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000135</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000172</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002884</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-3</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-3.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12.1(iv)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12.1(ii)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">MA-4(1)(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.2.4</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.2.1</a>, <a href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">10.2.1.1</a>, <a href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">10.2.1.4</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000037-GPOS-00015</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000042-GPOS-00020</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000062-GPOS-00031</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000392-GPOS-00172</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000462-GPOS-00206</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000471-GPOS-00215</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000064-GPOS-00033</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000458-GPOS-00203</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000461-GPOS-00205</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">SLES-15-030150</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-234914r622137_rule</a></p></td></tr><tr><td>Description</td><td><div class="description">At a minimum, the audit system should collect unauthorized file
accesses for all users and root. If the <code>auditd</code> daemon is configured
to use the <code>augenrules</code> program to read audit rules during daemon
startup (the default), add the following lines to a file with suffix
<code>.rules</code> in the directory <code>/etc/audit/rules.d</code>:
<pre>-a always,exit -F arch=b32 -S open_by_handle_at -F exit=-EACCES -F auid&gt;=1000 -F auid!=unset -F key=access
-a always,exit -F arch=b32 -S open_by_handle_at -F exit=-EPERM -F auid&gt;=1000 -F auid!=unset -F key=access</pre>
If the system is 64 bit then also add the following lines:
<pre>
-a always,exit -F arch=b64 -S open_by_handle_at -F exit=-EACCES -F auid&gt;=1000 -F auid!=unset -F key=access
-a always,exit -F arch=b64 -S open_by_handle_at -F exit=-EPERM -F auid&gt;=1000 -F auid!=unset -F key=access</pre>
If the <code>auditd</code> daemon is configured to use the <code>auditctl</code>
utility to read audit rules during daemon startup, add the following lines to
<code>/etc/audit/audit.rules</code> file:
<pre>-a always,exit -F arch=b32 -S open_by_handle_at,truncate,ftruncate -F exit=-EACCES -F auid&gt;=1000 -F auid!=unset -F key=access
-a always,exit -F arch=b32 -S open_by_handle_at,truncate,ftruncate -F exit=-EPERM -F auid&gt;=1000 -F auid!=unset -F key=access</pre>
If the system is 64 bit then also add the following lines:
<pre>
-a always,exit -F arch=b64 -S open_by_handle_at,truncate,ftruncate -F exit=-EACCES -F auid&gt;=1000 -F auid!=unset -F key=access
-a always,exit -F arch=b64 -S open_by_handle_at,truncate,ftruncate -F exit=-EPERM -F auid&gt;=1000 -F auid!=unset -F key=access</pre></div></td></tr><tr><td>Rationale</td><td><div class="rationale">Unsuccessful attempts to access files could be an indicator of malicious activity on a system. Auditing
these events could serve as evidence of potential system compromise.</div></td></tr><tr><td>Warnings</td><td><div class="panel panel-warning"><div class="panel-heading"><span class="label label-warning">warning</span>Â 
                                Note that these rules can be configured in a
number of ways while still achieving the desired effect. Here the system calls
have been placed independent of other system calls. Grouping these system
calls with others as identifying earlier in this guide is more efficient.</div></div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">audit augenrules</span>Â 
        <span class="label label-default">oval:ssg-test_audit_rules_augenrules:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>Requires=augenrules.service</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules 32-bit file eacces</span>Â 
        <span class="label label-default">oval:ssg-test_32bit_arufm_eacces_open_by_handle_at_augenrules:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/access.rules</td><td>-a always,exit -F arch=b32 -S open_by_handle_at -F exit=-EACCES -F auid&gt;=1000 -F auid!=unset -F key=access</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules 32-bit file eperm</span>Â 
        <span class="label label-default">oval:ssg-test_32bit_arufm_eperm_open_by_handle_at_augenrules:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/access.rules</td><td>-a always,exit -F arch=b32 -S open_by_handle_at -F exit=-EPERM -F auid&gt;=1000 -F auid!=unset -F key=access</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_x86_64:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_ppc_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="64 bit architecture">oval:ssg-object_system_info_architecture_ppcle_64:obj:1</abbr></strong> of type
                <strong>uname_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_aarch_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_s390_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules 64-bit file eacces</span>Â 
        <span class="label label-default">oval:ssg-test_64bit_arufm_eacces_open_by_handle_at_augenrules:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/access.rules</td><td>-a always,exit -F arch=b64 -S open_by_handle_at -F exit=-EACCES -F auid&gt;=1000 -F auid!=unset -F key=access</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules 64-bit file eperm</span>Â 
        <span class="label label-default">oval:ssg-test_64bit_arufm_eperm_open_by_handle_at_augenrules:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/access.rules</td><td>-a always,exit -F arch=b64 -S open_by_handle_at -F exit=-EPERM -F auid&gt;=1000 -F auid!=unset -F key=access</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl</span>Â 
        <span class="label label-default">oval:ssg-test_audit_rules_auditctl:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_audit_rules_auditctl:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>^ExecStartPost=\-\/sbin\/auditctl.*$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl 32-bit file eacces</span>Â 
        <span class="label label-default">oval:ssg-test_32bit_arufm_eacces_open_by_handle_at_auditctl:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-a always,exit -F arch=b32 -S open_by_handle_at -F exit=-EACCES -F auid&gt;=1000 -F auid!=unset -F key=access</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl 32-bit file eperm</span>Â 
        <span class="label label-default">oval:ssg-test_32bit_arufm_eperm_open_by_handle_at_auditctl:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-a always,exit -F arch=b32 -S open_by_handle_at -F exit=-EPERM -F auid&gt;=1000 -F auid!=unset -F key=access</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_x86_64:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_ppc_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="64 bit architecture">oval:ssg-object_system_info_architecture_ppcle_64:obj:1</abbr></strong> of type
                <strong>uname_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_aarch_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_s390_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl 64-bit file eacces</span>Â 
        <span class="label label-default">oval:ssg-test_64bit_arufm_eacces_open_by_handle_at_auditctl:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-a always,exit -F arch=b64 -S open_by_handle_at -F exit=-EACCES -F auid&gt;=1000 -F auid!=unset -F key=access</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl 64-bit file eperm</span>Â 
        <span class="label label-default">oval:ssg-test_64bit_arufm_eperm_open_by_handle_at_auditctl:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-a always,exit -F arch=b64 -S open_by_handle_at -F exit=-EPERM -F auid&gt;=1000 -F auid!=unset -F key=access</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_openat" id="rule-detail-id34358"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Record Unsuccessful Access Attempts to Files - openatxccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_openat mediumCCE-85682-3 </div><div class="panel-heading"><h3 class="panel-title">Record Unsuccessful Access Attempts to Files - openat</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_openat</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-audit_rules_unsuccessful_file_modification_openat:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:07+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
            <abbr title="https://ncp.nist.gov/cce: CCE-85682-3">CCE-85682-3</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R73)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000130</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000135</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000172</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002884</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12.1(ii)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12.1(iv)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-3</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-3.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">MA-4(1)(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.2.4</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.2.1</a>, <a href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">10.2.1.1</a>, <a href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">10.2.1.4</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000037-GPOS-00015</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000042-GPOS-00020</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000062-GPOS-00031</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000392-GPOS-00172</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000462-GPOS-00206</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000471-GPOS-00215</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000064-GPOS-00033</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000458-GPOS-00203</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000461-GPOS-00205</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">SLES-15-030150</a>, <a href="https://www.cisecurity.org/benchmark/suse_linux/">4.1.10</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-234914r622137_rule</a></p></td></tr><tr><td>Description</td><td><div class="description">At a minimum, the audit system should collect unauthorized file
accesses for all users and root. If the <code>auditd</code> daemon is configured
to use the <code>augenrules</code> program to read audit rules during daemon
startup (the default), add the following lines to a file with suffix
<code>.rules</code> in the directory <code>/etc/audit/rules.d</code>:
<pre>-a always,exit -F arch=b32 -S openat -F exit=-EACCES -F auid&gt;=1000 -F auid!=unset -F key=access
-a always,exit -F arch=b32 -S openat -F exit=-EPERM -F auid&gt;=1000 -F auid!=unset -F key=access</pre>

If the system is 64 bit then also add the following lines:
<pre>
-a always,exit -F arch=b64 -S openat -F exit=-EACCES -F auid&gt;=1000 -F auid!=unset -F key=access
-a always,exit -F arch=b64 -S openat -F exit=-EPERM -F auid&gt;=1000 -F auid!=unset -F key=access</pre>

If the <code>auditd</code> daemon is configured to use the <code>auditctl</code>
utility to read audit rules during daemon startup, add the following lines to
<code>/etc/audit/audit.rules</code> file:
<pre>-a always,exit -F arch=b32 -S openat -F exit=-EACCES -F auid&gt;=1000 -F auid!=unset -F key=access
-a always,exit -F arch=b32 -S openat -F exit=-EPERM -F auid&gt;=1000 -F auid!=unset -F key=access</pre>

If the system is 64 bit then also add the following lines:
<pre>
-a always,exit -F arch=b64 -S openat -F exit=-EACCES -F auid&gt;=1000 -F auid!=unset -F key=access
-a always,exit -F arch=b64 -S openat -F exit=-EPERM -F auid&gt;=1000 -F auid!=unset -F key=access</pre></div></td></tr><tr><td>Rationale</td><td><div class="rationale">Unsuccessful attempts to access files could be an indicator of malicious activity on a system. Auditing
these events could serve as evidence of potential system compromise.</div></td></tr><tr><td>Warnings</td><td><div class="panel panel-warning"><div class="panel-heading"><span class="label label-warning">warning</span>Â 
                                Note that these rules can be configured in a
number of ways while still achieving the desired effect. Here the system calls
have been placed independent of other system calls. Grouping these system
calls with others as identifying earlier in this guide is more efficient.</div></div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">audit augenrules</span>Â 
        <span class="label label-default">oval:ssg-test_audit_rules_augenrules:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>Requires=augenrules.service</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules 32-bit file eacces</span>Â 
        <span class="label label-default">oval:ssg-test_32bit_arufm_eacces_openat_augenrules:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/access.rules</td><td>-a always,exit -F arch=b32 -S openat -F exit=-EACCES -F auid&gt;=1000 -F auid!=unset -F key=access</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules 32-bit file eperm</span>Â 
        <span class="label label-default">oval:ssg-test_32bit_arufm_eperm_openat_augenrules:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/access.rules</td><td>-a always,exit -F arch=b32 -S openat -F exit=-EPERM -F auid&gt;=1000 -F auid!=unset -F key=access</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_x86_64:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_ppc_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="64 bit architecture">oval:ssg-object_system_info_architecture_ppcle_64:obj:1</abbr></strong> of type
                <strong>uname_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_aarch_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_s390_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules 64-bit file eacces</span>Â 
        <span class="label label-default">oval:ssg-test_64bit_arufm_eacces_openat_augenrules:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/access.rules</td><td>-a always,exit -F arch=b64 -S openat -F exit=-EACCES -F auid&gt;=1000 -F auid!=unset -F key=access</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules 64-bit file eperm</span>Â 
        <span class="label label-default">oval:ssg-test_64bit_arufm_eperm_openat_augenrules:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/access.rules</td><td>-a always,exit -F arch=b64 -S openat -F exit=-EPERM -F auid&gt;=1000 -F auid!=unset -F key=access</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl</span>Â 
        <span class="label label-default">oval:ssg-test_audit_rules_auditctl:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_audit_rules_auditctl:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>^ExecStartPost=\-\/sbin\/auditctl.*$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl 32-bit file eacces</span>Â 
        <span class="label label-default">oval:ssg-test_32bit_arufm_eacces_openat_auditctl:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-a always,exit -F arch=b32 -S openat -F exit=-EACCES -F auid&gt;=1000 -F auid!=unset -F key=access</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl 32-bit file eperm</span>Â 
        <span class="label label-default">oval:ssg-test_32bit_arufm_eperm_openat_auditctl:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-a always,exit -F arch=b32 -S openat -F exit=-EPERM -F auid&gt;=1000 -F auid!=unset -F key=access</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_x86_64:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_ppc_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="64 bit architecture">oval:ssg-object_system_info_architecture_ppcle_64:obj:1</abbr></strong> of type
                <strong>uname_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_aarch_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_s390_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl 64-bit file eacces</span>Â 
        <span class="label label-default">oval:ssg-test_64bit_arufm_eacces_openat_auditctl:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-a always,exit -F arch=b64 -S openat -F exit=-EACCES -F auid&gt;=1000 -F auid!=unset -F key=access</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl 64-bit file eperm</span>Â 
        <span class="label label-default">oval:ssg-test_64bit_arufm_eperm_openat_auditctl:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-a always,exit -F arch=b64 -S openat -F exit=-EPERM -F auid&gt;=1000 -F auid!=unset -F key=access</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_rename" id="rule-detail-id34359"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Record Unsuccessful Delete Attempts to Files - renamexccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_rename mediumCCE-85701-1 </div><div class="panel-heading"><h3 class="panel-title">Record Unsuccessful Delete Attempts to Files - rename</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_rename</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-audit_rules_unsuccessful_file_modification_rename:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:07+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
            <abbr title="https://ncp.nist.gov/cce: CCE-85701-1">CCE-85701-1</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000172</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002884</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12.1(iv)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.2.4</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.2.1</a>, <a href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">10.2.1.1</a>, <a href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">10.2.1.4</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000064-GPOS-00033</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000392-GPOS-00172</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000458-GPOS-00203</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000461-GPOS-00205</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000468-GPOS-00212</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">SLES-15-030740</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-234973r622137_rule</a></p></td></tr><tr><td>Description</td><td><div class="description">The audit system should collect unsuccessful file deletion
attempts for all users and root. If the <code>auditd</code> daemon is configured
to use the <code>augenrules</code> program to read audit rules during daemon
startup (the default), add the following lines to a file with suffix
<code>.rules</code> in the directory <code>/etc/audit/rules.d</code>.
If the <code>auditd</code> daemon is configured to use the <code>auditctl</code>
utility to read audit rules during daemon startup, add the following lines to
<code>/etc/audit/audit.rules</code> file.
<pre>-a always,exit -F arch=b32 -S rename -F exit=-EACCES -F auid&gt;=1000 -F auid!=unset -F key=unsuccessful-delete
-a always,exit -F arch=b32 -S rename -F exit=-EPERM -F auid&gt;=1000 -F auid!=unset -F key=unsuccessful-delete</pre>
If the system is 64 bit then also add the following lines:
<pre>
-a always,exit -F arch=b64 -S rename -F exit=-EACCES -F auid&gt;=1000 -F auid!=unset -F key=unsuccessful-delete
-a always,exit -F arch=b64 -S rename -F exit=-EPERM -F auid&gt;=1000 -F auid!=unset -F key=unsuccessful-delete</pre></div></td></tr><tr><td>Rationale</td><td><div class="rationale">Unsuccessful attempts to delete files could be an indicator of malicious activity on a system. Auditing
these events could serve as evidence of potential system compromise.</div></td></tr><tr><td>Warnings</td><td><div class="panel panel-warning"><div class="panel-heading"><span class="label label-warning">warning</span>Â 
                                Note that these rules can be configured in a
number of ways while still achieving the desired effect. Here the system calls
have been placed independent of other system calls. Grouping system calls related
to the same event is more efficient. See the following example:
<pre>-a always,exit -F arch=b32 -S unlink,unlinkat,rename,renameat -F exit=-EACCES -F auid&gt;=1000 -F auid!=unset -F key=unsuccesful-delete</pre></div></div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">audit augenrules</span>Â 
        <span class="label label-default">oval:ssg-test_audit_rules_augenrules:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>Requires=augenrules.service</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules 32-bit file eacces</span>Â 
        <span class="label label-default">oval:ssg-test_32bit_arufm_eacces_rename_augenrules:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/access.rules</td><td>-a always,exit -F arch=b32 -S rename -F exit=-EACCES -F auid&gt;=1000 -F auid!=unset -F key=access</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules 32-bit file eperm</span>Â 
        <span class="label label-default">oval:ssg-test_32bit_arufm_eperm_rename_augenrules:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/access.rules</td><td>-a always,exit -F arch=b32 -S rename -F exit=-EPERM -F auid&gt;=1000 -F auid!=unset -F key=access</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_x86_64:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_ppc_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="64 bit architecture">oval:ssg-object_system_info_architecture_ppcle_64:obj:1</abbr></strong> of type
                <strong>uname_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_aarch_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_s390_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules 64-bit file eacces</span>Â 
        <span class="label label-default">oval:ssg-test_64bit_arufm_eacces_rename_augenrules:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/access.rules</td><td>-a always,exit -F arch=b64 -S rename -F exit=-EACCES -F auid&gt;=1000 -F auid!=unset -F key=access</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules 64-bit file eperm</span>Â 
        <span class="label label-default">oval:ssg-test_64bit_arufm_eperm_rename_augenrules:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/access.rules</td><td>-a always,exit -F arch=b64 -S rename -F exit=-EPERM -F auid&gt;=1000 -F auid!=unset -F key=access</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl</span>Â 
        <span class="label label-default">oval:ssg-test_audit_rules_auditctl:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_audit_rules_auditctl:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>^ExecStartPost=\-\/sbin\/auditctl.*$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl 32-bit file eacces</span>Â 
        <span class="label label-default">oval:ssg-test_32bit_arufm_eacces_rename_auditctl:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-a always,exit -F arch=b32 -S rename -F exit=-EACCES -F auid&gt;=1000 -F auid!=unset -F key=access</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl 32-bit file eperm</span>Â 
        <span class="label label-default">oval:ssg-test_32bit_arufm_eperm_rename_auditctl:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-a always,exit -F arch=b32 -S rename -F exit=-EPERM -F auid&gt;=1000 -F auid!=unset -F key=access</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_x86_64:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_ppc_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="64 bit architecture">oval:ssg-object_system_info_architecture_ppcle_64:obj:1</abbr></strong> of type
                <strong>uname_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_aarch_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_s390_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl 64-bit file eacces</span>Â 
        <span class="label label-default">oval:ssg-test_64bit_arufm_eacces_rename_auditctl:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-a always,exit -F arch=b64 -S rename -F exit=-EACCES -F auid&gt;=1000 -F auid!=unset -F key=access</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl 64-bit file eperm</span>Â 
        <span class="label label-default">oval:ssg-test_64bit_arufm_eperm_rename_auditctl:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-a always,exit -F arch=b64 -S rename -F exit=-EPERM -F auid&gt;=1000 -F auid!=unset -F key=access</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_renameat" id="rule-detail-id34360"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Record Unsuccessful Delete Attempts to Files - renameatxccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_renameat mediumCCE-85702-9 </div><div class="panel-heading"><h3 class="panel-title">Record Unsuccessful Delete Attempts to Files - renameat</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_renameat</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-audit_rules_unsuccessful_file_modification_renameat:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:07+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
            <abbr title="https://ncp.nist.gov/cce: CCE-85702-9">CCE-85702-9</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000172</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002884</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12.1(iv)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.2.4</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.2.1</a>, <a href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">10.2.1.1</a>, <a href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">10.2.1.4</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000064-GPOS-00033</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000392-GPOS-00172</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000458-GPOS-00203</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000461-GPOS-00205</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000468-GPOS-00212</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">SLES-15-030740</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-234973r622137_rule</a></p></td></tr><tr><td>Description</td><td><div class="description">
The operating system must generate audit records for all uses of the <code>renameat</code> system call.
Without generating audit records specific to the security and mission needs of the organization, it would be
difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
Audit records can be generated from various components within the information system (e.g., module or policy filter).
Add or update the following lines to <code>/etc/audit/rules.d/audit.rules</code> to configure the operating system to generate
an audit record for all uses of the <code>renameat</code> system call:
<pre>
-a always,exit -F arch=b32 -S renameat -F auid&gt;=1000 -F auid!=4294967295 -k perm_mod
-a always,exit -F arch=b64 -S renameat -F auid&gt;=1000 -F auid!=4294967295 -k perm_mod
</pre></div></td></tr><tr><td>Rationale</td><td><div class="rationale">Unsuccessful attempts to delete files could be an indicator of malicious activity on a system. Auditing
these events could serve as evidence of potential system compromise.</div></td></tr><tr><td>Warnings</td><td><div class="panel panel-warning"><div class="panel-heading"><span class="label label-warning">warning</span>Â 
                                Note that these rules can be configured in a
number of ways while still achieving the desired effect. Here the system calls
have been placed independent of other system calls. Grouping system calls related
to the same event is more efficient. See the following example:

<pre>
-a always,exit -F arch=b32 -S renameat -F auid&gt;=1000 -F auid!=4294967295 -k perm_mod
-a always,exit -F arch=b64 -S renameat -F auid&gt;=1000 -F auid!=4294967295 -k perm_mod
</pre></div></div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">audit augenrules</span>Â 
        <span class="label label-default">oval:ssg-test_audit_rules_augenrules:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>Requires=augenrules.service</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules 32-bit file eacces</span>Â 
        <span class="label label-default">oval:ssg-test_32bit_arufm_eacces_renameat_augenrules:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/access.rules</td><td>-a always,exit -F arch=b32 -S renameat -F exit=-EACCES -F auid&gt;=1000 -F auid!=unset -F key=access</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules 32-bit file eperm</span>Â 
        <span class="label label-default">oval:ssg-test_32bit_arufm_eperm_renameat_augenrules:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/access.rules</td><td>-a always,exit -F arch=b32 -S renameat -F exit=-EPERM -F auid&gt;=1000 -F auid!=unset -F key=access</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_x86_64:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_ppc_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="64 bit architecture">oval:ssg-object_system_info_architecture_ppcle_64:obj:1</abbr></strong> of type
                <strong>uname_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_aarch_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_s390_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules 64-bit file eacces</span>Â 
        <span class="label label-default">oval:ssg-test_64bit_arufm_eacces_renameat_augenrules:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/access.rules</td><td>-a always,exit -F arch=b64 -S renameat -F exit=-EACCES -F auid&gt;=1000 -F auid!=unset -F key=access</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules 64-bit file eperm</span>Â 
        <span class="label label-default">oval:ssg-test_64bit_arufm_eperm_renameat_augenrules:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/access.rules</td><td>-a always,exit -F arch=b64 -S renameat -F exit=-EPERM -F auid&gt;=1000 -F auid!=unset -F key=access</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl</span>Â 
        <span class="label label-default">oval:ssg-test_audit_rules_auditctl:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_audit_rules_auditctl:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>^ExecStartPost=\-\/sbin\/auditctl.*$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl 32-bit file eacces</span>Â 
        <span class="label label-default">oval:ssg-test_32bit_arufm_eacces_renameat_auditctl:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-a always,exit -F arch=b32 -S renameat -F exit=-EACCES -F auid&gt;=1000 -F auid!=unset -F key=access</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl 32-bit file eperm</span>Â 
        <span class="label label-default">oval:ssg-test_32bit_arufm_eperm_renameat_auditctl:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-a always,exit -F arch=b32 -S renameat -F exit=-EPERM -F auid&gt;=1000 -F auid!=unset -F key=access</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_x86_64:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_ppc_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="64 bit architecture">oval:ssg-object_system_info_architecture_ppcle_64:obj:1</abbr></strong> of type
                <strong>uname_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_aarch_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_s390_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl 64-bit file eacces</span>Â 
        <span class="label label-default">oval:ssg-test_64bit_arufm_eacces_renameat_auditctl:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-a always,exit -F arch=b64 -S renameat -F exit=-EACCES -F auid&gt;=1000 -F auid!=unset -F key=access</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl 64-bit file eperm</span>Â 
        <span class="label label-default">oval:ssg-test_64bit_arufm_eperm_renameat_auditctl:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-a always,exit -F arch=b64 -S renameat -F exit=-EPERM -F auid&gt;=1000 -F auid!=unset -F key=access</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_renameat2" id="rule-detail-id34361"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Record Unsuccessful Delete Attempts to Files - renameat2xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_renameat2 mediumCCE-85726-8 </div><div class="panel-heading"><h3 class="panel-title">Record Unsuccessful Delete Attempts to Files - renameat2</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_renameat2</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-audit_rules_unsuccessful_file_modification_renameat2:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:07+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
            <abbr title="https://ncp.nist.gov/cce: CCE-85726-8">CCE-85726-8</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
            <a href="https://public.cyber.mil/stigs/cci/">CCI-000172</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12.1(iv)</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000468-GPOS-00212</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">SLES-15-030740</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-234973r622137_rule</a></p></td></tr><tr><td>Description</td><td><div class="description">The operating system must generate audit records for all uses of the <code>renameat2</code> system call.
Without generating audit records specific to the security and mission needs of the organization, it would be 
difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
Audit records can be generated from various components within the information system (e.g., module or policy filter).
Add or update the following lines to <code>/etc/audit/rules.d/audit.rules</code> to configure the operating system to generate 
an audit record for all uses of the <code>renameat2</code> system call:  
<pre>
-a always,exit -F arch=b32 -S renameat2 -F auid&gt;=1000 -F auid!=-1 -k perm_mod
-a always,exit -F arch=b64 -S renameat2 -F auid&gt;=1000 -F auid!=-1 -k perm_mod</pre></div></td></tr><tr><td>Rationale</td><td><div class="rationale">Unsuccessful attempts to delete files could be an indicator of malicious activity on a system. Auditing
these events could serve as evidence of potential system compromise.</div></td></tr><tr><td>Warnings</td><td><div class="panel panel-warning"><div class="panel-heading"><span class="label label-warning">warning</span>Â 
                                Note that these rules can be configured in a
number of ways while still achieving the desired effect. Here the system calls
have been placed independent of other system calls. Grouping system calls related
to the same event is more efficient. See the following example:
<pre>
-a always,exit -F arch=b32 -S renameat2 -F auid&gt;=1000 -F auid!=4294967295 -k perm_mod
-a always,exit -F arch=b64 -S renameat2 -F auid&gt;=1000 -F auid!=4294967295 -k perm_mod</pre></div></div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">audit augenrules</span>Â 
        <span class="label label-default">oval:ssg-test_audit_rules_augenrules:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>Requires=augenrules.service</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules 32-bit file eacces</span>Â 
        <span class="label label-default">oval:ssg-test_32bit_arufm_eacces_renameat2_augenrules:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/access.rules</td><td>-a always,exit -F arch=b32 -S renameat2 -F exit=-EACCES -F auid&gt;=1000 -F auid!=unset -F key=access</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules 32-bit file eperm</span>Â 
        <span class="label label-default">oval:ssg-test_32bit_arufm_eperm_renameat2_augenrules:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/access.rules</td><td>-a always,exit -F arch=b32 -S renameat2 -F exit=-EPERM -F auid&gt;=1000 -F auid!=unset -F key=access</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_x86_64:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_ppc_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="64 bit architecture">oval:ssg-object_system_info_architecture_ppcle_64:obj:1</abbr></strong> of type
                <strong>uname_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_aarch_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_s390_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules 64-bit file eacces</span>Â 
        <span class="label label-default">oval:ssg-test_64bit_arufm_eacces_renameat2_augenrules:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/access.rules</td><td>-a always,exit -F arch=b64 -S renameat2 -F exit=-EACCES -F auid&gt;=1000 -F auid!=unset -F key=access</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules 64-bit file eperm</span>Â 
        <span class="label label-default">oval:ssg-test_64bit_arufm_eperm_renameat2_augenrules:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/access.rules</td><td>-a always,exit -F arch=b64 -S renameat2 -F exit=-EPERM -F auid&gt;=1000 -F auid!=unset -F key=access</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl</span>Â 
        <span class="label label-default">oval:ssg-test_audit_rules_auditctl:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_audit_rules_auditctl:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>^ExecStartPost=\-\/sbin\/auditctl.*$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl 32-bit file eacces</span>Â 
        <span class="label label-default">oval:ssg-test_32bit_arufm_eacces_renameat2_auditctl:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-a always,exit -F arch=b32 -S renameat2 -F exit=-EACCES -F auid&gt;=1000 -F auid!=unset -F key=access</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl 32-bit file eperm</span>Â 
        <span class="label label-default">oval:ssg-test_32bit_arufm_eperm_renameat2_auditctl:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-a always,exit -F arch=b32 -S renameat2 -F exit=-EPERM -F auid&gt;=1000 -F auid!=unset -F key=access</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_x86_64:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_ppc_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="64 bit architecture">oval:ssg-object_system_info_architecture_ppcle_64:obj:1</abbr></strong> of type
                <strong>uname_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_aarch_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_s390_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl 64-bit file eacces</span>Â 
        <span class="label label-default">oval:ssg-test_64bit_arufm_eacces_renameat2_auditctl:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-a always,exit -F arch=b64 -S renameat2 -F exit=-EACCES -F auid&gt;=1000 -F auid!=unset -F key=access</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl 64-bit file eperm</span>Â 
        <span class="label label-default">oval:ssg-test_64bit_arufm_eperm_renameat2_auditctl:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-a always,exit -F arch=b64 -S renameat2 -F exit=-EPERM -F auid&gt;=1000 -F auid!=unset -F key=access</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_truncate" id="rule-detail-id34362"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Record Unsuccessful Access Attempts to Files - truncatexccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_truncate mediumCCE-85608-8 </div><div class="panel-heading"><h3 class="panel-title">Record Unsuccessful Access Attempts to Files - truncate</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_truncate</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-audit_rules_unsuccessful_file_modification_truncate:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:07+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
            <abbr title="https://ncp.nist.gov/cce: CCE-85608-8">CCE-85608-8</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R73)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000130</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000135</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000172</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002884</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.2.4</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.2.1</a>, <a href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">10.2.1.1</a>, <a href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">10.2.1.4</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000037-GPOS-00015</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000042-GPOS-00020</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000062-GPOS-00031</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000392-GPOS-00172</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000462-GPOS-00206</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000471-GPOS-00215</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000064-GPOS-00033</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000458-GPOS-00203</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000461-GPOS-00205</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">SLES-15-030150</a>, <a href="https://www.cisecurity.org/benchmark/suse_linux/">4.1.10</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-234914r622137_rule</a></p></td></tr><tr><td>Description</td><td><div class="description">At a minimum, the audit system should collect unauthorized file
accesses for all users and root. If the <code>auditd</code> daemon is configured
to use the <code>augenrules</code> program to read audit rules during daemon
startup (the default), add the following lines to a file with suffix
<code>.rules</code> in the directory <code>/etc/audit/rules.d</code>:
<pre>-a always,exit -F arch=b32 -S truncate -F exit=-EACCES -F auid&gt;=1000 -F auid!=unset -F key=access
-a always,exit -F arch=b32 -S truncate -F exit=-EPERM -F auid&gt;=1000 -F auid!=unset -F key=access</pre>

If the system is 64 bit then also add the following lines:
<pre>
-a always,exit -F arch=b64 -S truncate -F exit=-EACCES -F auid&gt;=1000 -F auid!=unset -F key=access
-a always,exit -F arch=b64 -S truncate -F exit=-EPERM -F auid&gt;=1000 -F auid!=unset -F key=access</pre>

If the <code>auditd</code> daemon is configured to use the <code>auditctl</code>
utility to read audit rules during daemon startup, add the following lines to
<code>/etc/audit/audit.rules</code> file:
<pre>-a always,exit -F arch=b32 -S truncate -F exit=-EACCES -F auid&gt;=1000 -F auid!=unset -F key=access
-a always,exit -F arch=b32 -S truncate -F exit=-EPERM -F auid&gt;=1000 -F auid!=unset -F key=access</pre>

If the system is 64 bit then also add the following lines:
<pre>
-a always,exit -F arch=b64 -S truncate -F exit=-EACCES -F auid&gt;=1000 -F auid!=unset -F key=access
-a always,exit -F arch=b64 -S truncate -F exit=-EPERM -F auid&gt;=1000 -F auid!=unset -F key=access</pre></div></td></tr><tr><td>Rationale</td><td><div class="rationale">Unsuccessful attempts to access files could be an indicator of malicious activity on a system. Auditing
these events could serve as evidence of potential system compromise.</div></td></tr><tr><td>Warnings</td><td><div class="panel panel-warning"><div class="panel-heading"><span class="label label-warning">warning</span>Â 
                                Note that these rules can be configured in a
number of ways while still achieving the desired effect. Here the system calls
have been placed independent of other system calls. Grouping these system
calls with others as identifying earlier in this guide is more efficient.</div></div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">audit augenrules</span>Â 
        <span class="label label-default">oval:ssg-test_audit_rules_augenrules:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>Requires=augenrules.service</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules 32-bit file eacces</span>Â 
        <span class="label label-default">oval:ssg-test_32bit_arufm_eacces_truncate_augenrules:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/access.rules</td><td>-a always,exit -F arch=b32 -S truncate -F exit=-EACCES -F auid&gt;=1000 -F auid!=unset -F key=access</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules 32-bit file eperm</span>Â 
        <span class="label label-default">oval:ssg-test_32bit_arufm_eperm_truncate_augenrules:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/access.rules</td><td>-a always,exit -F arch=b32 -S truncate -F exit=-EPERM -F auid&gt;=1000 -F auid!=unset -F key=access</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_x86_64:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_ppc_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="64 bit architecture">oval:ssg-object_system_info_architecture_ppcle_64:obj:1</abbr></strong> of type
                <strong>uname_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_aarch_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_s390_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules 64-bit file eacces</span>Â 
        <span class="label label-default">oval:ssg-test_64bit_arufm_eacces_truncate_augenrules:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/access.rules</td><td>-a always,exit -F arch=b64 -S truncate -F exit=-EACCES -F auid&gt;=1000 -F auid!=unset -F key=access</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules 64-bit file eperm</span>Â 
        <span class="label label-default">oval:ssg-test_64bit_arufm_eperm_truncate_augenrules:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/access.rules</td><td>-a always,exit -F arch=b64 -S truncate -F exit=-EPERM -F auid&gt;=1000 -F auid!=unset -F key=access</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl</span>Â 
        <span class="label label-default">oval:ssg-test_audit_rules_auditctl:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_audit_rules_auditctl:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>^ExecStartPost=\-\/sbin\/auditctl.*$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl 32-bit file eacces</span>Â 
        <span class="label label-default">oval:ssg-test_32bit_arufm_eacces_truncate_auditctl:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-a always,exit -F arch=b32 -S truncate -F exit=-EACCES -F auid&gt;=1000 -F auid!=unset -F key=access</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl 32-bit file eperm</span>Â 
        <span class="label label-default">oval:ssg-test_32bit_arufm_eperm_truncate_auditctl:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-a always,exit -F arch=b32 -S truncate -F exit=-EPERM -F auid&gt;=1000 -F auid!=unset -F key=access</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_x86_64:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_ppc_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="64 bit architecture">oval:ssg-object_system_info_architecture_ppcle_64:obj:1</abbr></strong> of type
                <strong>uname_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_aarch_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_s390_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl 64-bit file eacces</span>Â 
        <span class="label label-default">oval:ssg-test_64bit_arufm_eacces_truncate_auditctl:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-a always,exit -F arch=b64 -S truncate -F exit=-EACCES -F auid&gt;=1000 -F auid!=unset -F key=access</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl 64-bit file eperm</span>Â 
        <span class="label label-default">oval:ssg-test_64bit_arufm_eperm_truncate_auditctl:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-a always,exit -F arch=b64 -S truncate -F exit=-EPERM -F auid&gt;=1000 -F auid!=unset -F key=access</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_unlink" id="rule-detail-id34363"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Record Unsuccessful Delete Attempts to Files - unlinkxccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_unlink mediumCCE-85703-7 </div><div class="panel-heading"><h3 class="panel-title">Record Unsuccessful Delete Attempts to Files - unlink</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_unlink</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-audit_rules_unsuccessful_file_modification_unlink:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:07+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
            <abbr title="https://ncp.nist.gov/cce: CCE-85703-7">CCE-85703-7</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000172</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002884</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12.1(iv)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.2.4</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.2.1</a>, <a href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">10.2.1.1</a>, <a href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">10.2.1.4</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000064-GPOS-00033</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000392-GPOS-00172</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000458-GPOS-00203</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000461-GPOS-00205</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000468-GPOS-00212</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">SLES-15-030740</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-234973r622137_rule</a></p></td></tr><tr><td>Description</td><td><div class="description">
The operating system must generate audit records for all uses of the <code>unlink</code> system call.
Without generating audit records specific to the security and mission needs of the organization, it would be
difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
Audit records can be generated from various components within the information system (e.g., module or policy filter).
Add or update the following lines to <code>/etc/audit/rules.d/audit.rules</code> to configure the operating system to generate
an audit record for all uses of the <code>unlink</code> system call:
<pre>
-a always,exit -F arch=b32 -S unlink -F auid&gt;=1000 -F auid!=-1 -k perm_mod
-a always,exit -F arch=b64 -S unlink -F auid&gt;=1000 -F auid!=-1 -k perm_mod </pre></div></td></tr><tr><td>Rationale</td><td><div class="rationale">Unsuccessful attempts to delete files could be an indicator of malicious activity on a system. Auditing
these events could serve as evidence of potential system compromise.</div></td></tr><tr><td>Warnings</td><td><div class="panel panel-warning"><div class="panel-heading"><span class="label label-warning">warning</span>Â 
                                Note that these rules can be configured in a
number of ways while still achieving the desired effect. Here the system calls
have been placed independent of other system calls. Grouping system calls related
to the same event is more efficient. See the following example:

<pre>
-a always,exit -F arch=b32 -S unlink -F auid&gt;=1000 -F auid!=4294967295 -k perm_mod
-a always,exit -F arch=b64 -S unlink -F auid&gt;=1000 -F auid!=4294967295 -k perm_mod</pre></div></div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">audit augenrules</span>Â 
        <span class="label label-default">oval:ssg-test_audit_rules_augenrules:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>Requires=augenrules.service</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules 32-bit file eacces</span>Â 
        <span class="label label-default">oval:ssg-test_32bit_arufm_eacces_unlink_augenrules:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/access.rules</td><td>-a always,exit -F arch=b32 -S unlink -F exit=-EACCES -F auid&gt;=1000 -F auid!=unset -F key=access</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules 32-bit file eperm</span>Â 
        <span class="label label-default">oval:ssg-test_32bit_arufm_eperm_unlink_augenrules:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/access.rules</td><td>-a always,exit -F arch=b32 -S unlink -F exit=-EPERM -F auid&gt;=1000 -F auid!=unset -F key=access</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_x86_64:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_ppc_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="64 bit architecture">oval:ssg-object_system_info_architecture_ppcle_64:obj:1</abbr></strong> of type
                <strong>uname_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_aarch_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_s390_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules 64-bit file eacces</span>Â 
        <span class="label label-default">oval:ssg-test_64bit_arufm_eacces_unlink_augenrules:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/access.rules</td><td>-a always,exit -F arch=b64 -S unlink -F exit=-EACCES -F auid&gt;=1000 -F auid!=unset -F key=access</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules 64-bit file eperm</span>Â 
        <span class="label label-default">oval:ssg-test_64bit_arufm_eperm_unlink_augenrules:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/access.rules</td><td>-a always,exit -F arch=b64 -S unlink -F exit=-EPERM -F auid&gt;=1000 -F auid!=unset -F key=access</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl</span>Â 
        <span class="label label-default">oval:ssg-test_audit_rules_auditctl:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_audit_rules_auditctl:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>^ExecStartPost=\-\/sbin\/auditctl.*$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl 32-bit file eacces</span>Â 
        <span class="label label-default">oval:ssg-test_32bit_arufm_eacces_unlink_auditctl:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-a always,exit -F arch=b32 -S unlink -F exit=-EACCES -F auid&gt;=1000 -F auid!=unset -F key=access</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl 32-bit file eperm</span>Â 
        <span class="label label-default">oval:ssg-test_32bit_arufm_eperm_unlink_auditctl:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-a always,exit -F arch=b32 -S unlink -F exit=-EPERM -F auid&gt;=1000 -F auid!=unset -F key=access</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_x86_64:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_ppc_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="64 bit architecture">oval:ssg-object_system_info_architecture_ppcle_64:obj:1</abbr></strong> of type
                <strong>uname_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_aarch_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_s390_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl 64-bit file eacces</span>Â 
        <span class="label label-default">oval:ssg-test_64bit_arufm_eacces_unlink_auditctl:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-a always,exit -F arch=b64 -S unlink -F exit=-EACCES -F auid&gt;=1000 -F auid!=unset -F key=access</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl 64-bit file eperm</span>Â 
        <span class="label label-default">oval:ssg-test_64bit_arufm_eperm_unlink_auditctl:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-a always,exit -F arch=b64 -S unlink -F exit=-EPERM -F auid&gt;=1000 -F auid!=unset -F key=access</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_unlinkat" id="rule-detail-id34364"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Record Unsuccessful Delete Attempts to Files - unlinkatxccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_unlinkat mediumCCE-85704-5 </div><div class="panel-heading"><h3 class="panel-title">Record Unsuccessful Delete Attempts to Files - unlinkat</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_unlinkat</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-audit_rules_unsuccessful_file_modification_unlinkat:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:07+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
            <abbr title="https://ncp.nist.gov/cce: CCE-85704-5">CCE-85704-5</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000172</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002884</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12.1(iv)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.2.4</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.2.1</a>, <a href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">10.2.1.1</a>, <a href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">10.2.1.4</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000064-GPOS-00033</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000392-GPOS-00172</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000458-GPOS-00203</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000461-GPOS-00205</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000468-GPOS-00212</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">SLES-15-030740</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-234973r622137_rule</a></p></td></tr><tr><td>Description</td><td><div class="description">
The operating system must generate audit records for all uses of the <code>unlinkat</code> system call.
Without generating audit records specific to the security and mission needs of the organization, it would be
difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
Audit records can be generated from various components within the information system (e.g., module or policy filter).
Add or update the following lines to <code>/etc/audit/rules.d/audit.rules</code> to configure the operating system to generate
an audit record for all uses of the <code>unlinkat</code> system call:
<pre>
-a always,exit -F arch=b32 -S unlinkat -F auid&gt;=1000 -F auid!=-1 -k perm_mod
-a always,exit -F arch=b64 -S unlinkat -F auid&gt;=1000 -F auid!=-1 -k perm_mod</pre></div></td></tr><tr><td>Rationale</td><td><div class="rationale">Unsuccessful attempts to delete files could be an indicator of malicious activity on a system. Auditing
these events could serve as evidence of potential system compromise.</div></td></tr><tr><td>Warnings</td><td><div class="panel panel-warning"><div class="panel-heading"><span class="label label-warning">warning</span>Â 
                                Note that these rules can be configured in a
number of ways while still achieving the desired effect. Here the system calls
have been placed independent of other system calls. Grouping system calls related
to the same event is more efficient. See the following example:

<pre>
-a always,exit -F arch=b32 -S unlinkat -F auid&gt;=1000 -F auid!=4294967295 -k perm_mod
-a always,exit -F arch=b64 -S unlinkat -F auid&gt;=1000 -F auid!=4294967295 -k perm_mod</pre></div></div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">audit augenrules</span>Â 
        <span class="label label-default">oval:ssg-test_audit_rules_augenrules:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>Requires=augenrules.service</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules 32-bit file eacces</span>Â 
        <span class="label label-default">oval:ssg-test_32bit_arufm_eacces_unlinkat_augenrules:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/access.rules</td><td>-a always,exit -F arch=b32 -S unlinkat -F exit=-EACCES -F auid&gt;=1000 -F auid!=unset -F key=access</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules 32-bit file eperm</span>Â 
        <span class="label label-default">oval:ssg-test_32bit_arufm_eperm_unlinkat_augenrules:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/access.rules</td><td>-a always,exit -F arch=b32 -S unlinkat -F exit=-EPERM -F auid&gt;=1000 -F auid!=unset -F key=access</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_x86_64:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_ppc_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="64 bit architecture">oval:ssg-object_system_info_architecture_ppcle_64:obj:1</abbr></strong> of type
                <strong>uname_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_aarch_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_s390_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules 64-bit file eacces</span>Â 
        <span class="label label-default">oval:ssg-test_64bit_arufm_eacces_unlinkat_augenrules:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/access.rules</td><td>-a always,exit -F arch=b64 -S unlinkat -F exit=-EACCES -F auid&gt;=1000 -F auid!=unset -F key=access</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules 64-bit file eperm</span>Â 
        <span class="label label-default">oval:ssg-test_64bit_arufm_eperm_unlinkat_augenrules:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/access.rules</td><td>-a always,exit -F arch=b64 -S unlinkat -F exit=-EPERM -F auid&gt;=1000 -F auid!=unset -F key=access
</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl</span>Â 
        <span class="label label-default">oval:ssg-test_audit_rules_auditctl:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_audit_rules_auditctl:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>^ExecStartPost=\-\/sbin\/auditctl.*$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl 32-bit file eacces</span>Â 
        <span class="label label-default">oval:ssg-test_32bit_arufm_eacces_unlinkat_auditctl:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-a always,exit -F arch=b32 -S unlinkat -F exit=-EACCES -F auid&gt;=1000 -F auid!=unset -F key=access</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl 32-bit file eperm</span>Â 
        <span class="label label-default">oval:ssg-test_32bit_arufm_eperm_unlinkat_auditctl:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-a always,exit -F arch=b32 -S unlinkat -F exit=-EPERM -F auid&gt;=1000 -F auid!=unset -F key=access</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_x86_64:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_ppc_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="64 bit architecture">oval:ssg-object_system_info_architecture_ppcle_64:obj:1</abbr></strong> of type
                <strong>uname_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_aarch_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_s390_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl 64-bit file eacces</span>Â 
        <span class="label label-default">oval:ssg-test_64bit_arufm_eacces_unlinkat_auditctl:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-a always,exit -F arch=b64 -S unlinkat -F exit=-EACCES -F auid&gt;=1000 -F auid!=unset -F key=access</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl 64-bit file eperm</span>Â 
        <span class="label label-default">oval:ssg-test_64bit_arufm_eperm_unlinkat_auditctl:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-a always,exit -F arch=b64 -S unlinkat -F exit=-EPERM -F auid&gt;=1000 -F auid!=unset -F key=access</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_kernel_module_loading_delete" id="rule-detail-id34365"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Ensure auditd Collects Information on Kernel Module Unloading - delete_modulexccdf_org.ssgproject.content_rule_audit_rules_kernel_module_loading_delete mediumCCE-85748-2 </div><div class="panel-heading"><h3 class="panel-title">Ensure auditd Collects Information on Kernel Module Unloading - delete_module</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_kernel_module_loading_delete</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-audit_rules_kernel_module_loading_delete:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:07+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
            <abbr title="https://ncp.nist.gov/cce: CCE-85748-2">CCE-85748-2</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R73)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000130</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000135</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000172</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002884</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-3</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-3.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12.1(ii)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12.1(iv)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">MA-4(1)(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.2.7</a>, <a href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">10.2.1.7</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000037-GPOS-00015</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000042-GPOS-00020</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000062-GPOS-00031</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000392-GPOS-00172</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000462-GPOS-00206</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000471-GPOS-00215</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000471-GPOS-00216</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000477-GPOS-00222</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">SLES-15-030520</a>, <a href="https://www.cisecurity.org/benchmark/suse_linux/">4.1.16</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-234951r622137_rule</a></p></td></tr><tr><td>Description</td><td><div class="description">To capture kernel module unloading events, use following line, setting ARCH to
either b32 for 32-bit system, or having two lines for both b32 and b64 in case your system is 64-bit:

<pre>-a always,exit -F arch=<i>ARCH</i> -S delete_module -F key=modules</pre>


Place to add the line depends on a way <code>auditd</code> daemon is configured. If it is configured
to use the <code>augenrules</code> program (the default), add the line to a file with suffix
<code>.rules</code> in the directory <code>/etc/audit/rules.d</code>.

If the <code>auditd</code> daemon is configured to use the <code>auditctl</code> utility,
add the line to file <code>/etc/audit/audit.rules</code>.</div></td></tr><tr><td>Rationale</td><td><div class="rationale">The removal of kernel modules can be used to alter the behavior of
the kernel and potentially introduce malicious code into kernel space. It is important
to have an audit trail of modules that have been introduced into the kernel.</div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">audit augenrules</span>Â 
        <span class="label label-default">oval:ssg-test_audit_rules_augenrules:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>Requires=augenrules.service</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules 32-bit delete_module</span>Â 
        <span class="label label-default">oval:ssg-test_32bit_ardm_delete_module_augenrules:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/modules.rules</td><td>-a always,exit -F arch=b32 -S delete_module -F key=modules</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_x86_64:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_ppc_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="64 bit architecture">oval:ssg-object_system_info_architecture_ppcle_64:obj:1</abbr></strong> of type
                <strong>uname_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_aarch_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_s390_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules 64-bit delete_module</span>Â 
        <span class="label label-default">oval:ssg-test_64bit_ardm_delete_module_augenrules:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/modules.rules</td><td>-a always,exit -F arch=b64 -S delete_module -F key=modules</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl</span>Â 
        <span class="label label-default">oval:ssg-test_audit_rules_auditctl:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_audit_rules_auditctl:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>^ExecStartPost=\-\/sbin\/auditctl.*$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl 32-bit delete_module</span>Â 
        <span class="label label-default">oval:ssg-test_32bit_ardm_delete_module_auditctl:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-a always,exit -F arch=b32 -S delete_module -F key=modules</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_x86_64:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_ppc_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="64 bit architecture">oval:ssg-object_system_info_architecture_ppcle_64:obj:1</abbr></strong> of type
                <strong>uname_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_aarch_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_s390_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl 64-bit delete_module</span>Â 
        <span class="label label-default">oval:ssg-test_64bit_ardm_delete_module_auditctl:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-a always,exit -F arch=b64 -S delete_module -F key=modules</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_kernel_module_loading_finit" id="rule-detail-id34366"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Ensure auditd Collects Information on Kernel Module Loading and Unloading - finit_modulexccdf_org.ssgproject.content_rule_audit_rules_kernel_module_loading_finit mediumCCE-85749-0 </div><div class="panel-heading"><h3 class="panel-title">Ensure auditd Collects Information on Kernel Module Loading and Unloading - finit_module</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_kernel_module_loading_finit</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-audit_rules_kernel_module_loading_finit:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:07+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
            <abbr title="https://ncp.nist.gov/cce: CCE-85749-0">CCE-85749-0</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R73)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000130</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000135</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000172</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002884</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-3</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-3.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12.1(ii)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12.1(iv)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">MA-4(1)(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.2.7</a>, <a href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">10.2.1.7</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000037-GPOS-00015</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000042-GPOS-00020</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000062-GPOS-00031</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000392-GPOS-00172</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000462-GPOS-00206</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000471-GPOS-00215</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000471-GPOS-00216</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000477-GPOS-00222</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">SLES-15-030530</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-234952r622137_rule</a></p></td></tr><tr><td>Description</td><td><div class="description">If the <code>auditd</code> daemon is configured to use the <code>augenrules</code> program
to read audit rules during daemon startup (the default), add the following lines to a file
with suffix <code>.rules</code> in the directory <code>/etc/audit/rules.d</code> to capture kernel module
loading and unloading events, setting ARCH to either b32 or b64 as appropriate for your system:

<pre>-a always,exit -F arch=<i>ARCH</i> -S finit_module -F key=modules</pre>
    If the <code>auditd</code> daemon is configured to use the <code>auditctl</code> utility to read audit
rules during daemon startup, add the following lines to <code>/etc/audit/audit.rules</code> file
in order to capture kernel module loading and unloading events, setting ARCH to either b32 or
b64 as appropriate for your system:

<pre>-a always,exit -F arch=<i>ARCH</i> -S finit_module -F key=modules</pre></div></td></tr><tr><td>Rationale</td><td><div class="rationale">The addition/removal of kernel modules can be used to alter the behavior of
the kernel and potentially introduce malicious code into kernel space. It is important
to have an audit trail of modules that have been introduced into the kernel.</div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">audit augenrules</span>Â 
        <span class="label label-default">oval:ssg-test_audit_rules_augenrules:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>Requires=augenrules.service</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules 32-bit finit_module</span>Â 
        <span class="label label-default">oval:ssg-test_32bit_ardm_finit_module_augenrules:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/modules.rules</td><td>-a always,exit -F arch=b32 -S finit_module -F key=modules</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_x86_64:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_ppc_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="64 bit architecture">oval:ssg-object_system_info_architecture_ppcle_64:obj:1</abbr></strong> of type
                <strong>uname_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_aarch_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_s390_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules 64-bit finit_module</span>Â 
        <span class="label label-default">oval:ssg-test_64bit_ardm_finit_module_augenrules:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/modules.rules</td><td>-a always,exit -F arch=b64 -S finit_module -F key=modules</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl</span>Â 
        <span class="label label-default">oval:ssg-test_audit_rules_auditctl:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_audit_rules_auditctl:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>^ExecStartPost=\-\/sbin\/auditctl.*$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl 32-bit finit_module</span>Â 
        <span class="label label-default">oval:ssg-test_32bit_ardm_finit_module_auditctl:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-a always,exit -F arch=b32 -S finit_module -F key=modules</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_x86_64:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_ppc_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="64 bit architecture">oval:ssg-object_system_info_architecture_ppcle_64:obj:1</abbr></strong> of type
                <strong>uname_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_aarch_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_s390_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl 64-bit finit_module</span>Â 
        <span class="label label-default">oval:ssg-test_64bit_ardm_finit_module_auditctl:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-a always,exit -F arch=b64 -S finit_module -F key=modules</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_kernel_module_loading_init" id="rule-detail-id34367"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Ensure auditd Collects Information on Kernel Module Loading - init_modulexccdf_org.ssgproject.content_rule_audit_rules_kernel_module_loading_init mediumCCE-85750-8 </div><div class="panel-heading"><h3 class="panel-title">Ensure auditd Collects Information on Kernel Module Loading - init_module</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_kernel_module_loading_init</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-audit_rules_kernel_module_loading_init:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:07+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
            <abbr title="https://ncp.nist.gov/cce: CCE-85750-8">CCE-85750-8</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R73)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000130</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000135</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000172</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002884</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-3</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-3.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12.1(ii)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12.1(iv)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">MA-4(1)(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.2.7</a>, <a href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">10.2.1.7</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000037-GPOS-00015</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000042-GPOS-00020</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000062-GPOS-00031</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000392-GPOS-00172</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000462-GPOS-00206</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000471-GPOS-00215</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000471-GPOS-00216</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000477-GPOS-00222</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">SLES-15-030530</a>, <a href="https://www.cisecurity.org/benchmark/suse_linux/">4.1.16</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-234952r622137_rule</a></p></td></tr><tr><td>Description</td><td><div class="description">To capture kernel module loading events, use following line, setting ARCH to
either b32 for 32-bit system, or having two lines for both b32 and b64 in case your system is 64-bit:

<pre>-a always,exit -F arch=<i>ARCH</i> -S init_module -F key=modules</pre>


Place to add the line depends on a way <code>auditd</code> daemon is configured. If it is configured
to use the <code>augenrules</code> program (the default), add the line to a file with suffix
<code>.rules</code> in the directory <code>/etc/audit/rules.d</code>.

If the <code>auditd</code> daemon is configured to use the <code>auditctl</code> utility,
add the line to file <code>/etc/audit/audit.rules</code>.</div></td></tr><tr><td>Rationale</td><td><div class="rationale">The addition of kernel modules can be used to alter the behavior of
the kernel and potentially introduce malicious code into kernel space. It is important
to have an audit trail of modules that have been introduced into the kernel.</div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">audit augenrules</span>Â 
        <span class="label label-default">oval:ssg-test_audit_rules_augenrules:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>Requires=augenrules.service</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules 32-bit init_module</span>Â 
        <span class="label label-default">oval:ssg-test_32bit_ardm_init_module_augenrules:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/modules.rules</td><td>-a always,exit -F arch=b32 -S init_module -F key=modules</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_x86_64:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_ppc_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="64 bit architecture">oval:ssg-object_system_info_architecture_ppcle_64:obj:1</abbr></strong> of type
                <strong>uname_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_aarch_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_s390_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules 64-bit init_module</span>Â 
        <span class="label label-default">oval:ssg-test_64bit_ardm_init_module_augenrules:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/modules.rules</td><td>-a always,exit -F arch=b64 -S init_module -F key=modules</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl</span>Â 
        <span class="label label-default">oval:ssg-test_audit_rules_auditctl:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_audit_rules_auditctl:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>^ExecStartPost=\-\/sbin\/auditctl.*$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl 32-bit init_module</span>Â 
        <span class="label label-default">oval:ssg-test_32bit_ardm_init_module_auditctl:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-a always,exit -F arch=b32 -S init_module -F key=modules</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_x86_64:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_ppc_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="64 bit architecture">oval:ssg-object_system_info_architecture_ppcle_64:obj:1</abbr></strong> of type
                <strong>uname_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_aarch_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_s390_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl 64-bit init_module</span>Â 
        <span class="label label-default">oval:ssg-test_64bit_ardm_init_module_auditctl:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-a always,exit -F arch=b64 -S init_module -F key=modules</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_login_events_faillock" id="rule-detail-id34368"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Record Attempts to Alter Logon and Logout Events - faillockxccdf_org.ssgproject.content_rule_audit_rules_login_events_faillock mediumCCE-91449-9 </div><div class="panel-heading"><h3 class="panel-title">Record Attempts to Alter Logon and Logout Events - faillock</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_login_events_faillock</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-audit_rules_login_events_faillock:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:07+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
            <abbr title="https://ncp.nist.gov/cce: CCE-91449-9">CCE-91449-9</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R73)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000126</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000172</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002884</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.2.3</a>, <a href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">10.2.1.3</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000392-GPOS-00172</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000470-GPOS-00214</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000473-GPOS-00218</a>, <a href="https://www.cisecurity.org/benchmark/suse_linux/">4.1.7</a></p></td></tr><tr><td>Description</td><td><div class="description">The audit system already collects login information for all users
and root. If the <code>auditd</code> daemon is configured to use the
<code>augenrules</code> program to read audit rules during daemon startup (the
default), add the following lines to a file with suffix <code>.rules</code> in the
directory <code>/etc/audit/rules.d</code> in order to watch for attempted manual
edits of files involved in storing logon events:
<pre>-w /var/run/faillock -p wa -k logins</pre>
If the <code>auditd</code> daemon is configured to use the <code>auditctl</code>
utility to read audit rules during daemon startup, add the following lines to
<code>/etc/audit/audit.rules</code> file in order to watch for unattempted manual
edits of files involved in storing logon events:
<pre>-w /var/run/faillock -p wa -k logins</pre></div></td></tr><tr><td>Rationale</td><td><div class="rationale">Manual editing of these files may indicate nefarious activity, such
as an attacker attempting to remove evidence of an intrusion.</div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">audit augenrules</span>Â 
        <span class="label label-default">oval:ssg-test_audit_rules_augenrules:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>Requires=augenrules.service</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules faillock</span>Â 
        <span class="label label-default">oval:ssg-test_arle_faillock_augenrules:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/logins.rules</td><td>-w /var/run/faillock -p wa -k logins</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl</span>Â 
        <span class="label label-default">oval:ssg-test_audit_rules_auditctl:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_audit_rules_auditctl:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>^ExecStartPost=\-\/sbin\/auditctl.*$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl faillock</span>Â 
        <span class="label label-default">oval:ssg-test_arle_faillock_auditctl:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-w /var/run/faillock -p wa -k logins</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_login_events_lastlog" id="rule-detail-id34369"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Record Attempts to Alter Logon and Logout Events - lastlogxccdf_org.ssgproject.content_rule_audit_rules_login_events_lastlog mediumCCE-85598-1 </div><div class="panel-heading"><h3 class="panel-title">Record Attempts to Alter Logon and Logout Events - lastlog</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_login_events_lastlog</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-audit_rules_login_events_lastlog:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:07+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
            <abbr title="https://ncp.nist.gov/cce: CCE-85598-1">CCE-85598-1</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R73)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000126</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000130</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000135</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000172</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002884</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.2.3</a>, <a href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">10.2.1.3</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000037-GPOS-00015</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000042-GPOS-00020</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000062-GPOS-00031</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000392-GPOS-00172</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000462-GPOS-00206</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000471-GPOS-00215</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000473-GPOS-00218</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000470-GPOS-00214</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">SLES-15-030480</a>, <a href="https://www.cisecurity.org/benchmark/suse_linux/">4.1.7</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-234947r622137_rule</a></p></td></tr><tr><td>Description</td><td><div class="description">The audit system already collects login information for all users
and root. If the <code>auditd</code> daemon is configured to use the
<code>augenrules</code> program to read audit rules during daemon startup (the
default), add the following lines to a file with suffix <code>.rules</code> in the
directory <code>/etc/audit/rules.d</code> in order to watch for attempted manual
edits of files involved in storing logon events:
<pre>-w /var/log/lastlog -p wa -k logins</pre>
If the <code>auditd</code> daemon is configured to use the <code>auditctl</code>
utility to read audit rules during daemon startup, add the following lines to
<code>/etc/audit/audit.rules</code> file in order to watch for unattempted manual
edits of files involved in storing logon events:
<pre>-w /var/log/lastlog -p wa -k logins</pre></div></td></tr><tr><td>Rationale</td><td><div class="rationale">Manual editing of these files may indicate nefarious activity, such
as an attacker attempting to remove evidence of an intrusion.</div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">audit augenrules</span>Â 
        <span class="label label-default">oval:ssg-test_audit_rules_augenrules:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>Requires=augenrules.service</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules lastlog</span>Â 
        <span class="label label-default">oval:ssg-test_arle_lastlog_augenrules:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/logins.rules</td><td>-w /var/log/lastlog -p wa -k logins</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl</span>Â 
        <span class="label label-default">oval:ssg-test_audit_rules_auditctl:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_audit_rules_auditctl:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>^ExecStartPost=\-\/sbin\/auditctl.*$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl lastlog</span>Â 
        <span class="label label-default">oval:ssg-test_arle_lastlog_auditctl:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-w /var/log/lastlog -p wa -k logins</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_login_events_tallylog" id="rule-detail-id34370"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Record Attempts to Alter Logon and Logout Events - tallylogxccdf_org.ssgproject.content_rule_audit_rules_login_events_tallylog mediumCCE-85597-3 </div><div class="panel-heading"><h3 class="panel-title">Record Attempts to Alter Logon and Logout Events - tallylog</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_login_events_tallylog</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-audit_rules_login_events_tallylog:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:07+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
            <abbr title="https://ncp.nist.gov/cce: CCE-85597-3">CCE-85597-3</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000172</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002884</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000126</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.2.3</a>, <a href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">10.2.1.3</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000392-GPOS-00172</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000470-GPOS-00214</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000473-GPOS-00218</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">SLES-15-030470</a>, <a href="https://www.cisecurity.org/benchmark/suse_linux/">4.1.7</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-234946r622137_rule</a></p></td></tr><tr><td>Description</td><td><div class="description">The audit system already collects login information for all users
and root. If the <code>auditd</code> daemon is configured to use the
<code>augenrules</code> program to read audit rules during daemon startup (the
default), add the following lines to a file with suffix <code>.rules</code> in the
directory <code>/etc/audit/rules.d</code> in order to watch for attempted manual
edits of files involved in storing logon events:
<pre>-w /var/log/tallylog -p wa -k logins</pre>
If the <code>auditd</code> daemon is configured to use the <code>auditctl</code>
utility to read audit rules during daemon startup, add the following lines to
<code>/etc/audit/audit.rules</code> file in order to watch for unattempted manual
edits of files involved in storing logon events:
<pre>-w /var/log/tallylog -p wa -k logins</pre></div></td></tr><tr><td>Rationale</td><td><div class="rationale">Manual editing of these files may indicate nefarious activity, such
as an attacker attempting to remove evidence of an intrusion.</div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">audit augenrules</span>Â 
        <span class="label label-default">oval:ssg-test_audit_rules_augenrules:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>Requires=augenrules.service</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules tallylog</span>Â 
        <span class="label label-default">oval:ssg-test_arle_tallylog_augenrules:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/logins.rules</td><td>-w /var/log/tallylog -p wa -k logins</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl</span>Â 
        <span class="label label-default">oval:ssg-test_audit_rules_auditctl:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_audit_rules_auditctl:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>^ExecStartPost=\-\/sbin\/auditctl.*$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl tallylog</span>Â 
        <span class="label label-default">oval:ssg-test_arle_tallylog_auditctl:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-w /var/log/tallylog -p wa -k logins</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_chage" id="rule-detail-id34371"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Ensure auditd Collects Information on the Use of Privileged Commands - chagexccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_chage mediumCCE-85587-4 </div><div class="panel-heading"><h3 class="panel-title">Ensure auditd Collects Information on the Use of Privileged Commands - chage</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_chage</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-audit_rules_privileged_commands_chage:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:07+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
            <abbr title="https://ncp.nist.gov/cce: CCE-85587-4">CCE-85587-4</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000130</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000135</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000172</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002884</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-004-6 R2.2.2</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-004-6 R2.2.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R.1.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.1.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.1.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.2.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.2.3</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-2(4)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000037-GPOS-00015</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000042-GPOS-00020</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000062-GPOS-00031</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000392-GPOS-00172</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000462-GPOS-00206</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000468-GPOS-00212</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000471-GPOS-00215</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=application-servers">SRG-APP-000029-CTR-000085</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">SLES-15-030120</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-234911r622137_rule</a></p></td></tr><tr><td>Description</td><td><div class="description">At a minimum, the audit system should collect the execution of
privileged commands for all users and root. If the <code>auditd</code> daemon is
configured to use the <code>augenrules</code> program to read audit rules during
daemon startup (the default), add a line of the following form to a file with
suffix <code>.rules</code> in the directory <code>/etc/audit/rules.d</code>:
<pre>-a always,exit -F path=/usr/bin/chage -F perm=x -F auid&gt;=1000 -F auid!=unset -F key=privileged</pre>
If the <code>auditd</code> daemon is configured to use the <code>auditctl</code>
utility to read audit rules during daemon startup, add a line of the following
form to <code>/etc/audit/audit.rules</code>:
<pre>-a always,exit -F path=/usr/bin/chage -F perm=x -F auid&gt;=1000 -F auid!=unset -F key=privileged</pre></div></td></tr><tr><td>Rationale</td><td><div class="rationale">Misuse of privileged functions, either intentionally or unintentionally by
authorized users, or by unauthorized external entities that have compromised system accounts,
is a serious and ongoing concern and can have significant adverse impacts on organizations.
Auditing the use of privileged functions is one way to detect such misuse and identify
the risk from insider and advanced persistent threats.
<br><br>
Privileged programs are subject to escalation-of-privilege attacks,
which attempt to subvert their normal role of providing some necessary but
limited capability. As such, motivation exists to monitor these programs for
unusual activity.</div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">audit augenrules</span>Â 
        <span class="label label-default">oval:ssg-test_audit_rules_augenrules:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>Requires=augenrules.service</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules chage</span>Â 
        <span class="label label-default">oval:ssg-test_audit_rules_privileged_commands_chage_augenrules:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/privileged.rules</td><td>-a always,exit -F path=/usr/bin/chage -F perm=x -F auid&gt;=1000 -F auid!=unset -F key=privileged</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl</span>Â 
        <span class="label label-default">oval:ssg-test_audit_rules_auditctl:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_audit_rules_auditctl:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>^ExecStartPost=\-\/sbin\/auditctl.*$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl chage</span>Â 
        <span class="label label-default">oval:ssg-test_audit_rules_privileged_commands_chage_auditctl:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-a always,exit -F path=/usr/bin/chage -F perm=x -F auid&gt;=1000 -F auid!=unset -F key=privileged</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_chfn" id="rule-detail-id34372"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Ensure auditd Collects Information on the Use of Privileged Commands - chfnxccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_chfn mediumCCE-85589-0 </div><div class="panel-heading"><h3 class="panel-title">Ensure auditd Collects Information on the Use of Privileged Commands - chfn</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_chfn</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-audit_rules_privileged_commands_chfn:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:07+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
            <abbr title="https://ncp.nist.gov/cce: CCE-85589-0">CCE-85589-0</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
            <a href="https://public.cyber.mil/stigs/cci/">CCI-000130</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000172</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002884</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-3</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">MA-4(1)(a)</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">SLES-15-030340</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-234933r622137_rule</a></p></td></tr><tr><td>Description</td><td><div class="description">At a minimum, the audit system should collect the execution of
privileged commands for all users and root. If the <code>auditd</code> daemon is
configured to use the <code>augenrules</code> program to read audit rules during
daemon startup (the default), add a line of the following form to a file with
suffix <code>.rules</code> in the directory <code>/etc/audit/rules.d</code>:
<pre>-a always,exit -F path=/usr/bin/chfn -F perm=x -F auid&gt;=1000 -F auid!=unset -F key=privileged</pre>
If the <code>auditd</code> daemon is configured to use the <code>auditctl</code>
utility to read audit rules during daemon startup, add a line of the following
form to <code>/etc/audit/audit.rules</code>:
<pre>-a always,exit -F path=/usr/bin/chfn -F perm=x -F auid&gt;=1000 -F auid!=unset -F key=privileged</pre></div></td></tr><tr><td>Rationale</td><td><div class="rationale">Without generating audit records that are specific to the security and
mission needs of the organization, it would be difficult to establish,
correlate, and investigate the events relating to an incident or identify
those responsible for one.

Audit records can be generated from various components within the
information system (e.g., module or policy filter).</div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">audit augenrules</span>Â 
        <span class="label label-default">oval:ssg-test_audit_rules_augenrules:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>Requires=augenrules.service</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules chfn</span>Â 
        <span class="label label-default">oval:ssg-test_audit_rules_privileged_commands_chfn_augenrules:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/privileged.rules</td><td>-a always,exit -F path=/usr/bin/chfn -F perm=x -F auid&gt;=1000 -F auid!=unset -F key=privileged</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl</span>Â 
        <span class="label label-default">oval:ssg-test_audit_rules_auditctl:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_audit_rules_auditctl:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>^ExecStartPost=\-\/sbin\/auditctl.*$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl chfn</span>Â 
        <span class="label label-default">oval:ssg-test_audit_rules_privileged_commands_chfn_auditctl:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-a always,exit -F path=/usr/bin/chfn -F perm=x -F auid&gt;=1000 -F auid!=unset -F key=privileged</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_chsh" id="rule-detail-id34373"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Ensure auditd Collects Information on the Use of Privileged Commands - chshxccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_chsh mediumCCE-85586-6 </div><div class="panel-heading"><h3 class="panel-title">Ensure auditd Collects Information on the Use of Privileged Commands - chsh</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_chsh</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-audit_rules_privileged_commands_chsh:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:07+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
            <abbr title="https://ncp.nist.gov/cce: CCE-85586-6">CCE-85586-6</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000130</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000135</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000172</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002884</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-004-6 R2.2.2</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-004-6 R2.2.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R.1.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.1.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.1.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.2.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.2.3</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-2(4)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000037-GPOS-00015</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000042-GPOS-00020</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000062-GPOS-00031</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000392-GPOS-00172</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000462-GPOS-00206</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000471-GPOS-00215</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">SLES-15-030100</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-234909r622137_rule</a></p></td></tr><tr><td>Description</td><td><div class="description">At a minimum, the audit system should collect the execution of
privileged commands for all users and root. If the <code>auditd</code> daemon is
configured to use the <code>augenrules</code> program to read audit rules during
daemon startup (the default), add a line of the following form to a file with
suffix <code>.rules</code> in the directory <code>/etc/audit/rules.d</code>:
<pre>-a always,exit -F path=/usr/bin/chsh -F perm=x -F auid&gt;=1000 -F auid!=unset -F key=privileged</pre>
If the <code>auditd</code> daemon is configured to use the <code>auditctl</code>
utility to read audit rules during daemon startup, add a line of the following
form to <code>/etc/audit/audit.rules</code>:
<pre>-a always,exit -F path=/usr/bin/chsh -F perm=x -F auid&gt;=1000 -F auid!=unset -F key=privileged</pre></div></td></tr><tr><td>Rationale</td><td><div class="rationale">Misuse of privileged functions, either intentionally or unintentionally by
authorized users, or by unauthorized external entities that have compromised system accounts,
is a serious and ongoing concern and can have significant adverse impacts on organizations.
Auditing the use of privileged functions is one way to detect such misuse and identify
the risk from insider and advanced persistent threats.
<br><br>
Privileged programs are subject to escalation-of-privilege attacks,
which attempt to subvert their normal role of providing some necessary but
limited capability. As such, motivation exists to monitor these programs for
unusual activity.</div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">audit augenrules</span>Â 
        <span class="label label-default">oval:ssg-test_audit_rules_augenrules:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>Requires=augenrules.service</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules chsh</span>Â 
        <span class="label label-default">oval:ssg-test_audit_rules_privileged_commands_chsh_augenrules:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/privileged.rules</td><td>-a always,exit -F path=/usr/bin/chsh -F perm=x -F auid&gt;=1000 -F auid!=unset -F key=privileged</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl</span>Â 
        <span class="label label-default">oval:ssg-test_audit_rules_auditctl:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_audit_rules_auditctl:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>^ExecStartPost=\-\/sbin\/auditctl.*$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl chsh</span>Â 
        <span class="label label-default">oval:ssg-test_audit_rules_privileged_commands_chsh_auditctl:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-a always,exit -F path=/usr/bin/chsh -F perm=x -F auid&gt;=1000 -F auid!=unset -F key=privileged</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_crontab" id="rule-detail-id34374"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Ensure auditd Collects Information on the Use of Privileged Commands - crontabxccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_crontab mediumCCE-85588-2 </div><div class="panel-heading"><h3 class="panel-title">Ensure auditd Collects Information on the Use of Privileged Commands - crontab</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_crontab</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-audit_rules_privileged_commands_crontab:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:07+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
            <abbr title="https://ncp.nist.gov/cce: CCE-85588-2">CCE-85588-2</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000130</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000135</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000172</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002884</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000037-GPOS-00015</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000042-GPOS-00020</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000062-GPOS-00031</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000392-GPOS-00172</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000462-GPOS-00206</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000471-GPOS-00215</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">SLES-15-030130</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-234912r622137_rule</a></p></td></tr><tr><td>Description</td><td><div class="description">At a minimum, the audit system should collect the execution of
privileged commands for all users and root. If the <code>auditd</code> daemon is
configured to use the <code>augenrules</code> program to read audit rules during
daemon startup (the default), add a line of the following form to a file with
suffix <code>.rules</code> in the directory <code>/etc/audit/rules.d</code>:
<pre>-a always,exit -F path=/usr/bin/crontab -F perm=x -F auid&gt;=1000 -F auid!=unset -F key=privileged</pre>
If the <code>auditd</code> daemon is configured to use the <code>auditctl</code>
utility to read audit rules during daemon startup, add a line of the following
form to <code>/etc/audit/audit.rules</code>:
<pre>-a always,exit -F path=/usr/bin/crontab -F perm=x -F auid&gt;=1000 -F auid!=unset -F key=privileged</pre></div></td></tr><tr><td>Rationale</td><td><div class="rationale">Misuse of privileged functions, either intentionally or unintentionally by
authorized users, or by unauthorized external entities that have compromised system accounts,
is a serious and ongoing concern and can have significant adverse impacts on organizations.
Auditing the use of privileged functions is one way to detect such misuse and identify
the risk from insider and advanced persistent threats.
<br><br>
Privileged programs are subject to escalation-of-privilege attacks,
which attempt to subvert their normal role of providing some necessary but
limited capability. As such, motivation exists to monitor these programs for
unusual activity.</div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">audit augenrules</span>Â 
        <span class="label label-default">oval:ssg-test_audit_rules_augenrules:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>Requires=augenrules.service</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules crontab</span>Â 
        <span class="label label-default">oval:ssg-test_audit_rules_privileged_commands_crontab_augenrules:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/privileged.rules</td><td>-a always,exit -F path=/usr/bin/crontab -F perm=x -F auid&gt;=1000 -F auid!=unset -F key=privileged</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl</span>Â 
        <span class="label label-default">oval:ssg-test_audit_rules_auditctl:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_audit_rules_auditctl:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>^ExecStartPost=\-\/sbin\/auditctl.*$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl crontab</span>Â 
        <span class="label label-default">oval:ssg-test_audit_rules_privileged_commands_crontab_auditctl:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-a always,exit -F path=/usr/bin/crontab -F perm=x -F auid&gt;=1000 -F auid!=unset -F key=privileged</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_gpasswd" id="rule-detail-id34375"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Ensure auditd Collects Information on the Use of Privileged Commands - gpasswdxccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_gpasswd mediumCCE-85584-1 </div><div class="panel-heading"><h3 class="panel-title">Ensure auditd Collects Information on the Use of Privileged Commands - gpasswd</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_gpasswd</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-audit_rules_privileged_commands_gpasswd:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:07+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
            <abbr title="https://ncp.nist.gov/cce: CCE-85584-1">CCE-85584-1</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000130</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000135</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000172</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002884</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-004-6 R2.2.2</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-004-6 R2.2.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R.1.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.1.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.1.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.2.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.2.3</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-2(4)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000037-GPOS-00015</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000042-GPOS-00020</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000062-GPOS-00031</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000392-GPOS-00172</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000462-GPOS-00206</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000471-GPOS-00215</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=application-servers">SRG-APP-000029-CTR-000085</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">SLES-15-030080</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-234907r622137_rule</a></p></td></tr><tr><td>Description</td><td><div class="description">At a minimum, the audit system should collect the execution of
privileged commands for all users and root. If the <code>auditd</code> daemon is
configured to use the <code>augenrules</code> program to read audit rules during
daemon startup (the default), add a line of the following form to a file with
suffix <code>.rules</code> in the directory <code>/etc/audit/rules.d</code>:
<pre>-a always,exit -F path=/usr/bin/gpasswd -F perm=x -F auid&gt;=1000 -F auid!=unset -F key=privileged</pre>
If the <code>auditd</code> daemon is configured to use the <code>auditctl</code>
utility to read audit rules during daemon startup, add a line of the following
form to <code>/etc/audit/audit.rules</code>:
<pre>-a always,exit -F path=/usr/bin/gpasswd -F perm=x -F auid&gt;=1000 -F auid!=unset -F key=privileged</pre></div></td></tr><tr><td>Rationale</td><td><div class="rationale">Misuse of privileged functions, either intentionally or unintentionally by
authorized users, or by unauthorized external entities that have compromised system accounts,
is a serious and ongoing concern and can have significant adverse impacts on organizations.
Auditing the use of privileged functions is one way to detect such misuse and identify
the risk from insider and advanced persistent threats.
<br><br>
Privileged programs are subject to escalation-of-privilege attacks,
which attempt to subvert their normal role of providing some necessary but
limited capability. As such, motivation exists to monitor these programs for
unusual activity.</div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">audit augenrules</span>Â 
        <span class="label label-default">oval:ssg-test_audit_rules_augenrules:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>Requires=augenrules.service</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules gpasswd</span>Â 
        <span class="label label-default">oval:ssg-test_audit_rules_privileged_commands_gpasswd_augenrules:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/privileged.rules</td><td>-a always,exit -F path=/usr/bin/gpasswd -F perm=x -F auid&gt;=1000 -F auid!=unset -F key=privileged</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl</span>Â 
        <span class="label label-default">oval:ssg-test_audit_rules_auditctl:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_audit_rules_auditctl:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>^ExecStartPost=\-\/sbin\/auditctl.*$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl gpasswd</span>Â 
        <span class="label label-default">oval:ssg-test_audit_rules_privileged_commands_gpasswd_auditctl:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-a always,exit -F path=/usr/bin/gpasswd -F perm=x -F auid&gt;=1000 -F auid!=unset -F key=privileged</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_insmod" id="rule-detail-id34376"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Ensure auditd Collects Information on the Use of Privileged Commands - insmodxccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_insmod mediumCCE-85744-1 </div><div class="panel-heading"><h3 class="panel-title">Ensure auditd Collects Information on the Use of Privileged Commands - insmod</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_insmod</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-audit_rules_privileged_commands_insmod:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:07+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
            <abbr title="https://ncp.nist.gov/cce: CCE-85744-1">CCE-85744-1</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R73)</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000130</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000172</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002884</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12.1(iv)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-3</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-3.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12.1(ii)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">MA-4(1)(a)</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000037-GPOS-00015</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000062-GPOS-00031</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000392-GPOS-00172</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000462-GPOS-00206</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000471-GPOS-00215</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">SLES-15-030380</a>, <a href="https://www.cisecurity.org/benchmark/suse_linux/">4.1.16</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-234937r622137_rule</a></p></td></tr><tr><td>Description</td><td><div class="description">At a minimum, the audit system should collect the execution of
privileged commands for all users and root. If the <code>auditd</code> daemon is
configured to use the <code>augenrules</code> program to read audit rules during
daemon startup (the default), add a line of the following form to a file with
suffix <code>.rules</code> in the directory <code>/etc/audit/rules.d</code>:
<pre>-w /sbin/insmod -p x -k modules</pre></div></td></tr><tr><td>Rationale</td><td><div class="rationale">Misuse of privileged functions, either intentionally or unintentionally by
authorized users, or by unauthorized external entities that have compromised system accounts,
is a serious and ongoing concern and can have significant adverse impacts on organizations.
Auditing the use of privileged functions is one way to detect such misuse and identify
the risk from insider and advanced persistent threats.
<br><br>
Privileged programs are subject to escalation-of-privilege attacks,
which attempt to subvert their normal role of providing some necessary but
limited capability. As such, motivation exists to monitor these programs for
unusual activity.</div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">audit augenrules</span>Â 
        <span class="label label-default">oval:ssg-test_audit_rules_augenrules:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>Requires=augenrules.service</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules insmod</span>Â 
        <span class="label label-default">oval:ssg-test_insmod_augenrules:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/modules.rules</td><td>-w /sbin/insmod -p x -k modules</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl</span>Â 
        <span class="label label-default">oval:ssg-test_audit_rules_auditctl:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_audit_rules_auditctl:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>^ExecStartPost=\-\/sbin\/auditctl.*$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl insmod</span>Â 
        <span class="label label-default">oval:ssg-test_insmod_auditctl:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-w /sbin/insmod -p x -k modules</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_kmod" id="rule-detail-id34377"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Ensure auditd Collects Information on the Use of Privileged Commands - kmodxccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_kmod mediumCCE-85591-6 </div><div class="panel-heading"><h3 class="panel-title">Ensure auditd Collects Information on the Use of Privileged Commands - kmod</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_kmod</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-audit_rules_privileged_commands_kmod:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:07+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
            <abbr title="https://ncp.nist.gov/cce: CCE-85591-6">CCE-85591-6</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R73)</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000130</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000135</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000172</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002884</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-3</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-3.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12.1(ii)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12.1(iv)AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">MA-4(1)(a)</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000037-GPOS-00015</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000042-GPOS-00020</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000062-GPOS-00031</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000392-GPOS-00172</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000462-GPOS-00206</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000471-GPOS-00215</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000471-GPOS-00216</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000477-GPOS-00222</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">SLES-15-030410</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-234940r622137_rule</a></p></td></tr><tr><td>Description</td><td><div class="description">At a minimum, the audit system should collect the execution of
privileged commands for all users and root. If the <code>auditd</code> daemon is
configured to use the <code>augenrules</code> program to read audit rules during
daemon startup (the default), add a line of the following form to a file with
suffix <code>.rules</code> in the directory <code>/etc/audit/rules.d</code>:
<pre>-w /usr/bin/kmod -p x -k modules</pre>
If the <code>auditd</code> daemon is configured to use the <code>auditctl</code>
utility to read audit rules during daemon startup, add a line of the following
form to <code>/etc/audit/audit.rules</code>:
<pre>-w /usr/bin/kmod -p x -k modules</pre></div></td></tr><tr><td>Rationale</td><td><div class="rationale">Without generating audit records that are specific to the security and
mission needs of the organization, it would be difficult to establish,
correlate, and investigate the events relating to an incident or identify
those responsible for one.

Audit records can be generated from various components within the
information system (e.g., module or policy filter).</div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">audit augenrules</span>Â 
        <span class="label label-default">oval:ssg-test_audit_rules_augenrules:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>Requires=augenrules.service</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules kmod</span>Â 
        <span class="label label-default">oval:ssg-test_kmod_augenrules:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/modules.rules</td><td>-w /usr/bin/kmod -p x -k modules</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl</span>Â 
        <span class="label label-default">oval:ssg-test_audit_rules_auditctl:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_audit_rules_auditctl:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>^ExecStartPost=\-\/sbin\/auditctl.*$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl kmod</span>Â 
        <span class="label label-default">oval:ssg-test_kmod_auditctl:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-w /usr/bin/kmod -p x -k modules</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_modprobe" id="rule-detail-id34378"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Ensure auditd Collects Information on the Use of Privileged Commands - modprobexccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_modprobe mediumCCE-85731-8 </div><div class="panel-heading"><h3 class="panel-title">Ensure auditd Collects Information on the Use of Privileged Commands - modprobe</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_modprobe</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-audit_rules_privileged_commands_modprobe:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:07+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
            <abbr title="https://ncp.nist.gov/cce: CCE-85731-8">CCE-85731-8</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R73)</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000130</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000172</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002884</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12.1(ii)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-3</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-3.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12.1(iv)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">MA-4(1)(a)</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000037-GPOS-00015</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000062-GPOS-00031</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000392-GPOS-00172</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000462-GPOS-00206</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000471-GPOS-00215</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">SLES-15-030400</a>, <a href="https://www.cisecurity.org/benchmark/suse_linux/">4.1.16</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-234939r622137_rule</a></p></td></tr><tr><td>Description</td><td><div class="description">At a minimum, the audit system should collect the execution of
privileged commands for all users and root. If the <code>auditd</code> daemon is
configured to use the <code>augenrules</code> program to read audit rules during
daemon startup (the default), add a line of the following form to a file with
suffix <code>.rules</code> in the directory <code>/etc/audit/rules.d</code>:
<pre>-w /sbin/modprobe -p x -k modules</pre>
If the <code>auditd</code> daemon is configured to use the <code>auditctl</code>
utility to read audit rules during daemon startup, add a line of the following
form to <code>/etc/audit/audit.rules</code>:
<pre>-w /sbin/modprobe -p x -k modules</pre></div></td></tr><tr><td>Rationale</td><td><div class="rationale">Misuse of privileged functions, either intentionally or unintentionally by
authorized users, or by unauthorized external entities that have compromised system accounts,
is a serious and ongoing concern and can have significant adverse impacts on organizations.
Auditing the use of privileged functions is one way to detect such misuse and identify
the risk from insider and advanced persistent threats.
<br><br>
Privileged programs are subject to escalation-of-privilege attacks,
which attempt to subvert their normal role of providing some necessary but
limited capability. As such, motivation exists to monitor these programs for
unusual activity.</div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">audit augenrules</span>Â 
        <span class="label label-default">oval:ssg-test_audit_rules_augenrules:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>Requires=augenrules.service</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules modprobe</span>Â 
        <span class="label label-default">oval:ssg-test_modprobe_augenrules:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/modules.rules</td><td>-w /sbin/modprobe -p x -k modules</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl</span>Â 
        <span class="label label-default">oval:ssg-test_audit_rules_auditctl:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_audit_rules_auditctl:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>^ExecStartPost=\-\/sbin\/auditctl.*$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl modprobe</span>Â 
        <span class="label label-default">oval:ssg-test_modprobe_auditctl:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-w /sbin/modprobe -p x -k modules</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_newgrp" id="rule-detail-id34379"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Ensure auditd Collects Information on the Use of Privileged Commands - newgrpxccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_newgrp mediumCCE-85585-8 </div><div class="panel-heading"><h3 class="panel-title">Ensure auditd Collects Information on the Use of Privileged Commands - newgrp</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_newgrp</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-audit_rules_privileged_commands_newgrp:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:07+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
            <abbr title="https://ncp.nist.gov/cce: CCE-85585-8">CCE-85585-8</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000130</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000135</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000172</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002884</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-004-6 R2.2.2</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-004-6 R2.2.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R.1.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.1.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.1.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.2.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.2.3</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-2(4)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000037-GPOS-00015</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000042-GPOS-00020</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000062-GPOS-00031</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000392-GPOS-00172</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000462-GPOS-00206</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000471-GPOS-00215</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=application-servers">SRG-APP-000029-CTR-000085</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">SLES-15-030090</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-234908r622137_rule</a></p></td></tr><tr><td>Description</td><td><div class="description">At a minimum, the audit system should collect the execution of
privileged commands for all users and root. If the <code>auditd</code> daemon is
configured to use the <code>augenrules</code> program to read audit rules during
daemon startup (the default), add a line of the following form to a file with
suffix <code>.rules</code> in the directory <code>/etc/audit/rules.d</code>:
<pre>-a always,exit -F path=/usr/bin/newgrp -F perm=x -F auid&gt;=1000 -F auid!=unset -F key=privileged</pre>
If the <code>auditd</code> daemon is configured to use the <code>auditctl</code>
utility to read audit rules during daemon startup, add a line of the following
form to <code>/etc/audit/audit.rules</code>:
<pre>-a always,exit -F path=/usr/bin/newgrp -F perm=x -F auid&gt;=1000 -F auid!=unset -F key=privileged</pre></div></td></tr><tr><td>Rationale</td><td><div class="rationale">Misuse of privileged functions, either intentionally or unintentionally by
authorized users, or by unauthorized external entities that have compromised system accounts,
is a serious and ongoing concern and can have significant adverse impacts on organizations.
Auditing the use of privileged functions is one way to detect such misuse and identify
the risk from insider and advanced persistent threats.
<br><br>
Privileged programs are subject to escalation-of-privilege attacks,
which attempt to subvert their normal role of providing some necessary but
limited capability. As such, motivation exists to monitor these programs for
unusual activity.</div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">audit augenrules</span>Â 
        <span class="label label-default">oval:ssg-test_audit_rules_augenrules:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>Requires=augenrules.service</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules newgrp</span>Â 
        <span class="label label-default">oval:ssg-test_audit_rules_privileged_commands_newgrp_augenrules:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/privileged.rules</td><td>-a always,exit -F path=/usr/bin/newgrp -F perm=x -F auid&gt;=1000 -F auid!=unset -F key=privileged</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl</span>Â 
        <span class="label label-default">oval:ssg-test_audit_rules_auditctl:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_audit_rules_auditctl:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>^ExecStartPost=\-\/sbin\/auditctl.*$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl newgrp</span>Â 
        <span class="label label-default">oval:ssg-test_audit_rules_privileged_commands_newgrp_auditctl:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-a always,exit -F path=/usr/bin/newgrp -F perm=x -F auid&gt;=1000 -F auid!=unset -F key=privileged</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_pam_timestamp_check" id="rule-detail-id34380"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Ensure auditd Collects Information on the Use of Privileged Commands - pam_timestamp_checkxccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_pam_timestamp_check mediumCCE-85601-3 </div><div class="panel-heading"><h3 class="panel-title">Ensure auditd Collects Information on the Use of Privileged Commands - pam_timestamp_check</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_pam_timestamp_check</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-audit_rules_privileged_commands_pam_timestamp_check:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:07+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
            <abbr title="https://ncp.nist.gov/cce: CCE-85601-3">CCE-85601-3</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000130</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000135</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000172</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002884</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000037-GPOS-00015</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000042-GPOS-00020</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000062-GPOS-00031</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000392-GPOS-00172</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000462-GPOS-00206</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000471-GPOS-00215</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=application-servers">SRG-APP-000029-CTR-000085</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">SLES-15-030510</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-234950r622137_rule</a></p></td></tr><tr><td>Description</td><td><div class="description">At a minimum, the audit system should collect the execution of
privileged commands for all users and root. If the <code>auditd</code> daemon is
configured to use the <code>augenrules</code> program to read audit rules during
daemon startup (the default), add a line of the following form to a file with
suffix <code>.rules</code> in the directory <code>/etc/audit/rules.d</code>:
<pre>-a always,exit -F path=/sbin/pam_timestamp_check
-F perm=x -F auid&gt;=1000 -F auid!=unset -F key=privileged</pre>
If the <code>auditd</code> daemon is configured to use the <code>auditctl</code>
utility to read audit rules during daemon startup, add a line of the following
form to <code>/etc/audit/audit.rules</code>:
<pre>-a always,exit -F path=/sbin/pam_timestamp_check
-F perm=x -F auid&gt;=1000 -F auid!=unset -F key=privileged</pre></div></td></tr><tr><td>Rationale</td><td><div class="rationale">Misuse of privileged functions, either intentionally or unintentionally by
authorized users, or by unauthorized external entities that have compromised system accounts,
is a serious and ongoing concern and can have significant adverse impacts on organizations.
Auditing the use of privileged functions is one way to detect such misuse and identify
the risk from insider and advanced persistent threats.
<br><br>
Privileged programs are subject to escalation-of-privilege attacks,
which attempt to subvert their normal role of providing some necessary but
limited capability. As such, motivation exists to monitor these programs for
unusual activity.</div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">audit augenrules</span>Â 
        <span class="label label-default">oval:ssg-test_audit_rules_augenrules:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>Requires=augenrules.service</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules pam_timestamp_check</span>Â 
        <span class="label label-default">oval:ssg-test_audit_rules_privileged_commands_pam_timestamp_check_augenrules:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/privileged.rules</td><td>-a always,exit -F path=/sbin/pam_timestamp_check -F perm=x -F auid&gt;=1000 -F auid!=unset -F key=privileged</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl</span>Â 
        <span class="label label-default">oval:ssg-test_audit_rules_auditctl:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_audit_rules_auditctl:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>^ExecStartPost=\-\/sbin\/auditctl.*$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl pam_timestamp_check</span>Â 
        <span class="label label-default">oval:ssg-test_audit_rules_privileged_commands_pam_timestamp_check_auditctl:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-a always,exit -F path=/sbin/pam_timestamp_check -F perm=x -F auid&gt;=1000 -F auid!=unset -F key=privileged</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_passmass" id="rule-detail-id34381"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Ensure auditd Collects Information on the Use of Privileged Commands - passmassxccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_passmass mediumCCE-85599-9 </div><div class="panel-heading"><h3 class="panel-title">Ensure auditd Collects Information on the Use of Privileged Commands - passmass</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_passmass</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-audit_rules_privileged_commands_passmass:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:07+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
            <abbr title="https://ncp.nist.gov/cce: CCE-85599-9">CCE-85599-9</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
            <a href="https://public.cyber.mil/stigs/cci/">CCI-000130</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000172</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002884</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000037-GPOS-00015</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">SLES-15-030490</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-234948r622137_rule</a></p></td></tr><tr><td>Description</td><td><div class="description">At a minimum, the audit system should collect the execution of
privileged commands for all users and root. If the <code>auditd</code> daemon is
configured to use the <code>augenrules</code> program to read audit rules during
daemon startup (the default), add a line of the following form to a file with
suffix <code>.rules</code> in the directory <code>/etc/audit/rules.d</code>:
<pre>-a always,exit -F path=/usr/bin/passmass -F perm=x -F auid&gt;=1000 -F auid!=unset -F key=privileged</pre>
If the <code>auditd</code> daemon is configured to use the <code>auditctl</code>
utility to read audit rules during daemon startup, add a line of the following
form to <code>/etc/audit/audit.rules</code>:
<pre>-a always,exit -F path=/usr/bin/passmass -F perm=x -F auid&gt;=1000 -F auid!=unset -F key=privileged</pre></div></td></tr><tr><td>Rationale</td><td><div class="rationale">Misuse of privileged functions, either intentionally or unintentionally by
authorized users, or by unauthorized external entities that have compromised system accounts,
is a serious and ongoing concern and can have significant adverse impacts on organizations.
Auditing the use of privileged functions is one way to detect such misuse and identify
the risk from insider and advanced persistent threats.
<br><br>
Privileged programs are subject to escalation-of-privilege attacks,
which attempt to subvert their normal role of providing some necessary but
limited capability. As such, motivation exists to monitor these programs for
unusual activity.</div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">audit augenrules</span>Â 
        <span class="label label-default">oval:ssg-test_audit_rules_augenrules:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>Requires=augenrules.service</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules passmass</span>Â 
        <span class="label label-default">oval:ssg-test_audit_rules_privileged_commands_passmass_augenrules:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/privileged.rules</td><td>-a always,exit -F path=/usr/bin/passmass -F perm=x -F auid&gt;=1000 -F auid!=unset -F key=privileged</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl</span>Â 
        <span class="label label-default">oval:ssg-test_audit_rules_auditctl:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_audit_rules_auditctl:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>^ExecStartPost=\-\/sbin\/auditctl.*$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl passmass</span>Â 
        <span class="label label-default">oval:ssg-test_audit_rules_privileged_commands_passmass_auditctl:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-a always,exit -F path=/usr/bin/passmass -F perm=x -F auid&gt;=1000 -F auid!=unset -F key=privileged</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_passwd" id="rule-detail-id34382"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Ensure auditd Collects Information on the Use of Privileged Commands - passwdxccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_passwd mediumCCE-85583-3 </div><div class="panel-heading"><h3 class="panel-title">Ensure auditd Collects Information on the Use of Privileged Commands - passwd</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_passwd</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-audit_rules_privileged_commands_passwd:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:07+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
            <abbr title="https://ncp.nist.gov/cce: CCE-85583-3">CCE-85583-3</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000130</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000135</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000172</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002884</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-004-6 R2.2.2</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-004-6 R2.2.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R.1.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.1.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.1.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.2.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.2.3</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-2(4)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000037-GPOS-00015</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000042-GPOS-00020</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000062-GPOS-00031</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000392-GPOS-00172</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000462-GPOS-00206</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000471-GPOS-00215</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=application-servers">SRG-APP-000029-CTR-000085</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">SLES-15-030070</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-234906r622137_rule</a></p></td></tr><tr><td>Description</td><td><div class="description">At a minimum, the audit system should collect the execution of
privileged commands for all users and root. If the <code>auditd</code> daemon is
configured to use the <code>augenrules</code> program to read audit rules during
daemon startup (the default), add a line of the following form to a file with
suffix <code>.rules</code> in the directory <code>/etc/audit/rules.d</code>:
<pre>-a always,exit -F path=/usr/bin/passwd -F perm=x -F auid&gt;=1000 -F auid!=unset -F key=privileged</pre>
If the <code>auditd</code> daemon is configured to use the <code>auditctl</code>
utility to read audit rules during daemon startup, add a line of the following
form to <code>/etc/audit/audit.rules</code>:
<pre>-a always,exit -F path=/usr/bin/passwd -F perm=x -F auid&gt;=1000 -F auid!=unset -F key=privileged</pre></div></td></tr><tr><td>Rationale</td><td><div class="rationale">Misuse of privileged functions, either intentionally or unintentionally by
authorized users, or by unauthorized external entities that have compromised system accounts,
is a serious and ongoing concern and can have significant adverse impacts on organizations.
Auditing the use of privileged functions is one way to detect such misuse and identify
the risk from insider and advanced persistent threats.
<br><br>
Privileged programs are subject to escalation-of-privilege attacks,
which attempt to subvert their normal role of providing some necessary but
limited capability. As such, motivation exists to monitor these programs for
unusual activity.</div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">audit augenrules</span>Â 
        <span class="label label-default">oval:ssg-test_audit_rules_augenrules:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>Requires=augenrules.service</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules passwd</span>Â 
        <span class="label label-default">oval:ssg-test_audit_rules_privileged_commands_passwd_augenrules:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/privileged.rules</td><td>-a always,exit -F path=/usr/bin/passwd -F perm=x -F auid&gt;=1000 -F auid!=unset -F key=privileged</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl</span>Â 
        <span class="label label-default">oval:ssg-test_audit_rules_auditctl:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_audit_rules_auditctl:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>^ExecStartPost=\-\/sbin\/auditctl.*$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl passwd</span>Â 
        <span class="label label-default">oval:ssg-test_audit_rules_privileged_commands_passwd_auditctl:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-a always,exit -F path=/usr/bin/passwd -F perm=x -F auid&gt;=1000 -F auid!=unset -F key=privileged</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_rmmod" id="rule-detail-id34383"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Ensure auditd Collects Information on the Use of Privileged Commands - rmmodxccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_rmmod mediumCCE-85732-6 </div><div class="panel-heading"><h3 class="panel-title">Ensure auditd Collects Information on the Use of Privileged Commands - rmmod</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_rmmod</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-audit_rules_privileged_commands_rmmod:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:07+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
            <abbr title="https://ncp.nist.gov/cce: CCE-85732-6">CCE-85732-6</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R73)</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000130</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000172</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002884</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12.1(iv)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-3</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-3.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12.1(ii)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">MA-4(1)(a)</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000037-GPOS-00015</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000062-GPOS-00031</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000392-GPOS-00172</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000462-GPOS-00206</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000471-GPOS-00215</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">SLES-15-030390</a>, <a href="https://www.cisecurity.org/benchmark/suse_linux/">4.1.16</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-234938r622137_rule</a></p></td></tr><tr><td>Description</td><td><div class="description">At a minimum, the audit system should collect the execution of
privileged commands for all users and root. If the <code>auditd</code> daemon is
configured to use the <code>augenrules</code> program to read audit rules during
daemon startup (the default), add a line of the following form to a file with
suffix <code>.rules</code> in the directory <code>/etc/audit/rules.d</code>:
<pre>-w /sbin/rmmod -p x -k modules</pre></div></td></tr><tr><td>Rationale</td><td><div class="rationale">Misuse of privileged functions, either intentionally or unintentionally by
authorized users, or by unauthorized external entities that have compromised system accounts,
is a serious and ongoing concern and can have significant adverse impacts on organizations.
Auditing the use of privileged functions is one way to detect such misuse and identify
the risk from insider and advanced persistent threats.
<br><br>
Privileged programs are subject to escalation-of-privilege attacks,
which attempt to subvert their normal role of providing some necessary but
limited capability. As such, motivation exists to monitor these programs for
unusual activity.</div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">audit augenrules</span>Â 
        <span class="label label-default">oval:ssg-test_audit_rules_augenrules:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>Requires=augenrules.service</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules rmmod</span>Â 
        <span class="label label-default">oval:ssg-test_rmmod_augenrules:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/modules.rules</td><td>-w /sbin/rmmod -p x -k modules</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl</span>Â 
        <span class="label label-default">oval:ssg-test_audit_rules_auditctl:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_audit_rules_auditctl:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>^ExecStartPost=\-\/sbin\/auditctl.*$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl rmmod</span>Â 
        <span class="label label-default">oval:ssg-test_rmmod_auditctl:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-w /sbin/rmmod -p x -k modules</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_ssh_agent" id="rule-detail-id34384"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Record Any Attempts to Run ssh-agentxccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_ssh_agent mediumCCE-85590-8 </div><div class="panel-heading"><h3 class="panel-title">Record Any Attempts to Run ssh-agent</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_ssh_agent</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-audit_rules_privileged_commands_ssh_agent:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:07+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
            <abbr title="https://ncp.nist.gov/cce: CCE-85590-8">CCE-85590-8</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
            <a href="https://public.cyber.mil/stigs/cci/">CCI-000130</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000135</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000172</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002884</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000037-GPOS-00015</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000042-GPOS-00020</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000062-GPOS-00031</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000392-GPOS-00172</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000462-GPOS-00206</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000471-GPOS-00215</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">SLES-15-030370</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-234936r622137_rule</a></p></td></tr><tr><td>Description</td><td><div class="description">At a minimum, the audit system should collect any execution attempt
of the <code>ssh-agent</code> command for all users and root. If the <code>auditd</code>
daemon is configured to use the <code>augenrules</code> program to read audit rules
during daemon startup (the default), add the following lines to a file with suffix
<code>.rules</code> in the directory <code>/etc/audit/rules.d</code>:
<pre>-a always,exit -F path=/usr/bin/ssh-agent -F perm=x -F auid&gt;=1000 -F auid!=unset -k privileged-ssh-agent</pre>
If the <code>auditd</code> daemon is configured to use the <code>auditctl</code>
utility to read audit rules during daemon startup, add the following lines to
<code>/etc/audit/audit.rules</code> file:
<pre>-a always,exit -F path=/usr/bin/ssh-agent -F perm=x -F auid&gt;=1000 -F auid!=unset -k privileged-ssh-agent</pre></div></td></tr><tr><td>Rationale</td><td><div class="rationale">Without generating audit records that are specific to the security and
mission needs of the organization, it would be difficult to establish,
correlate, and investigate the events relating to an incident or identify
those responsible for one.

Audit records can be generated from various components within the
information system (e.g., module or policy filter).</div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">audit augenrules</span>Â 
        <span class="label label-default">oval:ssg-test_audit_rules_augenrules:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>Requires=augenrules.service</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules ssh_agent</span>Â 
        <span class="label label-default">oval:ssg-test_audit_rules_privileged_commands_ssh_agent_augenrules:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/privileged.rules</td><td>-a always,exit -F path=/usr/bin/ssh-agent -F perm=x -F auid&gt;=1000 -F auid!=unset -F key=privileged</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl</span>Â 
        <span class="label label-default">oval:ssg-test_audit_rules_auditctl:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_audit_rules_auditctl:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>^ExecStartPost=\-\/sbin\/auditctl.*$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl ssh_agent</span>Â 
        <span class="label label-default">oval:ssg-test_audit_rules_privileged_commands_ssh_agent_auditctl:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-a always,exit -F path=/usr/bin/ssh-agent -F perm=x -F auid&gt;=1000 -F auid!=unset -F key=privileged</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_ssh_keysign" id="rule-detail-id34385"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Ensure auditd Collects Information on the Use of Privileged Commands - ssh-keysignxccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_ssh_keysign mediumCCE-85582-5 </div><div class="panel-heading"><h3 class="panel-title">Ensure auditd Collects Information on the Use of Privileged Commands - ssh-keysign</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_ssh_keysign</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-audit_rules_privileged_commands_ssh_keysign:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:07+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
            <abbr title="https://ncp.nist.gov/cce: CCE-85582-5">CCE-85582-5</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000130</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000135</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000172</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002884</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000037-GPOS-00015</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000042-GPOS-00020</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000062-GPOS-00031</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000392-GPOS-00172</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000462-GPOS-00206</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000471-GPOS-00215</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=application-servers">SRG-APP-000029-CTR-000085</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">SLES-15-030060</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-234905r622137_rule</a></p></td></tr><tr><td>Description</td><td><div class="description">At a minimum, the audit system should collect the execution of
privileged commands for all users and root. If the <code>auditd</code> daemon is
configured to use the <code>augenrules</code> program to read audit rules during
daemon startup (the default), add a line of the following form to a file with
suffix <code>.rules</code> in the directory <code>/etc/audit/rules.d</code>:
<pre>-a always,exit -F path=/usr/lib/ssh/ssh-keysign -F perm=x -F auid&gt;=1000 -F auid!=unset -F key=privileged</pre>
If the <code>auditd</code> daemon is configured to use the <code>auditctl</code>
utility to read audit rules during daemon startup, add a line of the following
form to <code>/etc/audit/audit.rules</code>:
<pre>-a always,exit -F path=/usr/lib/ssh/ssh-keysign -F perm=x -F auid&gt;=1000 -F auid!=unset -F key=privileged</pre></div></td></tr><tr><td>Rationale</td><td><div class="rationale">Misuse of privileged functions, either intentionally or unintentionally by
authorized users, or by unauthorized external entities that have compromised system accounts,
is a serious and ongoing concern and can have significant adverse impacts on organizations.
Auditing the use of privileged functions is one way to detect such misuse and identify
the risk from insider and advanced persistent threats.
<br><br>
Privileged programs are subject to escalation-of-privilege attacks,
which attempt to subvert their normal role of providing some necessary but
limited capability. As such, motivation exists to monitor these programs for
unusual activity.</div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">audit augenrules</span>Â 
        <span class="label label-default">oval:ssg-test_audit_rules_augenrules:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>Requires=augenrules.service</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules ssh_keysign</span>Â 
        <span class="label label-default">oval:ssg-test_audit_rules_privileged_commands_ssh_keysign_augenrules:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/privileged.rules</td><td>-a always,exit -F path=/usr/lib/ssh/ssh-keysign -F perm=x -F auid&gt;=1000 -F auid!=unset -F key=privileged</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl</span>Â 
        <span class="label label-default">oval:ssg-test_audit_rules_auditctl:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_audit_rules_auditctl:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>^ExecStartPost=\-\/sbin\/auditctl.*$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl ssh_keysign</span>Â 
        <span class="label label-default">oval:ssg-test_audit_rules_privileged_commands_ssh_keysign_auditctl:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-a always,exit -F path=/usr/lib/ssh/ssh-keysign -F perm=x -F auid&gt;=1000 -F auid!=unset -F key=privileged</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_su" id="rule-detail-id34386"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Ensure auditd Collects Information on the Use of Privileged Commands - suxccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_su mediumCCE-85602-1 </div><div class="panel-heading"><h3 class="panel-title">Ensure auditd Collects Information on the Use of Privileged Commands - su</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_su</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-audit_rules_privileged_commands_su:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:07+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
            <abbr title="https://ncp.nist.gov/cce: CCE-85602-1">CCE-85602-1</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000130</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000135</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000172</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002884</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000037-GPOS-00015</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000042-GPOS-00020</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000062-GPOS-00031</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000064-GPOS-0003</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000392-GPOS-00172</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000462-GPOS-00206</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000471-GPOS-00215</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000466-GPOS-00210</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=application-servers">SRG-APP-000029-CTR-000085</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">SLES-15-030550</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-234954r622137_rule</a></p></td></tr><tr><td>Description</td><td><div class="description">At a minimum, the audit system should collect the execution of
privileged commands for all users and root. If the <code>auditd</code> daemon is
configured to use the <code>augenrules</code> program to read audit rules during
daemon startup (the default), add a line of the following form to a file with
suffix <code>.rules</code> in the directory <code>/etc/audit/rules.d</code>:
<pre>-a always,exit -F path=/usr/bin/su -F perm=x -F auid&gt;=1000 -F auid!=unset -F key=privileged</pre>
If the <code>auditd</code> daemon is configured to use the <code>auditctl</code>
utility to read audit rules during daemon startup, add a line of the following
form to <code>/etc/audit/audit.rules</code>:
<pre>-a always,exit -F path=/usr/bin/su -F perm=x -F auid&gt;=1000 -F auid!=unset -F key=privileged</pre></div></td></tr><tr><td>Rationale</td><td><div class="rationale">Misuse of privileged functions, either intentionally or unintentionally by
authorized users, or by unauthorized external entities that have compromised system accounts,
is a serious and ongoing concern and can have significant adverse impacts on organizations.
Auditing the use of privileged functions is one way to detect such misuse and identify
the risk from insider and advanced persistent threats.
<br><br>
Privileged programs are subject to escalation-of-privilege attacks,
which attempt to subvert their normal role of providing some necessary but
limited capability. As such, motivation exists to monitor these programs for
unusual activity.</div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">audit augenrules</span>Â 
        <span class="label label-default">oval:ssg-test_audit_rules_augenrules:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>Requires=augenrules.service</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules su</span>Â 
        <span class="label label-default">oval:ssg-test_audit_rules_privileged_commands_su_augenrules:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/privileged.rules</td><td>-a always,exit -F path=/usr/bin/su -F perm=x -F auid&gt;=1000 -F auid!=unset -F key=privileged</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl</span>Â 
        <span class="label label-default">oval:ssg-test_audit_rules_auditctl:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_audit_rules_auditctl:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>^ExecStartPost=\-\/sbin\/auditctl.*$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl su</span>Â 
        <span class="label label-default">oval:ssg-test_audit_rules_privileged_commands_su_auditctl:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-a always,exit -F path=/usr/bin/su -F perm=x -F auid&gt;=1000 -F auid!=unset -F key=privileged</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_sudo" id="rule-detail-id34387"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Ensure auditd Collects Information on the Use of Privileged Commands - sudoxccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_sudo mediumCCE-85603-9 </div><div class="panel-heading"><h3 class="panel-title">Ensure auditd Collects Information on the Use of Privileged Commands - sudo</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_sudo</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-audit_rules_privileged_commands_sudo:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:07+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
            <abbr title="https://ncp.nist.gov/cce: CCE-85603-9">CCE-85603-9</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R19)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000130</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000135</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000172</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002884</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000037-GPOS-00015</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000042-GPOS-00020</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000062-GPOS-00031</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000392-GPOS-00172</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000462-GPOS-00206</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000471-GPOS-00215</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000466-GPOS-00210</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=application-servers">SRG-APP-000029-CTR-000085</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">SLES-15-030560</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-234955r622137_rule</a></p></td></tr><tr><td>Description</td><td><div class="description">At a minimum, the audit system should collect the execution of
privileged commands for all users and root. If the <code>auditd</code> daemon is
configured to use the <code>augenrules</code> program to read audit rules during
daemon startup (the default), add a line of the following form to a file with
suffix <code>.rules</code> in the directory <code>/etc/audit/rules.d</code>:
<pre>-a always,exit -F path=/usr/bin/sudo -F perm=x -F auid&gt;=1000 -F auid!=unset -F key=privileged</pre>
If the <code>auditd</code> daemon is configured to use the <code>auditctl</code>
utility to read audit rules during daemon startup, add a line of the following
form to <code>/etc/audit/audit.rules</code>:
<pre>-a always,exit -F path=/usr/bin/sudo -F perm=x -F auid&gt;=1000 -F auid!=unset -F key=privileged</pre></div></td></tr><tr><td>Rationale</td><td><div class="rationale">Misuse of privileged functions, either intentionally or unintentionally by
authorized users, or by unauthorized external entities that have compromised system accounts,
is a serious and ongoing concern and can have significant adverse impacts on organizations.
Auditing the use of privileged functions is one way to detect such misuse and identify
the risk from insider and advanced persistent threats.
<br><br>
Privileged programs are subject to escalation-of-privilege attacks,
which attempt to subvert their normal role of providing some necessary but
limited capability. As such, motivation exists to monitor these programs for
unusual activity.</div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">audit augenrules</span>Â 
        <span class="label label-default">oval:ssg-test_audit_rules_augenrules:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>Requires=augenrules.service</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules sudo</span>Â 
        <span class="label label-default">oval:ssg-test_audit_rules_privileged_commands_sudo_augenrules:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/privileged.rules</td><td>-a always,exit -F path=/usr/bin/sudo -F perm=x -F auid&gt;=1000 -F auid!=unset -F key=privileged</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl</span>Â 
        <span class="label label-default">oval:ssg-test_audit_rules_auditctl:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_audit_rules_auditctl:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>^ExecStartPost=\-\/sbin\/auditctl.*$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl sudo</span>Â 
        <span class="label label-default">oval:ssg-test_audit_rules_privileged_commands_sudo_auditctl:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-a always,exit -F path=/usr/bin/sudo -F perm=x -F auid&gt;=1000 -F auid!=unset -F key=privileged</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_sudoedit" id="rule-detail-id34388"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Ensure auditd Collects Information on the Use of Privileged Commands - sudoeditxccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_sudoedit mediumCCE-85717-7 </div><div class="panel-heading"><h3 class="panel-title">Ensure auditd Collects Information on the Use of Privileged Commands - sudoedit</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_sudoedit</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-audit_rules_privileged_commands_sudoedit:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:07+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
            <abbr title="https://ncp.nist.gov/cce: CCE-85717-7">CCE-85717-7</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000130</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000135</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000172</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002884</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-3</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-3.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12.1(ii)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12.1(iv)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000037-GPOS-00015</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000042-GPOS-00020</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000062-GPOS-00031</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000392-GPOS-00172</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000462-GPOS-00206</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000471-GPOS-00215</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">SLES-15-030330</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-234932r622137_rule</a></p></td></tr><tr><td>Description</td><td><div class="description">At a minimum, the audit system should collect the execution of
privileged commands for all users and root. If the <code>auditd</code> daemon is
configured to use the <code>augenrules</code> program to read audit rules during
daemon startup (the default), add a line of the following form to a file with
suffix <code>.rules</code> in the directory <code>/etc/audit/rules.d</code>:
<pre>-a always,exit -F path=/usr/bin/sudoedit -F perm=x -F auid&gt;=1000 -F auid!=unset -F key=privileged</pre>
If the <code>auditd</code> daemon is configured to use the <code>auditctl</code>
utility to read audit rules during daemon startup, add a line of the following
form to <code>/etc/audit/audit.rules</code>:
<pre>-a always,exit -F path=/usr/bin/sudoedit -F perm=x -F auid&gt;=1000 -F auid!=unset -F key=privileged</pre></div></td></tr><tr><td>Rationale</td><td><div class="rationale">Misuse of privileged functions, either intentionally or unintentionally by
authorized users, or by unauthorized external entities that have compromised system accounts,
is a serious and ongoing concern and can have significant adverse impacts on organizations.
Auditing the use of privileged functions is one way to detect such misuse and identify
the risk from insider and advanced persistent threats.
<br><br>
Privileged programs are subject to escalation-of-privilege attacks,
which attempt to subvert their normal role of providing some necessary but
limited capability. As such, motivation exists to monitor these programs for
unusual activity.</div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">audit augenrules</span>Â 
        <span class="label label-default">oval:ssg-test_audit_rules_augenrules:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>Requires=augenrules.service</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules sudoedit</span>Â 
        <span class="label label-default">oval:ssg-test_audit_rules_privileged_commands_sudoedit_augenrules:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/privileged.rules</td><td>-a always,exit -F path=/usr/bin/sudoedit -F perm=x -F auid&gt;=1000 -F auid!=unset -F key=privileged</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl</span>Â 
        <span class="label label-default">oval:ssg-test_audit_rules_auditctl:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_audit_rules_auditctl:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>^ExecStartPost=\-\/sbin\/auditctl.*$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl sudoedit</span>Â 
        <span class="label label-default">oval:ssg-test_audit_rules_privileged_commands_sudoedit_auditctl:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-a always,exit -F path=/usr/bin/sudoedit -F perm=x -F auid&gt;=1000 -F auid!=unset -F key=privileged</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_unix2_chkpwd" id="rule-detail-id34389"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Ensure auditd Collects Information on the Use of Privileged Commands - unix2_chkpwdxccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_unix2_chkpwd mediumCCE-85762-3 </div><div class="panel-heading"><h3 class="panel-title">Ensure auditd Collects Information on the Use of Privileged Commands - unix2_chkpwd</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_unix2_chkpwd</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-audit_rules_privileged_commands_unix2_chkpwd:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:07+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
            <abbr title="https://ncp.nist.gov/cce: CCE-85762-3">CCE-85762-3</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000130</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000135</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000172</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002884</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-2(4)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-3</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-3.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12.1(ii)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12.1(iv)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">MA-4(1)(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000042-GPOS-00020</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000392-GPOS-00172</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000471-GPOS-00215</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000037-GPOS-00015</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">SLES-15-030110</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-234910r622137_rule</a></p></td></tr><tr><td>Description</td><td><div class="description">At a minimum, the audit system should collect the execution of
privileged commands for all users and root. If the <code>auditd</code> daemon is
configured to use the <code>augenrules</code> program to read audit rules during
daemon startup (the default), add a line of the following form to a file with
suffix <code>.rules</code> in the directory <code>/etc/audit/rules.d</code>:
<pre>-a always,exit -F path=/sbin/unix2_chkpwd -F perm=x -F auid&gt;=1000 -F auid!=unset -F key=privileged</pre>
If the <code>auditd</code> daemon is configured to use the <code>auditctl</code>
utility to read audit rules during daemon startup, add a line of the following
form to <code>/etc/audit/audit.rules</code>:
<pre>-a always,exit -F path=/sbin/unix2_chkpwd -F perm=x -F auid&gt;=1000 -F auid!=unset -F key=privileged</pre></div></td></tr><tr><td>Rationale</td><td><div class="rationale">Misuse of privileged functions, either intentionally or unintentionally by
authorized users, or by unauthorized external entities that have compromised system accounts,
is a serious and ongoing concern and can have significant adverse impacts on organizations.
Auditing the use of privileged functions is one way to detect such misuse and identify
the risk from insider and advanced persistent threats.
<br><br>
Privileged programs are subject to escalation-of-privilege attacks,
which attempt to subvert their normal role of providing some necessary but
limited capability. As such, motivation exists to monitor these programs for
unusual activity.</div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">audit augenrules</span>Â 
        <span class="label label-default">oval:ssg-test_audit_rules_augenrules:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>Requires=augenrules.service</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules unix2_chkpwd</span>Â 
        <span class="label label-default">oval:ssg-test_audit_rules_privileged_commands_unix2_chkpwd_augenrules:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/privileged.rules</td><td>-a always,exit -F path=/sbin/unix2_chkpwd -F perm=x -F auid&gt;=1000 -F auid!=unset -F key=privileged</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl</span>Â 
        <span class="label label-default">oval:ssg-test_audit_rules_auditctl:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_audit_rules_auditctl:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>^ExecStartPost=\-\/sbin\/auditctl.*$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl unix2_chkpwd</span>Â 
        <span class="label label-default">oval:ssg-test_audit_rules_privileged_commands_unix2_chkpwd_auditctl:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-a always,exit -F path=/sbin/unix2_chkpwd -F perm=x -F auid&gt;=1000 -F auid!=unset -F key=privileged</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_unix_chkpwd" id="rule-detail-id34390"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Ensure auditd Collects Information on the Use of Privileged Commands - unix_chkpwdxccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_unix_chkpwd mediumCCE-85727-6 </div><div class="panel-heading"><h3 class="panel-title">Ensure auditd Collects Information on the Use of Privileged Commands - unix_chkpwd</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_unix_chkpwd</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-audit_rules_privileged_commands_unix_chkpwd:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:07+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
            <abbr title="https://ncp.nist.gov/cce: CCE-85727-6">CCE-85727-6</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000130</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000135</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000172</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002884</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-004-6 R2.2.2</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-004-6 R2.2.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R.1.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.1.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.1.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.2.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.2.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R6.5</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-2(4)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-3</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-3.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12.1(ii)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12.1(iv)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">MA-4(1)(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000037-GPOS-00015</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000042-GPOS-00020</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000062-GPOS-00031</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000392-GPOS-00172</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000462-GPOS-00206</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000471-GPOS-00215</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=application-servers">SRG-APP-000029-CTR-000085</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">SLES-15-030110</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-234910r622137_rule</a></p></td></tr><tr><td>Description</td><td><div class="description">At a minimum, the audit system should collect the execution of
privileged commands for all users and root. If the <code>auditd</code> daemon is
configured to use the <code>augenrules</code> program to read audit rules during
daemon startup (the default), add a line of the following form to a file with
suffix <code>.rules</code> in the directory <code>/etc/audit/rules.d</code>:
<pre>-a always,exit -F path=/usr/sbin/unix_chkpwd -F perm=x -F auid&gt;=1000 -F auid!=unset -F key=privileged</pre>
If the <code>auditd</code> daemon is configured to use the <code>auditctl</code>
utility to read audit rules during daemon startup, add a line of the following
form to <code>/etc/audit/audit.rules</code>:
<pre>-a always,exit -F path=/usr/sbin/unix_chkpwd -F perm=x -F auid&gt;=1000 -F auid!=unset -F key=privileged</pre></div></td></tr><tr><td>Rationale</td><td><div class="rationale">Misuse of privileged functions, either intentionally or unintentionally by
authorized users, or by unauthorized external entities that have compromised system accounts,
is a serious and ongoing concern and can have significant adverse impacts on organizations.
Auditing the use of privileged functions is one way to detect such misuse and identify
the risk from insider and advanced persistent threats.
<br><br>
Privileged programs are subject to escalation-of-privilege attacks,
which attempt to subvert their normal role of providing some necessary but
limited capability. As such, motivation exists to monitor these programs for
unusual activity.</div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">audit augenrules</span>Â 
        <span class="label label-default">oval:ssg-test_audit_rules_augenrules:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>Requires=augenrules.service</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules unix_chkpwd</span>Â 
        <span class="label label-default">oval:ssg-test_audit_rules_privileged_commands_unix_chkpwd_augenrules:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/privileged.rules</td><td>-a always,exit -F path=/sbin/unix_chkpwd -F perm=x -F auid&gt;=1000 -F auid!=unset -F key=privileged</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl</span>Â 
        <span class="label label-default">oval:ssg-test_audit_rules_auditctl:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_audit_rules_auditctl:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>^ExecStartPost=\-\/sbin\/auditctl.*$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl unix_chkpwd</span>Â 
        <span class="label label-default">oval:ssg-test_audit_rules_privileged_commands_unix_chkpwd_auditctl:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-a always,exit -F path=/sbin/unix_chkpwd -F perm=x -F auid&gt;=1000 -F auid!=unset -F key=privileged</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_usermod" id="rule-detail-id34391"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Ensure auditd Collects Information on the Use of Privileged Commands - usermodxccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_usermod mediumCCE-85600-5 </div><div class="panel-heading"><h3 class="panel-title">Ensure auditd Collects Information on the Use of Privileged Commands - usermod</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_usermod</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-audit_rules_privileged_commands_usermod:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:07+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
            <abbr title="https://ncp.nist.gov/cce: CCE-85600-5">CCE-85600-5</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
            <a href="https://public.cyber.mil/stigs/cci/">CCI-000130</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000135</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000172</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002884</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000037-GPOS-00015</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000042-GPOS-00020</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000062-GPOS-00031</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000392-GPOS-00172</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000462-GPOS-00206</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000471-GPOS-00215</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000466-GPOS-00210</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">SLES-15-030500</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-234949r622137_rule</a></p></td></tr><tr><td>Description</td><td><div class="description">At a minimum, the audit system should collect the execution of
privileged commands for all users and root. If the <code>auditd</code> daemon is
configured to use the <code>augenrules</code> program to read audit rules during
daemon startup (the default), add a line of the following form to a file with
suffix <code>.rules</code> in the directory <code>/etc/audit/rules.d</code>:
<pre>-a always,exit -F path=/usr/sbin/usermod -F perm=x -F auid&gt;=1000 -F auid!=unset -F key=privileged</pre>
If the <code>auditd</code> daemon is configured to use the <code>auditctl</code>
utility to read audit rules during daemon startup, add a line of the following
form to <code>/etc/audit/audit.rules</code>:
<pre>-a always,exit -F path=/usr/sbin/usermod -F perm=x -F auid&gt;=1000 -F auid!=unset -F key=privileged</pre></div></td></tr><tr><td>Rationale</td><td><div class="rationale">Misuse of privileged functions, either intentionally or unintentionally by
authorized users, or by unauthorized external entities that have compromised system accounts,
is a serious and ongoing concern and can have significant adverse impacts on organizations.
Auditing the use of privileged functions is one way to detect such misuse and identify
the risk from insider and advanced persistent threats.
<br><br>
Privileged programs are subject to escalation-of-privilege attacks,
which attempt to subvert their normal role of providing some necessary but
limited capability. As such, motivation exists to monitor these programs for
unusual activity.</div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">audit augenrules</span>Â 
        <span class="label label-default">oval:ssg-test_audit_rules_augenrules:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>Requires=augenrules.service</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules usermod</span>Â 
        <span class="label label-default">oval:ssg-test_audit_rules_privileged_commands_usermod_augenrules:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/privileged.rules</td><td>-a always,exit -F path=/usr/sbin/usermod -F perm=x -F auid&gt;=1000 -F auid!=unset -F key=privileged
</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl</span>Â 
        <span class="label label-default">oval:ssg-test_audit_rules_auditctl:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_audit_rules_auditctl:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>^ExecStartPost=\-\/sbin\/auditctl.*$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl usermod</span>Â 
        <span class="label label-default">oval:ssg-test_audit_rules_privileged_commands_usermod_auditctl:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-a always,exit -F path=/usr/sbin/usermod -F perm=x -F auid&gt;=1000 -F auid!=unset -F key=privileged</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_time_adjtimex" id="rule-detail-id34392"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Record attempts to alter time through adjtimexxccdf_org.ssgproject.content_rule_audit_rules_time_adjtimex mediumCCE-85814-2 </div><div class="panel-heading"><h3 class="panel-title">Record attempts to alter time through adjtimex</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_time_adjtimex</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-audit_rules_time_adjtimex:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:07+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
            <abbr title="https://ncp.nist.gov/cce: CCE-85814-2">CCE-85814-2</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R73)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001487</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.4.2.b</a>, <a href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">10.6.3</a>, <a href="https://www.cisecurity.org/benchmark/suse_linux/">4.1.3</a></p></td></tr><tr><td>Description</td><td><div class="description">If the <code>auditd</code> daemon is configured to use the
<code>augenrules</code> program to read audit rules during daemon startup (the
default), add the following line to a file with suffix <code>.rules</code> in the
directory <code>/etc/audit/rules.d</code>:
<pre>-a always,exit -F arch=b32 -S adjtimex -F key=audit_time_rules</pre>
If the system is 64 bit then also add the following line:
<pre>-a always,exit -F arch=b64 -S adjtimex -F key=audit_time_rules</pre>
If the <code>auditd</code> daemon is configured to use the <code>auditctl</code>
utility to read audit rules during daemon startup, add the following line to
<code>/etc/audit/audit.rules</code> file:
<pre>-a always,exit -F arch=b32 -S adjtimex -F key=audit_time_rules</pre>
If the system is 64 bit then also add the following line:
<pre>-a always,exit -F arch=b64 -S adjtimex -F key=audit_time_rules</pre>
The -k option allows for the specification of a key in string form that can be
used for better reporting capability through ausearch and aureport. Multiple
system calls can be defined on the same line to save space if desired, but is
not required. See an example of multiple combined syscalls:
<pre>-a always,exit -F arch=b64 -S adjtimex,settimeofday -F key=audit_time_rules</pre></div></td></tr><tr><td>Rationale</td><td><div class="rationale">Arbitrary changes to the system time can be used to obfuscate
nefarious activities in log files, as well as to confuse network services that
are highly dependent upon an accurate system time (such as sshd). All changes
to the system time should be audited.</div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">audit augenrules</span>Â 
        <span class="label label-default">oval:ssg-test_audit_rules_augenrules:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>Requires=augenrules.service</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules 32-bit adjtimex</span>Â 
        <span class="label label-default">oval:ssg-test_32bit_art_adjtimex_augenrules:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/audit_time_rules.rules</td><td>-a always,exit -F arch=b32 -S adjtimex -S settimeofday -S stime -F key=audit_time_rules</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_x86_64:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_ppc_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="64 bit architecture">oval:ssg-object_system_info_architecture_ppcle_64:obj:1</abbr></strong> of type
                <strong>uname_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_aarch_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_s390_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules 64-bit adjtimex</span>Â 
        <span class="label label-default">oval:ssg-test_64bit_art_adjtimex_augenrules:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/audit_time_rules.rules</td><td>-a always,exit -F arch=b64 -S adjtimex -S settimeofday -F key=audit_time_rules</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl</span>Â 
        <span class="label label-default">oval:ssg-test_audit_rules_auditctl:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_audit_rules_auditctl:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>^ExecStartPost=\-\/sbin\/auditctl.*$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl 32-bit adjtimex</span>Â 
        <span class="label label-default">oval:ssg-test_32bit_art_adjtimex_auditctl:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-a always,exit -F arch=b32 -S adjtimex -S settimeofday -S stime -F key=audit_time_rules</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_x86_64:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_ppc_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="64 bit architecture">oval:ssg-object_system_info_architecture_ppcle_64:obj:1</abbr></strong> of type
                <strong>uname_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_aarch_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_s390_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl 64-bit adjtimex</span>Â 
        <span class="label label-default">oval:ssg-test_64bit_art_adjtimex_auditctl:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-a always,exit -F arch=b64 -S adjtimex -S settimeofday -F key=audit_time_rules</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_time_clock_settime" id="rule-detail-id34393"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Record Attempts to Alter Time Through clock_settimexccdf_org.ssgproject.content_rule_audit_rules_time_clock_settime mediumCCE-85816-7 </div><div class="panel-heading"><h3 class="panel-title">Record Attempts to Alter Time Through clock_settime</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_time_clock_settime</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-audit_rules_time_clock_settime:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:07+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
            <abbr title="https://ncp.nist.gov/cce: CCE-85816-7">CCE-85816-7</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R73)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001487</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.4.2.b</a>, <a href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">10.6.3</a></p></td></tr><tr><td>Description</td><td><div class="description">If the <code>auditd</code> daemon is configured to use the
<code>augenrules</code> program to read audit rules during daemon startup (the
default), add the following line to a file with suffix <code>.rules</code> in the
directory <code>/etc/audit/rules.d</code>:
<pre>-a always,exit -F arch=b32 -S clock_settime -F a0=0x0 -F key=time-change</pre>
If the system is 64 bit then also add the following line:
<pre>-a always,exit -F arch=b64 -S clock_settime -F a0=0x0 -F key=time-change</pre>
If the <code>auditd</code> daemon is configured to use the <code>auditctl</code>
utility to read audit rules during daemon startup, add the following line to
<code>/etc/audit/audit.rules</code> file:
<pre>-a always,exit -F arch=b32 -S clock_settime -F a0=0x0 -F key=time-change</pre>
If the system is 64 bit then also add the following line:
<pre>-a always,exit -F arch=b64 -S clock_settime -F a0=0x0 -F key=time-change</pre>
The -k option allows for the specification of a key in string form that can
be used for better reporting capability through ausearch and aureport.
Multiple system calls can be defined on the same line to save space if
desired, but is not required. See an example of multiple combined syscalls:
<pre>-a always,exit -F arch=b64 -S adjtimex,settimeofday -F key=audit_time_rules</pre></div></td></tr><tr><td>Rationale</td><td><div class="rationale">Arbitrary changes to the system time can be used to obfuscate
nefarious activities in log files, as well as to confuse network services that
are highly dependent upon an accurate system time (such as sshd). All changes
to the system time should be audited.</div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">audit augenrules</span>Â 
        <span class="label label-default">oval:ssg-test_audit_rules_augenrules:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>Requires=augenrules.service</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules 32-bit clock_settime</span>Â 
        <span class="label label-default">oval:ssg-test_32bit_art_clock_settime_augenrules:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/time-change.rules</td><td>-a always,exit -F arch=b32 -S clock_settime -F a0=0x0 -F key=time-change</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_x86_64:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_ppc_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="64 bit architecture">oval:ssg-object_system_info_architecture_ppcle_64:obj:1</abbr></strong> of type
                <strong>uname_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_aarch_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_s390_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules 64-bit clock_settime</span>Â 
        <span class="label label-default">oval:ssg-test_64bit_art_clock_settime_augenrules:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/time-change.rules</td><td>-a always,exit -F arch=b64 -S clock_settime -F a0=0x0 -F key=time-change
</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl</span>Â 
        <span class="label label-default">oval:ssg-test_audit_rules_auditctl:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_audit_rules_auditctl:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>^ExecStartPost=\-\/sbin\/auditctl.*$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl 32-bit clock_settime</span>Â 
        <span class="label label-default">oval:ssg-test_32bit_art_clock_settime_auditctl:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-a always,exit -F arch=b32 -S clock_settime -F a0=0x0 -F key=time-change</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_x86_64:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_ppc_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="64 bit architecture">oval:ssg-object_system_info_architecture_ppcle_64:obj:1</abbr></strong> of type
                <strong>uname_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_aarch_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_s390_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl 64-bit clock_settime</span>Â 
        <span class="label label-default">oval:ssg-test_64bit_art_clock_settime_auditctl:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-a always,exit -F arch=b64 -S clock_settime -F a0=0x0 -F key=time-change</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_time_settimeofday" id="rule-detail-id34394"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Record attempts to alter time through settimeofdayxccdf_org.ssgproject.content_rule_audit_rules_time_settimeofday mediumCCE-85813-4 </div><div class="panel-heading"><h3 class="panel-title">Record attempts to alter time through settimeofday</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_time_settimeofday</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-audit_rules_time_settimeofday:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:07+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
            <abbr title="https://ncp.nist.gov/cce: CCE-85813-4">CCE-85813-4</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001487</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.4.2.b</a>, <a href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">10.6.3</a>, <a href="https://www.cisecurity.org/benchmark/suse_linux/">4.1.3</a></p></td></tr><tr><td>Description</td><td><div class="description">If the <code>auditd</code> daemon is configured to use the
<code>augenrules</code> program to read audit rules during daemon startup (the
default), add the following line to a file with suffix <code>.rules</code> in the
directory <code>/etc/audit/rules.d</code>:
<pre>-a always,exit -F arch=b32 -S settimeofday -F key=audit_time_rules</pre>
If the system is 64 bit then also add the following line:
<pre>-a always,exit -F arch=b64 -S settimeofday -F key=audit_time_rules</pre>
If the <code>auditd</code> daemon is configured to use the <code>auditctl</code>
utility to read audit rules during daemon startup, add the following line to
<code>/etc/audit/audit.rules</code> file:
<pre>-a always,exit -F arch=b32 -S settimeofday -F key=audit_time_rules</pre>
If the system is 64 bit then also add the following line:
<pre>-a always,exit -F arch=b64 -S settimeofday -F key=audit_time_rules</pre>
The -k option allows for the specification of a key in string form that can be
used for better reporting capability through ausearch and aureport. Multiple
system calls can be defined on the same line to save space if desired, but is
not required. See an example of multiple combined syscalls:
<pre>-a always,exit -F arch=b64 -S adjtimex,settimeofday -F key=audit_time_rules</pre></div></td></tr><tr><td>Rationale</td><td><div class="rationale">Arbitrary changes to the system time can be used to obfuscate
nefarious activities in log files, as well as to confuse network services that
are highly dependent upon an accurate system time (such as sshd). All changes
to the system time should be audited.</div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">audit augenrules</span>Â 
        <span class="label label-default">oval:ssg-test_audit_rules_augenrules:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>Requires=augenrules.service</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules 32-bit settimeofday</span>Â 
        <span class="label label-default">oval:ssg-test_32bit_art_settimeofday_augenrules:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/audit_time_rules.rules</td><td>-a always,exit -F arch=b32 -S adjtimex -S settimeofday -S stime -F key=audit_time_rules</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_x86_64:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_ppc_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="64 bit architecture">oval:ssg-object_system_info_architecture_ppcle_64:obj:1</abbr></strong> of type
                <strong>uname_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_aarch_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_s390_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules 64-bit settimeofday</span>Â 
        <span class="label label-default">oval:ssg-test_64bit_art_settimeofday_augenrules:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/audit_time_rules.rules</td><td>-a always,exit -F arch=b64 -S adjtimex -S settimeofday -F key=audit_time_rules</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl</span>Â 
        <span class="label label-default">oval:ssg-test_audit_rules_auditctl:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_audit_rules_auditctl:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>^ExecStartPost=\-\/sbin\/auditctl.*$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl 32-bit settimeofday</span>Â 
        <span class="label label-default">oval:ssg-test_32bit_art_settimeofday_auditctl:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-a always,exit -F arch=b32 -S adjtimex -S settimeofday -S stime -F key=audit_time_rules</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_x86_64:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_ppc_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="64 bit architecture">oval:ssg-object_system_info_architecture_ppcle_64:obj:1</abbr></strong> of type
                <strong>uname_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_aarch_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_s390_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl 64-bit settimeofday</span>Â 
        <span class="label label-default">oval:ssg-test_64bit_art_settimeofday_auditctl:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-a always,exit -F arch=b64 -S adjtimex -S settimeofday -F key=audit_time_rules</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_time_stime" id="rule-detail-id34395"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Record Attempts to Alter Time Through stimexccdf_org.ssgproject.content_rule_audit_rules_time_stime mediumCCE-85815-9 </div><div class="panel-heading"><h3 class="panel-title">Record Attempts to Alter Time Through stime</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_time_stime</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-audit_rules_time_stime:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:07+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
            <abbr title="https://ncp.nist.gov/cce: CCE-85815-9">CCE-85815-9</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R73)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001487</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.4.2.b</a>, <a href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">10.6.3</a>, <a href="https://www.cisecurity.org/benchmark/suse_linux/">4.1.3</a></p></td></tr><tr><td>Description</td><td><div class="description">If the <code>auditd</code> daemon is configured to use the
<code>augenrules</code> program to read audit rules during daemon startup (the
default), add the following line to a file with suffix <code>.rules</code> in the
directory <code>/etc/audit/rules.d</code> for both 32 bit and 64 bit systems:
<pre>-a always,exit -F arch=b32 -S stime -F key=audit_time_rules</pre>
Since the 64 bit version of the "stime" system call is not defined in the audit
lookup table, the corresponding "-F arch=b64" form of this rule is not expected
to be defined on 64 bit systems (the aforementioned "-F arch=b32" stime rule
form itself is sufficient for both 32 bit and 64 bit systems). If the
<code>auditd</code> daemon is configured to use the <code>auditctl</code> utility to
read audit rules during daemon startup, add the following line to
<code>/etc/audit/audit.rules</code> file for both 32 bit and 64 bit systems:
<pre>-a always,exit -F arch=b32 -S stime -F key=audit_time_rules</pre>
Since the 64 bit version of the "stime" system call is not defined in the audit
lookup table, the corresponding "-F arch=b64" form of this rule is not expected
to be defined on 64 bit systems (the aforementioned "-F arch=b32" stime rule
form itself is sufficient for both 32 bit and 64 bit systems). The -k option
allows for the specification of a key in string form that can be used for
better reporting capability through ausearch and aureport. Multiple system
calls can be defined on the same line to save space if desired, but is not
required. See an example of multiple combined system calls:
<pre>-a always,exit -F arch=b64 -S adjtimex,settimeofday -F key=audit_time_rules</pre></div></td></tr><tr><td>Rationale</td><td><div class="rationale">Arbitrary changes to the system time can be used to obfuscate
nefarious activities in log files, as well as to confuse network services that
are highly dependent upon an accurate system time (such as sshd). All changes
to the system time should be audited.</div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">32 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_x86:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_x86_64:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_ppc_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="64 bit architecture">oval:ssg-object_system_info_architecture_ppcle_64:obj:1</abbr></strong> of type
                <strong>uname_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_aarch_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_s390_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules</span>Â 
        <span class="label label-default">oval:ssg-test_audit_rules_augenrules:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>Requires=augenrules.service</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules 32-bit stime</span>Â 
        <span class="label label-default">oval:ssg-test_32bit_art_stime_augenrules:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/audit_time_rules.rules</td><td>-a always,exit -F arch=b32 -S adjtimex -S settimeofday -S stime -F key=audit_time_rules</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl</span>Â 
        <span class="label label-default">oval:ssg-test_audit_rules_auditctl:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_audit_rules_auditctl:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>^ExecStartPost=\-\/sbin\/auditctl.*$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl 32-bit stime</span>Â 
        <span class="label label-default">oval:ssg-test_32bit_art_stime_auditctl:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-a always,exit -F arch=b32 -S adjtimex -S settimeofday -S stime -F key=audit_time_rules</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_time_watch_localtime" id="rule-detail-id34396"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Record Attempts to Alter the localtime Filexccdf_org.ssgproject.content_rule_audit_rules_time_watch_localtime mediumCCE-85812-6 </div><div class="panel-heading"><h3 class="panel-title">Record Attempts to Alter the localtime File</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_time_watch_localtime</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-audit_rules_time_watch_localtime:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:07+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
            <abbr title="https://ncp.nist.gov/cce: CCE-85812-6">CCE-85812-6</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R73)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001487</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.4.2.b</a>, <a href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">10.6.3</a>, <a href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">10.6.3</a>, <a href="https://www.cisecurity.org/benchmark/suse_linux/">4.1.3</a></p></td></tr><tr><td>Description</td><td><div class="description">If the <code>auditd</code> daemon is configured to use the
<code>augenrules</code> program to read audit rules during daemon startup (the default),
add the following line to a file with suffix <code>.rules</code> in the directory
<code>/etc/audit/rules.d</code>:
<pre>-w /etc/localtime -p wa -k audit_time_rules</pre>
If the <code>auditd</code> daemon is configured to use the <code>auditctl</code>
utility to read audit rules during daemon startup, add the following line to
<code>/etc/audit/audit.rules</code> file:
<pre>-w /etc/localtime -p wa -k audit_time_rules</pre>
The -k option allows for the specification of a key in string form that can
be used for better reporting capability through ausearch and aureport and
should always be used.</div></td></tr><tr><td>Rationale</td><td><div class="rationale">Arbitrary changes to the system time can be used to obfuscate
nefarious activities in log files, as well as to confuse network services that
are highly dependent upon an accurate system time (such as sshd). All changes
to the system time should be audited.</div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">audit augenrules</span>Â 
        <span class="label label-default">oval:ssg-test_audit_rules_augenrules:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>Requires=augenrules.service</td></tr></tbody></table><h4><span class="label label-primary">audit /etc/localtime watch augenrules</span>Â 
        <span class="label label-default">oval:ssg-test_artw_etc_localtime_augenrules:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/audit_time_rules.rules</td><td>-w /etc/localtime -p wa -k audit_time_rules</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl</span>Â 
        <span class="label label-default">oval:ssg-test_audit_rules_auditctl:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_audit_rules_auditctl:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>^ExecStartPost=\-\/sbin\/auditctl.*$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">audit /etc/localtime watch auditctl</span>Â 
        <span class="label label-default">oval:ssg-test_artw_etc_localtime_auditctl:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-w /etc/localtime -p wa -k audit_time_rules</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_enable_syscall_auditing" id="rule-detail-id34397"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Remove Default Configuration to Disable Syscall Auditingxccdf_org.ssgproject.content_rule_audit_rules_enable_syscall_auditing mediumCCE-85706-0 </div><div class="panel-heading"><h3 class="panel-title">Remove Default Configuration to Disable Syscall Auditing</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_enable_syscall_auditing</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-audit_rules_enable_syscall_auditing:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:06+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
            <abbr title="https://ncp.nist.gov/cce: CCE-85706-0">CCE-85706-0</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
            <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(b)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6.1(iv)</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">SLES-15-030820</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-234981r622137_rule</a></p></td></tr><tr><td>Description</td><td><div class="description">By default, SUSE Linux Enterprise 15 ships an audit rule to disable syscall
auditing for performance reasons.

To make sure that syscall auditing works, this line must be removed from
<code>/etc/audit/rules.d/audit.rules</code> and <code>/etc/audit/audit.rules</code>:

<pre>-a task,never</pre></div></td></tr><tr><td>Rationale</td><td><div class="rationale">Audit rules for syscalls do not take effect unless this line is removed.</div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">audit augenrules</span>Â 
        <span class="label label-default">oval:ssg-test_audit_rules_augenrules:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>Requires=augenrules.service</td></tr></tbody></table><h4><span class="label label-primary">check that no audit rule exists in /etc/audit/rules.d/*.rules that disables all syscall auditing</span>Â 
        <span class="label label-default">oval:ssg-test_enable_syscall_audit_augenrules:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_enable_syscall_audit_augenrules:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>^/etc/audit/rules\.d/.*\.rules$</td><td>^[\s]*-a[\s]+task,never[\s]*$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl</span>Â 
        <span class="label label-default">oval:ssg-test_audit_rules_auditctl:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_audit_rules_auditctl:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>^ExecStartPost=\-\/sbin\/auditctl.*$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">check that no audit rule exists in /etc/audit/audit.rules that disables all syscall auditing</span>Â 
        <span class="label label-default">oval:ssg-test_enable_syscall_audit_auditctl:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_enable_syscall_audit_auditctl:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>^[\s]*-a[\s]+task,never[\s]*$</td><td>1</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_immutable" id="rule-detail-id34398"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Make the auditd Configuration Immutablexccdf_org.ssgproject.content_rule_audit_rules_immutable mediumCCE-85831-6 </div><div class="panel-heading"><h3 class="panel-title">Make the auditd Configuration Immutable</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_immutable</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-audit_rules_immutable:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:06+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
            <abbr title="https://ncp.nist.gov/cce: CCE-85831-6">CCE-85831-6</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R73)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">18</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="https://www.isaca.org/resources/cobit">APO01.06</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.3.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.4.3</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000162</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000163</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000164</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iv)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.iso.org/standard/54534.html">A.10.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.5</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.DS-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.5.2</a>, <a href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">10.3.2</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000057-GPOS-00027</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000058-GPOS-00028</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000059-GPOS-00029</a>, <a href="https://www.cisecurity.org/benchmark/suse_linux/">4.1.17</a></p></td></tr><tr><td>Description</td><td><div class="description">If the <code>auditd</code> daemon is configured to use the
<code>augenrules</code> program to read audit rules during daemon startup (the
default), add the following line to a file with suffix <code>.rules</code> in the
directory <code>/etc/audit/rules.d</code> in order to make the auditd configuration
immutable:
<pre>-e 2</pre>
If the <code>auditd</code> daemon is configured to use the <code>auditctl</code>
utility to read audit rules during daemon startup, add the following line to
<code>/etc/audit/audit.rules</code> file in order to make the auditd configuration
immutable:
<pre>-e 2</pre>
With this setting, a reboot will be required to change any audit rules.</div></td></tr><tr><td>Rationale</td><td><div class="rationale">Making the audit configuration immutable prevents accidental as
well as malicious modification of the audit rules, although it may be
problematic if legitimate changes are needed during system
operation.</div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">audit augenrules</span>Â 
        <span class="label label-default">oval:ssg-test_audit_rules_augenrules:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>Requires=augenrules.service</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules configuration locked</span>Â 
        <span class="label label-default">oval:ssg-test_ari_locked_augenrules:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/immutable.rules</td><td>-e 2
</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl</span>Â 
        <span class="label label-default">oval:ssg-test_audit_rules_auditctl:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_audit_rules_auditctl:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>^ExecStartPost=\-\/sbin\/auditctl.*$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl configuration locked</span>Â 
        <span class="label label-default">oval:ssg-test_ari_locked_auditctl:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-e 2
</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_mac_modification" id="rule-detail-id34399"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Record Events that Modify the System's Mandatory Access Controlsxccdf_org.ssgproject.content_rule_audit_rules_mac_modification mediumCCE-85830-8 </div><div class="panel-heading"><h3 class="panel-title">Record Events that Modify the System's Mandatory Access Controls</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_mac_modification</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-audit_rules_mac_modification:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:06+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
            <abbr title="https://ncp.nist.gov/cce: CCE-85830-8">CCE-85830-8</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R73)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.8</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.5.5</a>, <a href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">10.3.4</a>, <a href="https://www.cisecurity.org/benchmark/suse_linux/">4.1.6</a></p></td></tr><tr><td>Description</td><td><div class="description">If the <code>auditd</code> daemon is configured to use the
<code>augenrules</code> program to read audit rules during daemon startup (the
default), add the following line to a file with suffix <code>.rules</code> in the
directory <code>/etc/audit/rules.d</code>:
<pre>-w /etc/selinux/ -p wa -k MAC-policy</pre>
If the <code>auditd</code> daemon is configured to use the <code>auditctl</code>
utility to read audit rules during daemon startup, add the following line to
<code>/etc/audit/audit.rules</code> file:
<pre>-w /etc/selinux/ -p wa -k MAC-policy</pre></div></td></tr><tr><td>Rationale</td><td><div class="rationale">The system's mandatory access policy (SELinux) should not be
arbitrarily changed by anything other than administrator action. All changes to
MAC policy should be audited.</div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">audit augenrules</span>Â 
        <span class="label label-default">oval:ssg-test_audit_rules_augenrules:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>Requires=augenrules.service</td></tr></tbody></table><h4><span class="label label-primary">audit selinux changes augenrules</span>Â 
        <span class="label label-default">oval:ssg-test_armm_selinux_watch_augenrules:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/MAC-policy.rules</td><td>-w /etc/selinux/ -p wa -k MAC-policy</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl</span>Â 
        <span class="label label-default">oval:ssg-test_audit_rules_auditctl:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_audit_rules_auditctl:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>^ExecStartPost=\-\/sbin\/auditctl.*$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">audit selinux changes auditctl</span>Â 
        <span class="label label-default">oval:ssg-test_armm_selinux_watch_auditctl:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-w /etc/selinux/ -p wa -k MAC-policy</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_media_export" id="rule-detail-id34400"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Ensure auditd Collects Information on Exporting to Media (successful)xccdf_org.ssgproject.content_rule_audit_rules_media_export mediumCCE-85718-5 </div><div class="panel-heading"><h3 class="panel-title">Ensure auditd Collects Information on Exporting to Media (successful)</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_media_export</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-audit_rules_media_export:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:06+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
            <abbr title="https://ncp.nist.gov/cce: CCE-85718-5">CCE-85718-5</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R73)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000130</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000135</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000172</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002884</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.2.7</a>, <a href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">10.2.1.7</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000037-GPOS-00015</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000042-GPOS-00020</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000062-GPOS-00031</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000392-GPOS-00172</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000462-GPOS-00206</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000471-GPOS-00215</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">SLES-15-030350</a>, <a href="https://www.cisecurity.org/benchmark/suse_linux/">4.1.12</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-234934r622137_rule</a></p></td></tr><tr><td>Description</td><td><div class="description">At a minimum, the audit system should collect media exportation
events for all users and root. If the <code>auditd</code> daemon is configured to
use the <code>augenrules</code> program to read audit rules during daemon startup
(the default), add the following line to a file with suffix <code>.rules</code> in
the directory <code>/etc/audit/rules.d</code>, setting ARCH to either b32 or b64 as
appropriate for your system:
<pre>-a always,exit -F arch=ARCH -S mount -F auid&gt;=1000 -F auid!=unset -F key=export</pre>
If the <code>auditd</code> daemon is configured to use the <code>auditctl</code>
utility to read audit rules during daemon startup, add the following line to
<code>/etc/audit/audit.rules</code> file, setting ARCH to either b32 or b64 as
appropriate for your system:
<pre>-a always,exit -F arch=ARCH -S mount -F auid&gt;=1000 -F auid!=unset -F key=export</pre></div></td></tr><tr><td>Rationale</td><td><div class="rationale">The unauthorized exportation of data to external media could result in an information leak
where classified information, Privacy Act information, and intellectual property could be lost. An audit
trail should be created each time a filesystem is mounted to help identify and guard against information
loss.</div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">audit augenrules</span>Â 
        <span class="label label-default">oval:ssg-test_audit_rules_augenrules:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>Requires=augenrules.service</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules 32-bit mount</span>Â 
        <span class="label label-default">oval:ssg-test_32bit_ardm_mount_augenrules:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/perm_mod.rules</td><td>-a always,exit -F arch=b32 -S mount -F auid&gt;=1000 -F auid!=unset -F key=perm_mod</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_x86_64:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_ppc_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="64 bit architecture">oval:ssg-object_system_info_architecture_ppcle_64:obj:1</abbr></strong> of type
                <strong>uname_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_aarch_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_s390_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules 64-bit mount</span>Â 
        <span class="label label-default">oval:ssg-test_64bit_ardm_mount_augenrules:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/perm_mod.rules</td><td>-a always,exit -F arch=b64 -S mount -F auid&gt;=1000 -F auid!=unset -F key=perm_mod</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl</span>Â 
        <span class="label label-default">oval:ssg-test_audit_rules_auditctl:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_audit_rules_auditctl:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>^ExecStartPost=\-\/sbin\/auditctl.*$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl 32-bit mount</span>Â 
        <span class="label label-default">oval:ssg-test_32bit_ardm_mount_auditctl:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-a always,exit -F arch=b32 -S mount -F auid&gt;=1000 -F auid!=unset -F key=perm_mod</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_x86_64:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_ppc_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="64 bit architecture">oval:ssg-object_system_info_architecture_ppcle_64:obj:1</abbr></strong> of type
                <strong>uname_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_aarch_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_s390_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl 64-bit mount</span>Â 
        <span class="label label-default">oval:ssg-test_64bit_ardm_mount_auditctl:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-a always,exit -F arch=b64 -S mount -F auid&gt;=1000 -F auid!=unset -F key=perm_mod</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_networkconfig_modification" id="rule-detail-id34401"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Record Events that Modify the System's Network Environmentxccdf_org.ssgproject.content_rule_audit_rules_networkconfig_modification mediumCCE-85828-2 </div><div class="panel-heading"><h3 class="panel-title">Record Events that Modify the System's Network Environment</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_networkconfig_modification</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-audit_rules_networkconfig_modification:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:06+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
            <abbr title="https://ncp.nist.gov/cce: CCE-85828-2">CCE-85828-2</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R73)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.5.5</a>, <a href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">10.3.4</a>, <a href="https://www.cisecurity.org/benchmark/suse_linux/">4.1.5</a></p></td></tr><tr><td>Description</td><td><div class="description">If the <code>auditd</code> daemon is configured to use the
<code>augenrules</code> program to read audit rules during daemon startup (the
default), add the following lines to a file with suffix <code>.rules</code> in the
directory <code>/etc/audit/rules.d</code>, setting ARCH to either b32 or b64 as
appropriate for your system:
<pre>-a always,exit -F arch=ARCH -S sethostname,setdomainname -F key=audit_rules_networkconfig_modification
-w /etc/issue -p wa -k audit_rules_networkconfig_modification
-w /etc/issue.net -p wa -k audit_rules_networkconfig_modification
-w /etc/hosts -p wa -k audit_rules_networkconfig_modification
-w /etc/sysconfig/network -p wa -k audit_rules_networkconfig_modification</pre>
If the <code>auditd</code> daemon is configured to use the <code>auditctl</code>
utility to read audit rules during daemon startup, add the following lines to
<code>/etc/audit/audit.rules</code> file, setting ARCH to either b32 or b64 as
appropriate for your system:
<pre>-a always,exit -F arch=ARCH -S sethostname,setdomainname -F key=audit_rules_networkconfig_modification
-w /etc/issue -p wa -k audit_rules_networkconfig_modification
-w /etc/issue.net -p wa -k audit_rules_networkconfig_modification
-w /etc/hosts -p wa -k audit_rules_networkconfig_modification
-w /etc/sysconfig/network -p wa -k audit_rules_networkconfig_modification</pre></div></td></tr><tr><td>Rationale</td><td><div class="rationale">The network environment should not be modified by anything other
than administrator action. Any change to network parameters should be
audited.</div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">audit augenrules</span>Â 
        <span class="label label-default">oval:ssg-test_audit_rules_augenrules:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>Requires=augenrules.service</td></tr></tbody></table><h4><span class="label label-primary">audit /etc/issue augenrules</span>Â 
        <span class="label label-default">oval:ssg-test_arnm_etc_issue_augenrules:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/audit_rules_networkconfig_modification.rules</td><td>-w /etc/issue -p wa -k audit_rules_networkconfig_modification</td></tr></tbody></table><h4><span class="label label-primary">audit /etc/issue.net augenrules</span>Â 
        <span class="label label-default">oval:ssg-test_arnm_etc_issue_net_augenrules:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/audit_rules_networkconfig_modification.rules</td><td>-w /etc/issue.net -p wa -k audit_rules_networkconfig_modification</td></tr></tbody></table><h4><span class="label label-primary">audit /etc/hosts augenrules</span>Â 
        <span class="label label-default">oval:ssg-test_arnm_etc_hosts_augenrules:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/audit_rules_networkconfig_modification.rules</td><td>-w /etc/hosts -p wa -k audit_rules_networkconfig_modification</td></tr></tbody></table><h4><span class="label label-primary">audit /etc/sysconfig/network augenrules</span>Â 
        <span class="label label-default">oval:ssg-test_arnm_etc_sysconfig_network_augenrules:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/audit_rules_networkconfig_modification.rules</td><td>-w /etc/sysconfig/network -p wa -k audit_rules_networkconfig_modification</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules</span>Â 
        <span class="label label-default">oval:ssg-test_audit_rules_augenrules:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>Requires=augenrules.service</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules 32-bit sethostname</span>Â 
        <span class="label label-default">oval:ssg-test_32bit_ardm_sethostname_augenrules:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/audit_rules_networkconfig_modification.rules</td><td>-a always,exit -F arch=b32 -S sethostname -S setdomainname -F key=audit_rules_networkconfig_modification</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_x86_64:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_ppc_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="64 bit architecture">oval:ssg-object_system_info_architecture_ppcle_64:obj:1</abbr></strong> of type
                <strong>uname_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_aarch_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_s390_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules 64-bit sethostname</span>Â 
        <span class="label label-default">oval:ssg-test_64bit_ardm_sethostname_augenrules:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/audit_rules_networkconfig_modification.rules</td><td>-a always,exit -F arch=b64 -S sethostname -S setdomainname -F key=audit_rules_networkconfig_modification</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl</span>Â 
        <span class="label label-default">oval:ssg-test_audit_rules_auditctl:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_audit_rules_auditctl:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>^ExecStartPost=\-\/sbin\/auditctl.*$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl 32-bit sethostname</span>Â 
        <span class="label label-default">oval:ssg-test_32bit_ardm_sethostname_auditctl:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-a always,exit -F arch=b32 -S sethostname -S setdomainname -F key=audit_rules_networkconfig_modification</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_x86_64:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_ppc_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="64 bit architecture">oval:ssg-object_system_info_architecture_ppcle_64:obj:1</abbr></strong> of type
                <strong>uname_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_aarch_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_s390_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl 64-bit sethostname</span>Â 
        <span class="label label-default">oval:ssg-test_64bit_ardm_sethostname_auditctl:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-a always,exit -F arch=b64 -S sethostname -S setdomainname -F key=audit_rules_networkconfig_modification</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules</span>Â 
        <span class="label label-default">oval:ssg-test_audit_rules_augenrules:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>Requires=augenrules.service</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules 32-bit setdomainname</span>Â 
        <span class="label label-default">oval:ssg-test_32bit_ardm_setdomainname_augenrules:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/audit_rules_networkconfig_modification.rules</td><td>-a always,exit -F arch=b32 -S sethostname -S setdomainname -F key=audit_rules_networkconfig_modification</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_x86_64:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_ppc_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="64 bit architecture">oval:ssg-object_system_info_architecture_ppcle_64:obj:1</abbr></strong> of type
                <strong>uname_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_aarch_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_s390_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules 64-bit setdomainname</span>Â 
        <span class="label label-default">oval:ssg-test_64bit_ardm_setdomainname_augenrules:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/audit_rules_networkconfig_modification.rules</td><td>-a always,exit -F arch=b64 -S sethostname -S setdomainname -F key=audit_rules_networkconfig_modification</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl</span>Â 
        <span class="label label-default">oval:ssg-test_audit_rules_auditctl:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_audit_rules_auditctl:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>^ExecStartPost=\-\/sbin\/auditctl.*$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl 32-bit setdomainname</span>Â 
        <span class="label label-default">oval:ssg-test_32bit_ardm_setdomainname_auditctl:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-a always,exit -F arch=b32 -S sethostname -S setdomainname -F key=audit_rules_networkconfig_modification</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_x86_64:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_ppc_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="64 bit architecture">oval:ssg-object_system_info_architecture_ppcle_64:obj:1</abbr></strong> of type
                <strong>uname_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_aarch_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_s390_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl 64-bit setdomainname</span>Â 
        <span class="label label-default">oval:ssg-test_64bit_ardm_setdomainname_auditctl:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-a always,exit -F arch=b64 -S sethostname -S setdomainname -F key=audit_rules_networkconfig_modification</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl</span>Â 
        <span class="label label-default">oval:ssg-test_audit_rules_auditctl:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_audit_rules_auditctl:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>^ExecStartPost=\-\/sbin\/auditctl.*$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">audit /etc/issue auditctl</span>Â 
        <span class="label label-default">oval:ssg-test_arnm_etc_issue_auditctl:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-w /etc/issue -p wa -k audit_rules_networkconfig_modification</td></tr></tbody></table><h4><span class="label label-primary">audit /etc/issue.net auditctl</span>Â 
        <span class="label label-default">oval:ssg-test_arnm_etc_issue_net_auditctl:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-w /etc/issue.net -p wa -k audit_rules_networkconfig_modification</td></tr></tbody></table><h4><span class="label label-primary">audit /etc/hosts auditctl</span>Â 
        <span class="label label-default">oval:ssg-test_arnm_etc_hosts_auditctl:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-w /etc/hosts -p wa -k audit_rules_networkconfig_modification</td></tr></tbody></table><h4><span class="label label-primary">audit /etc/sysconfig/network auditctl</span>Â 
        <span class="label label-default">oval:ssg-test_arnm_etc_sysconfig_network_auditctl:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-w /etc/sysconfig/network -p wa -k audit_rules_networkconfig_modification</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules</span>Â 
        <span class="label label-default">oval:ssg-test_audit_rules_augenrules:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>Requires=augenrules.service</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules 32-bit sethostname</span>Â 
        <span class="label label-default">oval:ssg-test_32bit_ardm_sethostname_augenrules:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/audit_rules_networkconfig_modification.rules</td><td>-a always,exit -F arch=b32 -S sethostname -S setdomainname -F key=audit_rules_networkconfig_modification</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_x86_64:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_ppc_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="64 bit architecture">oval:ssg-object_system_info_architecture_ppcle_64:obj:1</abbr></strong> of type
                <strong>uname_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_aarch_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_s390_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules 64-bit sethostname</span>Â 
        <span class="label label-default">oval:ssg-test_64bit_ardm_sethostname_augenrules:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/audit_rules_networkconfig_modification.rules</td><td>-a always,exit -F arch=b64 -S sethostname -S setdomainname -F key=audit_rules_networkconfig_modification</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl</span>Â 
        <span class="label label-default">oval:ssg-test_audit_rules_auditctl:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_audit_rules_auditctl:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>^ExecStartPost=\-\/sbin\/auditctl.*$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl 32-bit sethostname</span>Â 
        <span class="label label-default">oval:ssg-test_32bit_ardm_sethostname_auditctl:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-a always,exit -F arch=b32 -S sethostname -S setdomainname -F key=audit_rules_networkconfig_modification</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_x86_64:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_ppc_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="64 bit architecture">oval:ssg-object_system_info_architecture_ppcle_64:obj:1</abbr></strong> of type
                <strong>uname_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_aarch_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_s390_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl 64-bit sethostname</span>Â 
        <span class="label label-default">oval:ssg-test_64bit_ardm_sethostname_auditctl:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-a always,exit -F arch=b64 -S sethostname -S setdomainname -F key=audit_rules_networkconfig_modification</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules</span>Â 
        <span class="label label-default">oval:ssg-test_audit_rules_augenrules:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>Requires=augenrules.service</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules 32-bit setdomainname</span>Â 
        <span class="label label-default">oval:ssg-test_32bit_ardm_setdomainname_augenrules:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/audit_rules_networkconfig_modification.rules</td><td>-a always,exit -F arch=b32 -S sethostname -S setdomainname -F key=audit_rules_networkconfig_modification</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_x86_64:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_ppc_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="64 bit architecture">oval:ssg-object_system_info_architecture_ppcle_64:obj:1</abbr></strong> of type
                <strong>uname_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_aarch_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_s390_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules 64-bit setdomainname</span>Â 
        <span class="label label-default">oval:ssg-test_64bit_ardm_setdomainname_augenrules:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/audit_rules_networkconfig_modification.rules</td><td>-a always,exit -F arch=b64 -S sethostname -S setdomainname -F key=audit_rules_networkconfig_modification</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl</span>Â 
        <span class="label label-default">oval:ssg-test_audit_rules_auditctl:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_audit_rules_auditctl:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>^ExecStartPost=\-\/sbin\/auditctl.*$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl 32-bit setdomainname</span>Â 
        <span class="label label-default">oval:ssg-test_32bit_ardm_setdomainname_auditctl:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-a always,exit -F arch=b32 -S sethostname -S setdomainname -F key=audit_rules_networkconfig_modification</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_x86_64:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_ppc_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_ppcle_64:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="64 bit architecture">oval:ssg-object_system_info_architecture_ppcle_64:obj:1</abbr></strong> of type
                <strong>uname_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_aarch_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span>Â 
        <span class="label label-default">oval:ssg-test_system_info_architecture_s390_64:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td>x86_64</td><td>openqa-suse-de-3b72c31b4a85652c</td><td>Linux</td><td>5.14.21-150500.55.31-default</td><td>#1 SMP PREEMPT_DYNAMIC Wed Oct 4 16:52:05 UTC 2023 (5dc23e0)</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl 64-bit setdomainname</span>Â 
        <span class="label label-default">oval:ssg-test_64bit_ardm_setdomainname_auditctl:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-a always,exit -F arch=b64 -S sethostname -S setdomainname -F key=audit_rules_networkconfig_modification</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_session_events" id="rule-detail-id34402"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Record Attempts to Alter Process and Session Initiation Informationxccdf_org.ssgproject.content_rule_audit_rules_session_events mediumCCE-85829-0 </div><div class="panel-heading"><h3 class="panel-title">Record Attempts to Alter Process and Session Initiation Information</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_session_events</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-audit_rules_session_events:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:06+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
            <abbr title="https://ncp.nist.gov/cce: CCE-85829-0">CCE-85829-0</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R73)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.cyber.gov.au/acsc/view-all-content/ism">0582</a>, <a href="https://www.cyber.gov.au/acsc/view-all-content/ism">0584</a>, <a href="https://www.cyber.gov.au/acsc/view-all-content/ism">05885</a>, <a href="https://www.cyber.gov.au/acsc/view-all-content/ism">0586</a>, <a href="https://www.cyber.gov.au/acsc/view-all-content/ism">0846</a>, <a href="https://www.cyber.gov.au/acsc/view-all-content/ism">0957</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.2.3</a>, <a href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">10.2.1.3</a>, <a href="https://www.cisecurity.org/benchmark/suse_linux/">4.1.8</a></p></td></tr><tr><td>Description</td><td><div class="description">The audit system already collects process information for all
users and root. If the <code>auditd</code> daemon is configured to use the
<code>augenrules</code> program to read audit rules during daemon startup (the
default), add the following lines to a file with suffix <code>.rules</code> in the
directory <code>/etc/audit/rules.d</code> in order to watch for attempted manual
edits of files involved in storing such process information:
<pre>-w /var/run/utmp -p wa -k session
-w /var/log/btmp -p wa -k session
-w /var/log/wtmp -p wa -k session</pre>
If the <code>auditd</code> daemon is configured to use the <code>auditctl</code>
utility to read audit rules during daemon startup, add the following lines to
<code>/etc/audit/audit.rules</code> file in order to watch for attempted manual
edits of files involved in storing such process information:
<pre>-w /var/run/utmp -p wa -k session
-w /var/log/btmp -p wa -k session
-w /var/log/wtmp -p wa -k session</pre></div></td></tr><tr><td>Rationale</td><td><div class="rationale">Manual editing of these files may indicate nefarious activity, such
as an attacker attempting to remove evidence of an intrusion.</div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">audit augenrules</span>Â 
        <span class="label label-default">oval:ssg-test_audit_rules_augenrules:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>Requires=augenrules.service</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules utmp</span>Â 
        <span class="label label-default">oval:ssg-test_arse_utmp_augenrules:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/session.rules</td><td>-w /var/run/utmp -p wa -k session</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules btmp</span>Â 
        <span class="label label-default">oval:ssg-test_arse_btmp_augenrules:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/session.rules</td><td>-w /var/log/btmp -p wa -k session</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules wtmp</span>Â 
        <span class="label label-default">oval:ssg-test_arse_wtmp_augenrules:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/session.rules</td><td>-w /var/log/wtmp -p wa -k session</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl</span>Â 
        <span class="label label-default">oval:ssg-test_audit_rules_auditctl:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_audit_rules_auditctl:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>^ExecStartPost=\-\/sbin\/auditctl.*$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl utmp</span>Â 
        <span class="label label-default">oval:ssg-test_arse_utmp_auditctl:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-w /var/run/utmp -p wa -k session</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl btmp</span>Â 
        <span class="label label-default">oval:ssg-test_arse_btmp_auditctl:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-w /var/log/btmp -p wa -k session</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl wtmp</span>Â 
        <span class="label label-default">oval:ssg-test_arse_wtmp_auditctl:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-w /var/log/wtmp -p wa -k session</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_session_events_btmp" id="rule-detail-id34403"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Record Attempts to Alter Process and Session Initiation Information btmpxccdf_org.ssgproject.content_rule_audit_rules_session_events_btmp mediumCCE-85758-1 </div><div class="panel-heading"><h3 class="panel-title">Record Attempts to Alter Process and Session Initiation Information btmp</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_session_events_btmp</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-audit_rules_session_events_btmp:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:06+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
            <abbr title="https://ncp.nist.gov/cce: CCE-85758-1">CCE-85758-1</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
            <a href="https://public.cyber.mil/stigs/cci/">CCI-000172</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12.1(iv)</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000472-GPOS-00217</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">SLES-15-030780</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-234977r622137_rule</a></p></td></tr><tr><td>Description</td><td><div class="description">The audit system already collects process information for all
users and root. If the <code>auditd</code> daemon is configured to use the
<code>augenrules</code> program to read audit rules during daemon startup (the
default), add the following lines to a file with suffix <code>.rules</code> in the
directory <code>/etc/audit/rules.d</code> in order to watch for attempted manual
edits of files involved in storing such process information:
<pre>-w /var/log/btmp -p wa -k session</pre>
If the <code>auditd</code> daemon is configured to use the <code>auditctl</code>
utility to read audit rules during daemon startup, add the following lines to
<code>/etc/audit/audit.rules</code> file in order to watch for attempted manual
edits of files involved in storing such process information:
<pre>-w /var/log/btmp -p wa -k session</pre></div></td></tr><tr><td>Rationale</td><td><div class="rationale">Manual editing of these files may indicate nefarious activity, such
as an attacker attempting to remove evidence of an intrusion.</div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">audit augenrules</span>Â 
        <span class="label label-default">oval:ssg-test_audit_rules_augenrules:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>Requires=augenrules.service</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules btmp</span>Â 
        <span class="label label-default">oval:ssg-test_arle_btmp_augenrules:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/session.rules</td><td>-w /var/log/btmp -p wa -k session</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl</span>Â 
        <span class="label label-default">oval:ssg-test_audit_rules_auditctl:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_audit_rules_auditctl:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>^ExecStartPost=\-\/sbin\/auditctl.*$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl btmp</span>Â 
        <span class="label label-default">oval:ssg-test_arle_btmp_auditctl:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-w /var/log/btmp -p wa -k session</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_session_events_utmp" id="rule-detail-id34404"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Record Attempts to Alter Process and Session Initiation Information utmpxccdf_org.ssgproject.content_rule_audit_rules_session_events_utmp mediumCCE-85714-4 </div><div class="panel-heading"><h3 class="panel-title">Record Attempts to Alter Process and Session Initiation Information utmp</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_session_events_utmp</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-audit_rules_session_events_utmp:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:06+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
            <abbr title="https://ncp.nist.gov/cce: CCE-85714-4">CCE-85714-4</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
            <a href="https://public.cyber.mil/stigs/cci/">CCI-000172</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12.1(iv)</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000472-GPOS-00217</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">SLES-15-030760</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-234975r622137_rule</a></p></td></tr><tr><td>Description</td><td><div class="description">The audit system already collects process information for all
users and root. If the <code>auditd</code> daemon is configured to use the
<code>augenrules</code> program to read audit rules during daemon startup (the
default), add the following lines to a file with suffix <code>.rules</code> in the
directory <code>/etc/audit/rules.d</code> in order to watch for attempted manual
edits of files involved in storing such process information:
<pre>-w /run/utmp -p wa -k session</pre>
If the <code>auditd</code> daemon is configured to use the <code>auditctl</code>
utility to read audit rules during daemon startup, add the following lines to
<code>/etc/audit/audit.rules</code> file in order to watch for attempted manual
edits of files involved in storing such process information:
<pre>-w /run/utmp -p wa -k session</pre></div></td></tr><tr><td>Rationale</td><td><div class="rationale">Manual editing of these files may indicate nefarious activity, such
as an attacker attempting to remove evidence of an intrusion.</div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">audit augenrules</span>Â 
        <span class="label label-default">oval:ssg-test_audit_rules_augenrules:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>Requires=augenrules.service</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules utmp</span>Â 
        <span class="label label-default">oval:ssg-test_arle_utmp_augenrules:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/session.rules</td><td>-w /run/utmp -p wa -k session</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl</span>Â 
        <span class="label label-default">oval:ssg-test_audit_rules_auditctl:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_audit_rules_auditctl:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>^ExecStartPost=\-\/sbin\/auditctl.*$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl utmp</span>Â 
        <span class="label label-default">oval:ssg-test_arle_utmp_auditctl:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-w /run/utmp -p wa -k session</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_session_events_wtmp" id="rule-detail-id34405"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Record Attempts to Alter Process and Session Initiation Information wtmpxccdf_org.ssgproject.content_rule_audit_rules_session_events_wtmp mediumCCE-85757-3 </div><div class="panel-heading"><h3 class="panel-title">Record Attempts to Alter Process and Session Initiation Information wtmp</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_session_events_wtmp</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-audit_rules_session_events_wtmp:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:06+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
            <abbr title="https://ncp.nist.gov/cce: CCE-85757-3">CCE-85757-3</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
            <a href="https://public.cyber.mil/stigs/cci/">CCI-000172</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12.1(iv)</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000472-GPOS-00217</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">SLES-15-030770</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-234976r622137_rule</a></p></td></tr><tr><td>Description</td><td><div class="description">The audit system already collects process information for all
users and root. If the <code>auditd</code> daemon is configured to use the
<code>augenrules</code> program to read audit rules during daemon startup (the
default), add the following lines to a file with suffix <code>.rules</code> in the
directory <code>/etc/audit/rules.d</code> in order to watch for attempted manual
edits of files involved in storing such process information:
<pre> -w /var/log/wtmp -p wa -k session</pre>
If the <code>auditd</code> daemon is configured to use the <code>auditctl</code>
utility to read audit rules during daemon startup, add the following lines to
<code>/etc/audit/audit.rules</code> file in order to watch for attempted manual
edits of files involved in storing such process information:
<pre> -w /var/log/wtmp -p wa -k session</pre></div></td></tr><tr><td>Rationale</td><td><div class="rationale">Manual editing of these files may indicate nefarious activity, such
as an attacker attempting to remove evidence of an intrusion.</div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">audit augenrules</span>Â 
        <span class="label label-default">oval:ssg-test_audit_rules_augenrules:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>Requires=augenrules.service</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules wtmp</span>Â 
        <span class="label label-default">oval:ssg-test_arle_wtmp_augenrules:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/session.rules</td><td>-w /var/log/wtmp -p wa -k session</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl</span>Â 
        <span class="label label-default">oval:ssg-test_audit_rules_auditctl:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_audit_rules_auditctl:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>^ExecStartPost=\-\/sbin\/auditctl.*$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl wtmp</span>Â 
        <span class="label label-default">oval:ssg-test_arle_wtmp_auditctl:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-w /var/log/wtmp -p wa -k session</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_suid_privilege_function" id="rule-detail-id34406"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Record Events When Privileged Executables Are Runxccdf_org.ssgproject.content_rule_audit_rules_suid_privilege_function mediumCCE-85611-2 </div><div class="panel-heading"><h3 class="panel-title">Record Events When Privileged Executables Are Run</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_suid_privilege_function</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-audit_rules_suid_privilege_function:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:06+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
            <abbr title="https://ncp.nist.gov/cce: CCE-85611-2">CCE-85611-2</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
            <a href="https://public.cyber.mil/stigs/cci/">CCI-001814</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001882</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001889</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001880</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001881</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001878</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001879</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001875</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001877</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001914</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002233</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002234</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-5(1)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-7(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-7(b)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-8(b)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(3)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000326-GPOS-00126</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000327-GPOS-00127</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=application-servers">SRG-APP-000343-CTR-000780</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=application-servers">SRG-APP-000381-CTR-000905</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">SLES-15-030640</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-234963r622137_rule</a></p></td></tr><tr><td>Description</td><td><div class="description">Verify the system generates an audit record when privileged functions are executed.

If audit is using the "auditctl" tool to load the rules, run the following command:

<pre>$ sudo grep execve /etc/audit/audit.rules</pre>

If audit is using the "augenrules" tool to load the rules, run the following command:

<pre>$ sudo grep -r execve /etc/audit/rules.d</pre>


<pre>-a always,exit -F arch=b32 -S execve -C uid!=euid -F euid=0 -k setuid</pre>
<pre>-a always,exit -F arch=b64 -S execve -C uid!=euid -F euid=0 -k setuid</pre>
<pre>-a always,exit -F arch=b32 -S execve -C gid!=egid -F egid=0 -k setgid</pre>
<pre>-a always,exit -F arch=b64 -S execve -C gid!=egid -F egid=0 -k setgid</pre>


If both the "b32" and "b64" audit rules for "SUID" files are not defined, this is a finding.
If both the "b32" and "b64" audit rules for "SGID" files are not defined, this is a finding.</div></td></tr><tr><td>Rationale</td><td><div class="rationale">Misuse of privileged functions, either intentionally or unintentionally by
authorized users, or by unauthorized external entities that have
compromised information system accounts, is a serious and ongoing concern
and can have significant adverse impacts on organizations. Auditing the use
of privileged functions is one way to detect such misuse and identify the
risk from insider threats and the advanced persistent threat.</div></td></tr><tr><td>Warnings</td><td><div class="panel panel-warning"><div class="panel-heading"><span class="label label-warning">warning</span>Â 
                                Note that these rules can be configured in a
number of ways while still achieving the desired effect.</div></div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">audit augenrules</span>Â 
        <span class="label label-default">oval:ssg-test_audit_rules_augenrules:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>Requires=augenrules.service</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules 32-bit uid privileged function</span>Â 
        <span class="label label-default">oval:ssg-test_32bit_uid_privileged_function_augenrules:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/setuid.rules</td><td>-a always,exit -F arch=b32 -S execve -C uid!=euid -F euid=0 -F key=setuid</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules 64-bit uid privileged function</span>Â 
        <span class="label label-default">oval:ssg-test_64bit_uid_privileged_function_augenrules:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/setuid.rules</td><td>-a always,exit -F arch=b64 -S execve -C uid!=euid -F euid=0 -F key=setuid
</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules 32-bit gid privileged function</span>Â 
        <span class="label label-default">oval:ssg-test_32bit_gid_privileged_function_augenrules:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/setgid.rules</td><td>-a always,exit -F arch=b32 -S execve -C gid!=egid -F egid=0 -F key=setgid</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules 64-bit gid privileged function</span>Â 
        <span class="label label-default">oval:ssg-test_64bit_gid_privileged_function_augenrules:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/setgid.rules</td><td>-a always,exit -F arch=b64 -S execve -C gid!=egid -F egid=0 -F key=setgid
</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl</span>Â 
        <span class="label label-default">oval:ssg-test_audit_rules_auditctl:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_audit_rules_auditctl:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>^ExecStartPost=\-\/sbin\/auditctl.*$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl 32-bit uid privileged function</span>Â 
        <span class="label label-default">oval:ssg-test_32bit_uid_privileged_function_auditctl:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-a always,exit -F arch=b32 -S execve -C uid!=euid -F euid=0 -F key=setuid</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl 64-bit uid privileged_function</span>Â 
        <span class="label label-default">oval:ssg-test_64bit_uid_privileged_function_auditctl:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-a always,exit -F arch=b64 -S execve -C uid!=euid -F euid=0 -F key=setuid</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl 32-bit gid privileged function</span>Â 
        <span class="label label-default">oval:ssg-test_32bit_gid_privileged_function_auditctl:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-a always,exit -F arch=b32 -S execve -C gid!=egid -F egid=0 -F key=setgid</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl 64-bit gid privileged_function</span>Â 
        <span class="label label-default">oval:ssg-test_64bit_gid_privileged_function_auditctl:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-a always,exit -F arch=b64 -S execve -C gid!=egid -F egid=0 -F key=setgid</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_sysadmin_actions" id="rule-detail-id34407"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Ensure auditd Collects System Administrator Actionsxccdf_org.ssgproject.content_rule_audit_rules_sysadmin_actions mediumCCE-85679-9 </div><div class="panel-heading"><h3 class="panel-title">Ensure auditd Collects System Administrator Actions</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_sysadmin_actions</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-audit_rules_sysadmin_actions:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:06+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
            <abbr title="https://ncp.nist.gov/cce: CCE-85679-9">CCE-85679-9</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R73)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">18</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000126</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000130</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000135</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000172</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002884</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.9.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.5</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-3</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-3.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12.1(ii)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12.1(iv)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">MA-4(1)(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-6</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.2.2</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.2.5.b</a>, <a href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">10.2.1.5</a>, <a href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">10.2.2</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000004-GPOS-00004</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000037-GPOS-00015</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000042-GPOS-00020</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000062-GPOS-00031</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000304-GPOS-00121</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000392-GPOS-00172</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000462-GPOS-00206</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000470-GPOS-00214</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000471-GPOS-00215</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000239-GPOS-00089</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000240-GPOS-00090</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000241-GPOS-00091</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000303-GPOS-00120</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000304-GPOS-00121</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000466-GPOS-00210</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000476-GPOS-00221</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=application-servers">SRG-APP-000026-CTR-000070</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=application-servers">SRG-APP-000027-CTR-000075</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=application-servers">SRG-APP-000028-CTR-000080</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=application-servers">SRG-APP-000291-CTR-000675</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=application-servers">SRG-APP-000292-CTR-000680</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=application-servers">SRG-APP-000293-CTR-000685</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=application-servers">SRG-APP-000294-CTR-000690</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=application-servers">SRG-APP-000319-CTR-000745</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=application-servers">SRG-APP-000320-CTR-000750</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=application-servers">SRG-APP-000509-CTR-001305</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">SLES-15-030140</a>, <a href="https://www.cisecurity.org/benchmark/suse_linux/">4.1.14</a>, <a href="https://www.cisecurity.org/benchmark/suse_linux/">4.1.15</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-234913r622137_rule</a></p></td></tr><tr><td>Description</td><td><div class="description">At a minimum, the audit system should collect administrator actions
for all users and root. If the <code>auditd</code> daemon is configured to use the
<code>augenrules</code> program to read audit rules during daemon startup (the default),
add the following line to a file with suffix <code>.rules</code> in the directory
<code>/etc/audit/rules.d</code>:
<pre>-w /etc/sudoers -p wa -k actions
-w /etc/sudoers.d/ -p wa -k actions</pre>
If the <code>auditd</code> daemon is configured to use the <code>auditctl</code>
utility to read audit rules during daemon startup, add the following line to
<code>/etc/audit/audit.rules</code> file:
<pre>-w /etc/sudoers -p wa -k actions
-w /etc/sudoers.d/ -p wa -k actions</pre></div></td></tr><tr><td>Rationale</td><td><div class="rationale">The actions taken by system administrators should be audited to keep a record
of what was executed on the system, as well as, for accountability purposes.</div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">audit augenrules</span>Â 
        <span class="label label-default">oval:ssg-test_audit_rules_augenrules:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>Requires=augenrules.service</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules sudoers</span>Â 
        <span class="label label-default">oval:ssg-test_audit_rules_sysadmin_actions_sudoers_augenrules:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/actions.rules</td><td>-w /etc/sudoers -p wa -k actions</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules sudoers</span>Â 
        <span class="label label-default">oval:ssg-test_audit_rules_sysadmin_actions_sudoers_d_augenrules:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/actions.rules</td><td>-w /etc/sudoers.d/ -p wa -k actions</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl</span>Â 
        <span class="label label-default">oval:ssg-test_audit_rules_auditctl:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_audit_rules_auditctl:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>^ExecStartPost=\-\/sbin\/auditctl.*$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl sudoers</span>Â 
        <span class="label label-default">oval:ssg-test_audit_rules_sysadmin_actions_sudoers_auditctl:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-w /etc/sudoers -p wa -k actions</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl sudoers</span>Â 
        <span class="label label-default">oval:ssg-test_audit_rules_sysadmin_actions_sudoers_d_auditctl:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-w /etc/sudoers.d/ -p wa -k actions</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_usergroup_modification_group" id="rule-detail-id34408"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Record Events that Modify User/Group Information - /etc/groupxccdf_org.ssgproject.content_rule_audit_rules_usergroup_modification_group mediumCCE-85578-3 </div><div class="panel-heading"><h3 class="panel-title">Record Events that Modify User/Group Information - /etc/group</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_usergroup_modification_group</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-audit_rules_usergroup_modification_group:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:06+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
            <abbr title="https://ncp.nist.gov/cce: CCE-85578-3">CCE-85578-3</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R73)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">18</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000018</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000130</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000135</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000172</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001403</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001404</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001405</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001683</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001684</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001685</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001686</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002130</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002132</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002884</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.9.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.5</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-004-6 R2.2.2</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-004-6 R2.2.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R.1.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.1.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.1.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.2.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.2.3</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-2(4)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-6</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.2.5</a>, <a href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">10.2.1.5</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000004-GPOS-00004</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000037-GPOS-00015</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000042-GPOS-00020</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000062-GPOS-00031</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000304-GPOS-00121</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000392-GPOS-00172</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000462-GPOS-00206</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000470-GPOS-00214</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000471-GPOS-00215</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000239-GPOS-00089</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000240-GPOS-00090</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000241-GPOS-00091</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000303-GPOS-00120</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000466-GPOS-00210</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000476-GPOS-00221</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">SLES-15-030010</a>, <a href="https://www.cisecurity.org/benchmark/suse_linux/">4.1.4</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-234900r622137_rule</a></p></td></tr><tr><td>Description</td><td><div class="description">If the <code>auditd</code> daemon is configured to use the
<code>augenrules</code> program to read audit rules during daemon startup (the
default), add the following lines to a file with suffix <code>.rules</code> in the
directory <code>/etc/audit/rules.d</code>, in order to capture events that modify
account changes:
<br><br>
<pre>-w /etc/group -p wa -k audit_rules_usergroup_modification</pre>
<br><br>
If the <code>auditd</code> daemon is configured to use the <code>auditctl</code>
utility to read audit rules during daemon startup, add the following lines to
<code>/etc/audit/audit.rules</code> file, in order to capture events that modify
account changes:
<br><br>
<pre>-w /etc/group -p wa -k audit_rules_usergroup_modification</pre></div></td></tr><tr><td>Rationale</td><td><div class="rationale">In addition to auditing new user and group accounts, these watches
will alert the system administrator(s) to any modifications. Any unexpected
users, groups, or modifications should be investigated for legitimacy.</div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">audit augenrules</span>Â 
        <span class="label label-default">oval:ssg-test_audit_rules_augenrules:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>Requires=augenrules.service</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules group</span>Â 
        <span class="label label-default">oval:ssg-test_audit_rules_usergroup_modification_group_augen:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/audit_rules_usergroup_modification.rules</td><td>-w /etc/group -p wa -k audit_rules_usergroup_modification</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl</span>Â 
        <span class="label label-default">oval:ssg-test_audit_rules_auditctl:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_audit_rules_auditctl:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>^ExecStartPost=\-\/sbin\/auditctl.*$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">audit group</span>Â 
        <span class="label label-default">oval:ssg-test_audit_rules_usergroup_modification_group_auditctl:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-w /etc/group -p wa -k audit_rules_usergroup_modification</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_usergroup_modification_gshadow" id="rule-detail-id34409"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Record Events that Modify User/Group Information - /etc/gshadowxccdf_org.ssgproject.content_rule_audit_rules_usergroup_modification_gshadow mediumCCE-85580-9 </div><div class="panel-heading"><h3 class="panel-title">Record Events that Modify User/Group Information - /etc/gshadow</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_usergroup_modification_gshadow</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-audit_rules_usergroup_modification_gshadow:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:06+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
            <abbr title="https://ncp.nist.gov/cce: CCE-85580-9">CCE-85580-9</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R73)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">18</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000018</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000130</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000135</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000172</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001403</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001404</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001405</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001683</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001684</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001685</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001686</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002130</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002132</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002884</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.9.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.5</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-004-6 R2.2.2</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-004-6 R2.2.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R.1.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.1.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.1.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.2.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.2.3</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-2(4)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-6</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.2.5</a>, <a href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">10.2.1.5</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000004-GPOS-00004</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000037-GPOS-00015</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000042-GPOS-00020</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000062-GPOS-00031</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000304-GPOS-00121</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000392-GPOS-00172</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000462-GPOS-00206</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000470-GPOS-00214</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000471-GPOS-00215</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000239-GPOS-00089</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000240-GPOS-00090</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000241-GPOS-00091</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000303-GPOS-00120</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000466-GPOS-00210</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000476-GPOS-00221</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">SLES-15-030040</a>, <a href="https://www.cisecurity.org/benchmark/suse_linux/">4.1.4</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-234903r622137_rule</a></p></td></tr><tr><td>Description</td><td><div class="description">If the <code>auditd</code> daemon is configured to use the
<code>augenrules</code> program to read audit rules during daemon startup (the
default), add the following lines to a file with suffix <code>.rules</code> in the
directory <code>/etc/audit/rules.d</code>, in order to capture events that modify
account changes:
<br><br>
<pre>-w /etc/gshadow -p wa -k audit_rules_usergroup_modification</pre>
<br><br>
If the <code>auditd</code> daemon is configured to use the <code>auditctl</code>
utility to read audit rules during daemon startup, add the following lines to
<code>/etc/audit/audit.rules</code> file, in order to capture events that modify
account changes:
<br><br>
<pre>-w /etc/gshadow -p wa -k audit_rules_usergroup_modification</pre></div></td></tr><tr><td>Rationale</td><td><div class="rationale">In addition to auditing new user and group accounts, these watches
will alert the system administrator(s) to any modifications. Any unexpected
users, groups, or modifications should be investigated for legitimacy.</div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">audit augenrules</span>Â 
        <span class="label label-default">oval:ssg-test_audit_rules_augenrules:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>Requires=augenrules.service</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules gshadow</span>Â 
        <span class="label label-default">oval:ssg-test_audit_rules_usergroup_modification_gshadow_augen:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/audit_rules_usergroup_modification.rules</td><td>-w /etc/gshadow -p wa -k audit_rules_usergroup_modification</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl</span>Â 
        <span class="label label-default">oval:ssg-test_audit_rules_auditctl:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_audit_rules_auditctl:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>^ExecStartPost=\-\/sbin\/auditctl.*$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">audit gshadow</span>Â 
        <span class="label label-default">oval:ssg-test_audit_rules_usergroup_modification_gshadow_auditctl:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-w /etc/gshadow -p wa -k audit_rules_usergroup_modification</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_usergroup_modification_opasswd" id="rule-detail-id34410"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Record Events that Modify User/Group Information - /etc/security/opasswdxccdf_org.ssgproject.content_rule_audit_rules_usergroup_modification_opasswd mediumCCE-85728-4 </div><div class="panel-heading"><h3 class="panel-title">Record Events that Modify User/Group Information - /etc/security/opasswd</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_usergroup_modification_opasswd</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-audit_rules_usergroup_modification_opasswd:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:06+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
            <abbr title="https://ncp.nist.gov/cce: CCE-85728-4">CCE-85728-4</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R73)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">18</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000018</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000130</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000135</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000172</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001403</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001404</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001405</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001683</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001684</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001685</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001686</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002130</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002132</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002884</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.9.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.5</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-004-6 R2.2.2</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-004-6 R2.2.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R.1.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.1.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.1.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.2.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.2.3</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-2(4).1(i&amp;ii)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12.1(iv)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-6</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.2.5</a>, <a href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">10.2.1.5</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000004-GPOS-00004</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000037-GPOS-00015</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000042-GPOS-00020</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000062-GPOS-00031</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000304-GPOS-00121</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000392-GPOS-00172</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000462-GPOS-00206</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000470-GPOS-00214</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000471-GPOS-00215</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000239-GPOS-00089</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000240-GPOS-00090</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000241-GPOS-00091</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000303-GPOS-00120</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000466-GPOS-00210</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000476-GPOS-00221</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">SLES-15-030030</a>, <a href="https://www.cisecurity.org/benchmark/suse_linux/">4.1.4</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-234902r622137_rule</a></p></td></tr><tr><td>Description</td><td><div class="description">If the <code>auditd</code> daemon is configured to use the
<code>augenrules</code> program to read audit rules during daemon startup (the
default), add the following lines to a file with suffix <code>.rules</code> in the
directory <code>/etc/audit/rules.d</code>, in order to capture events that modify
account changes:
<br><br>
<pre>-w /etc/security/opasswd -p wa -k audit_rules_usergroup_modification</pre>
<br><br>
If the <code>auditd</code> daemon is configured to use the <code>auditctl</code>
utility to read audit rules during daemon startup, add the following lines to
<code>/etc/audit/audit.rules</code> file, in order to capture events that modify
account changes:
<br><br>
<pre>-w /etc/security/opasswd -p wa -k audit_rules_usergroup_modification</pre></div></td></tr><tr><td>Rationale</td><td><div class="rationale">In addition to auditing new user and group accounts, these watches
will alert the system administrator(s) to any modifications. Any unexpected
users, groups, or modifications should be investigated for legitimacy.</div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">audit augenrules</span>Â 
        <span class="label label-default">oval:ssg-test_audit_rules_augenrules:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>Requires=augenrules.service</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules opasswd</span>Â 
        <span class="label label-default">oval:ssg-test_audit_rules_usergroup_modification_opasswd_augen:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/audit_rules_usergroup_modification.rules</td><td>-w /etc/security/opasswd -p wa -k audit_rules_usergroup_modification</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl</span>Â 
        <span class="label label-default">oval:ssg-test_audit_rules_auditctl:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_audit_rules_auditctl:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>^ExecStartPost=\-\/sbin\/auditctl.*$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">audit opasswd</span>Â 
        <span class="label label-default">oval:ssg-test_audit_rules_usergroup_modification_opasswd_auditctl:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-w /etc/security/opasswd -p wa -k audit_rules_usergroup_modification</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_usergroup_modification_passwd" id="rule-detail-id34411"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Record Events that Modify User/Group Information - /etc/passwdxccdf_org.ssgproject.content_rule_audit_rules_usergroup_modification_passwd mediumCCE-85577-5 </div><div class="panel-heading"><h3 class="panel-title">Record Events that Modify User/Group Information - /etc/passwd</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_usergroup_modification_passwd</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-audit_rules_usergroup_modification_passwd:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:06+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
            <abbr title="https://ncp.nist.gov/cce: CCE-85577-5">CCE-85577-5</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R73)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">18</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000018</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000130</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000135</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000172</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001403</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001404</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001405</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001683</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001684</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001685</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001686</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002130</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002132</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002884</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.9.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.5</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-004-6 R2.2.2</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-004-6 R2.2.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R.1.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.1.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.1.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.2.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.2.3</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-2(4)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-6</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.2.5</a>, <a href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">10.2.1.5</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000004-GPOS-00004</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000037-GPOS-00015</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000042-GPOS-00020</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000062-GPOS-00031</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000304-GPOS-00121</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000392-GPOS-00172</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000462-GPOS-00206</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000470-GPOS-00214</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000471-GPOS-00215</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000239-GPOS-00089</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000240-GPOS-00090</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000241-GPOS-00091</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000303-GPOS-00120</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000304-GPOS-00121</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000466-GPOS-00210</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000476-GPOS-00221</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000274-GPOS-00104</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000275-GPOS-00105</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000276-GPOS-00106</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000277-GPOS-00107</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">SLES-15-030000</a>, <a href="https://www.cisecurity.org/benchmark/suse_linux/">4.1.4</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-234899r622137_rule</a></p></td></tr><tr><td>Description</td><td><div class="description">If the <code>auditd</code> daemon is configured to use the
<code>augenrules</code> program to read audit rules during daemon startup (the
default), add the following lines to a file with suffix <code>.rules</code> in the
directory <code>/etc/audit/rules.d</code>, in order to capture events that modify
account changes:
<br><br>
<pre>-w /etc/passwd -p wa -k audit_rules_usergroup_modification</pre>
<br><br>
If the <code>auditd</code> daemon is configured to use the <code>auditctl</code>
utility to read audit rules during daemon startup, add the following lines to
<code>/etc/audit/audit.rules</code> file, in order to capture events that modify
account changes:
<br><br>
<pre>-w /etc/passwd -p wa -k audit_rules_usergroup_modification</pre></div></td></tr><tr><td>Rationale</td><td><div class="rationale">In addition to auditing new user and group accounts, these watches
will alert the system administrator(s) to any modifications. Any unexpected
users, groups, or modifications should be investigated for legitimacy.</div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">audit augenrules</span>Â 
        <span class="label label-default">oval:ssg-test_audit_rules_augenrules:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>Requires=augenrules.service</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules passwd</span>Â 
        <span class="label label-default">oval:ssg-test_audit_rules_usergroup_modification_passwd_augen:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/audit_rules_usergroup_modification.rules</td><td>-w /etc/passwd -p wa -k audit_rules_usergroup_modification</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl</span>Â 
        <span class="label label-default">oval:ssg-test_audit_rules_auditctl:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_audit_rules_auditctl:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>^ExecStartPost=\-\/sbin\/auditctl.*$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">audit passwd</span>Â 
        <span class="label label-default">oval:ssg-test_audit_rules_usergroup_modification_passwd_auditctl:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-w /etc/passwd -p wa -k audit_rules_usergroup_modification</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_usergroup_modification_shadow" id="rule-detail-id34412"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Record Events that Modify User/Group Information - /etc/shadowxccdf_org.ssgproject.content_rule_audit_rules_usergroup_modification_shadow mediumCCE-85579-1 </div><div class="panel-heading"><h3 class="panel-title">Record Events that Modify User/Group Information - /etc/shadow</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_usergroup_modification_shadow</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-audit_rules_usergroup_modification_shadow:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:07+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
            <abbr title="https://ncp.nist.gov/cce: CCE-85579-1">CCE-85579-1</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R73)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">18</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000018</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000130</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000135</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000172</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001403</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001404</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001405</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001683</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001684</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001685</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001686</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002130</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002132</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002884</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.9.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.5</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-004-6 R2.2.2</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-004-6 R2.2.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R.1.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.1.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.1.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.2.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.2.3</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-2(4)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-6</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.2.5</a>, <a href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">10.2.1.5</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000004-GPOS-00004</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000037-GPOS-00015</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000042-GPOS-00020</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000062-GPOS-00031</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000304-GPOS-00121</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000392-GPOS-00172</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000462-GPOS-00206</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000470-GPOS-00214</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000471-GPOS-00215</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000239-GPOS-00089</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000240-GPOS-00090</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000241-GPOS-00091</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000303-GPOS-00120</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000466-GPOS-00210</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000476-GPOS-00221</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">SLES-15-030020</a>, <a href="https://www.cisecurity.org/benchmark/suse_linux/">4.1.4</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-234901r622137_rule</a></p></td></tr><tr><td>Description</td><td><div class="description">If the <code>auditd</code> daemon is configured to use the
<code>augenrules</code> program to read audit rules during daemon startup (the
default), add the following lines to a file with suffix <code>.rules</code> in the
directory <code>/etc/audit/rules.d</code>, in order to capture events that modify
account changes:
<br><br>
<pre>-w /etc/shadow -p wa -k audit_rules_usergroup_modification</pre>
<br><br>
If the <code>auditd</code> daemon is configured to use the <code>auditctl</code>
utility to read audit rules during daemon startup, add the following lines to
<code>/etc/audit/audit.rules</code> file, in order to capture events that modify
account changes:
<br><br>
<pre>-w /etc/shadow -p wa -k audit_rules_usergroup_modification</pre></div></td></tr><tr><td>Rationale</td><td><div class="rationale">In addition to auditing new user and group accounts, these watches
will alert the system administrator(s) to any modifications. Any unexpected
users, groups, or modifications should be investigated for legitimacy.</div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">audit augenrules</span>Â 
        <span class="label label-default">oval:ssg-test_audit_rules_augenrules:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>Requires=augenrules.service</td></tr></tbody></table><h4><span class="label label-primary">audit augenrules shadow</span>Â 
        <span class="label label-default">oval:ssg-test_audit_rules_usergroup_modification_shadow_augen:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/rules.d/audit_rules_usergroup_modification.rules</td><td>-w /etc/shadow -p wa -k audit_rules_usergroup_modification</td></tr></tbody></table><h4><span class="label label-primary">audit auditctl</span>Â 
        <span class="label label-default">oval:ssg-test_audit_rules_auditctl:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_audit_rules_auditctl:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/usr/lib/systemd/system/auditd.service</td><td>^ExecStartPost=\-\/sbin\/auditctl.*$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">audit shadow</span>Â 
        <span class="label label-default">oval:ssg-test_audit_rules_usergroup_modification_shadow_auditctl:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audit.rules</td><td>-w /etc/shadow -p wa -k audit_rules_usergroup_modification</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_auditd_audispd_encrypt_sent_records" id="rule-detail-id34413"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Encrypt Audit Records Sent With audispd Pluginxccdf_org.ssgproject.content_rule_auditd_audispd_encrypt_sent_records mediumCCE-85614-6 </div><div class="panel-heading"><h3 class="panel-title">Encrypt Audit Records Sent With audispd Plugin</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_auditd_audispd_encrypt_sent_records</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-auditd_audispd_encrypt_sent_records:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:07+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
            <abbr title="https://ncp.nist.gov/cce: CCE-85614-6">CCE-85614-6</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
            <a href="https://public.cyber.mil/stigs/cci/">CCI-001851</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-9(3)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000342-GPOS-00133</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000479-GPOS-00224</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">SLES-15-030680</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-234967r622137_rule</a></p></td></tr><tr><td>Description</td><td><div class="description">Configure the operating system to encrypt the transfer of off-loaded audit
records onto a different system or media from the system being audited.

Uncomment the <code>enable_krb5</code> option in <pre>/etc/audit/audisp-remote.conf</pre>,
and set it with the following line:
<pre>enable_krb5 = yes</pre></div></td></tr><tr><td>Rationale</td><td><div class="rationale">Information stored in one location is vulnerable to accidental or incidental deletion
or alteration. Off-loading is a common process in information systems with limited
audit storage capacity.</div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">setting in audisp-remote.conf</span>Â 
        <span class="label label-default">oval:ssg-test_auditd_audispd_encrypt_sent_records:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/audisp-remote.conf</td><td>enable_krb5 = yes</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_auditd_data_disk_full_action" id="rule-detail-id34414"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Configure auditd Disk Full Action when Disk Space Is Fullxccdf_org.ssgproject.content_rule_auditd_data_disk_full_action mediumCCE-85606-2 </div><div class="panel-heading"><h3 class="panel-title">Configure auditd Disk Full Action when Disk Space Is Full</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_auditd_data_disk_full_action</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-auditd_data_disk_full_action:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:07+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
            <abbr title="https://ncp.nist.gov/cce: CCE-85606-2">CCE-85606-2</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI04.04</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000140</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.17.2.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-5(b)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-5(2)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-5(1)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-5(4)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.DS-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000047-GPOS-00023</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">SLES-15-030590</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-234958r622137_rule</a></p></td></tr><tr><td>Description</td><td><div class="description">The <code>auditd</code> service can be configured to take an action
when disk space is running low but prior to running out of space completely.
Edit the file <code>/etc/audit/auditd.conf</code>. Add or modify the following line,
substituting <i>ACTION</i> appropriately:
<pre>disk_full_action = <i>ACTION</i></pre>
Set this value to <code>single</code> to cause the system to switch to single-user
mode for corrective action. Acceptable values also include <code>syslog</code>,

<code>single</code>, and <code>halt</code>. For certain systems, the need for availability
outweighs the need to log all actions, and a different setting should be
determined. Details regarding all possible values for <i>ACTION</i> are described in the
<code>auditd.conf</code> man page.</div></td></tr><tr><td>Rationale</td><td><div class="rationale">Taking appropriate action in case of a filled audit storage volume will minimize
the possibility of losing audit records.</div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">disk error action</span>Â 
        <span class="label label-default">oval:ssg-test_auditd_data_disk_full_action:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/auditd.conf</td><td>disk_full_action = syslog</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_auditd_data_retention_admin_space_left_action" id="rule-detail-id34415"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Configure auditd admin_space_left Action on Low Disk Spacexccdf_org.ssgproject.content_rule_auditd_data_retention_admin_space_left_action mediumCCE-85824-1 </div><div class="panel-heading"><h3 class="panel-title">Configure auditd admin_space_left Action on Low Disk Space</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_auditd_data_retention_admin_space_left_action</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-auditd_data_retention_admin_space_left_action:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:07+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
            <abbr title="https://ncp.nist.gov/cce: CCE-85824-1">CCE-85824-1</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI04.04</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.3.1</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000140</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001343</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001855</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(ii)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.17.2.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-5(b)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-5(2)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-5(1)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-5(4)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.DS-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.7</a>, <a href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">10.5.1</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000343-GPOS-00134</a>, <a href="https://www.cisecurity.org/benchmark/suse_linux/">4.1.2.3</a></p></td></tr><tr><td>Description</td><td><div class="description">The <code>auditd</code> service can be configured to take an action
when disk space is running low but prior to running out of space completely.
Edit the file <code>/etc/audit/auditd.conf</code>. Add or modify the following line,
substituting <i>ACTION</i> appropriately:
<pre>admin_space_left_action = <i>ACTION</i></pre>
Set this value to <code>single</code> to cause the system to switch to single user
mode for corrective action. Acceptable values also include <code>suspend</code> and
<code>halt</code>. For certain systems, the need for availability
outweighs the need to log all actions, and a different setting should be
determined. Details regarding all possible values for <i>ACTION</i> are described in the
<code>auditd.conf</code> man page.</div></td></tr><tr><td>Rationale</td><td><div class="rationale">Administrators should be made aware of an inability to record
audit records. If a separate partition or logical volume of adequate size
is used, running low on space for audit records should never occur.</div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">space left action</span>Â 
        <span class="label label-default">oval:ssg-test_auditd_data_retention_admin_space_left_action:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/auditd.conf</td><td>admin_space_left_action = halt</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_auditd_data_retention_max_log_file_action" id="rule-detail-id34416"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Configure auditd max_log_file_action Upon Reaching Maximum Log Sizexccdf_org.ssgproject.content_rule_auditd_data_retention_max_log_file_action mediumCCE-85778-9 </div><div class="panel-heading"><h3 class="panel-title">Configure auditd max_log_file_action Upon Reaching Maximum Log Size</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_auditd_data_retention_max_log_file_action</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-auditd_data_retention_max_log_file_action:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:07+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
            <abbr title="https://ncp.nist.gov/cce: CCE-85778-9">CCE-85778-9</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI04.04</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000140</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(ii)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.17.2.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-5(b)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-5(2)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-5(1)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-5(4)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.DS-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.7</a>, <a href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">10.5.1</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000047-GPOS-00023</a>, <a href="https://www.cisecurity.org/benchmark/suse_linux/">4.1.2.2</a></p></td></tr><tr><td>Description</td><td><div class="description">The default action to take when the logs reach their maximum size
is to rotate the log files, discarding the oldest one. To configure the action taken
by <code>auditd</code>, add or correct the line in <code>/etc/audit/auditd.conf</code>:
<pre>max_log_file_action = <i>ACTION</i></pre>
Possible values for <i>ACTION</i> are described in the <code>auditd.conf</code> man
page. These include:
<ul><li><code>ignore</code></li><li><code>syslog</code></li><li><code>suspend</code></li><li><code>rotate</code></li><li><code>keep_logs</code></li></ul>
Set the <code><i>ACTION</i></code> to <code>rotate</code> to ensure log rotation
occurs. This is the default. The setting is case-insensitive.</div></td></tr><tr><td>Rationale</td><td><div class="rationale">Automatically rotating logs (by setting this to <code>rotate</code>)
minimizes the chances of the system unexpectedly running out of disk space by
being overwhelmed with log data. However, for systems that must never discard
log data, or which use external processes to transfer it and reclaim space,
<code>keep_logs</code> can be employed.</div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">admin space left action </span>Â 
        <span class="label label-default">oval:ssg-test_auditd_data_retention_max_log_file_action:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/auditd.conf</td><td>max_log_file_action = keep_logs</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_auditd_data_retention_space_left" id="rule-detail-id34417"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Configure auditd space_left on Low Disk Spacexccdf_org.ssgproject.content_rule_auditd_data_retention_space_left mediumCCE-85616-1 </div><div class="panel-heading"><h3 class="panel-title">Configure auditd space_left on Low Disk Space</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_auditd_data_retention_space_left</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-auditd_data_retention_space_left:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:07+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
            <abbr title="https://ncp.nist.gov/cce: CCE-85616-1">CCE-85616-1</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI04.04</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001855</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.17.2.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-5(b)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-5(2)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-5(1)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-5(4)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.DS-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.7</a>, <a href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">10.5.1</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000343-GPOS-00134</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">SLES-15-030700</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-234969r622137_rule</a></p></td></tr><tr><td>Description</td><td><div class="description">The <code>auditd</code> service can be configured to take an action
when disk space is running low but prior to running out of space completely.
Edit the file <code>/etc/audit/auditd.conf</code>. Add or modify the following line,
substituting <i>SIZE_in_MB</i> appropriately:
<pre>space_left = <i>SIZE_in_MB</i></pre>
Set this value to the appropriate size in Megabytes cause the system to
notify the user of an issue.</div></td></tr><tr><td>Rationale</td><td><div class="rationale">Notifying administrators of an impending disk space problem may allow them to
take corrective action prior to any disruption.</div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">admin space left action </span>Â 
        <span class="label label-default">oval:ssg-test_auditd_data_retention_space_left:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/auditd.conf</td><td>space_left = 100</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_auditd_data_retention_space_left_action" id="rule-detail-id34418"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Configure auditd space_left Action on Low Disk Spacexccdf_org.ssgproject.content_rule_auditd_data_retention_space_left_action mediumCCE-85823-3 </div><div class="panel-heading"><h3 class="panel-title">Configure auditd space_left Action on Low Disk Space</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_auditd_data_retention_space_left_action</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-auditd_data_retention_space_left_action:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:07+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
            <abbr title="https://ncp.nist.gov/cce: CCE-85823-3">CCE-85823-3</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI04.04</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.3.1</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001855</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(ii)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.17.2.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-5(b)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-5(2)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-5(1)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-5(4)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.DS-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.7</a>, <a href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">10.5.1</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000343-GPOS-00134</a>, <a href="https://www.cisecurity.org/benchmark/suse_linux/">4.1.2.3</a></p></td></tr><tr><td>Description</td><td><div class="description">The <code>auditd</code> service can be configured to take an action
when disk space <i>starts</i> to run low.
Edit the file <code>/etc/audit/auditd.conf</code>. Modify the following line,
substituting <i>ACTION</i> appropriately:
<pre>space_left_action = <i>ACTION</i></pre>
Possible values for <i>ACTION</i> are described in the <code>auditd.conf</code> man page.
These include:
<ul><li><code>syslog</code></li><li><code>email</code></li><li><code>exec</code></li><li><code>suspend</code></li><li><code>single</code></li><li><code>halt</code></li></ul>
Set this to <code>email</code> (instead of the default,
which is <code>suspend</code>) as it is more likely to get prompt attention. Acceptable values
also include <code>suspend</code>, <code>single</code>, and <code>halt</code>.</div></td></tr><tr><td>Rationale</td><td><div class="rationale">Notifying administrators of an impending disk space problem may
allow them to take corrective action prior to any disruption.</div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">space left action</span>Â 
        <span class="label label-default">oval:ssg-test_auditd_data_retention_space_left_action:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/audit/auditd.conf</td><td>space_left_action = email</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_journald_compress" id="rule-detail-id34419"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Ensure journald is configured to compress large log filesxccdf_org.ssgproject.content_rule_journald_compress mediumCCE-91377-2 </div><div class="panel-heading"><h3 class="panel-title">Ensure journald is configured to compress large log files</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_journald_compress</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-journald_compress:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:07+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
            <abbr title="https://ncp.nist.gov/cce: CCE-91377-2">CCE-91377-2</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
            <a href="https://www.cisecurity.org/benchmark/suse_linux/">4.2.2.2</a></p></td></tr><tr><td>Description</td><td><div class="description">The journald system can compress large log files to avoid fill the system disk.</div></td></tr><tr><td>Rationale</td><td><div class="rationale">Log files that are not properly compressed run the risk of growing so large that they fill up the log partition. Valuable logging information could be lost if the log partition becomes full.</div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">tests the value of Compress setting in the /etc/systemd/journald.conf file</span>Â 
        <span class="label label-default">oval:ssg-test_journald_compress:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/systemd/journald.conf</td><td>Compress=yes</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_journald_storage" id="rule-detail-id34420"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Ensure journald is configured to write log files to persistent diskxccdf_org.ssgproject.content_rule_journald_storage mediumCCE-91378-0 </div><div class="panel-heading"><h3 class="panel-title">Ensure journald is configured to write log files to persistent disk</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_journald_storage</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-journald_storage:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:07+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
            <abbr title="https://ncp.nist.gov/cce: CCE-91378-0">CCE-91378-0</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
            <a href="https://www.cisecurity.org/benchmark/suse_linux/">4.2.2.3</a></p></td></tr><tr><td>Description</td><td><div class="description">The journald system may store log files in volatile memory or locally on disk.
If the logs are only stored in volatile memory they will we lost upon reboot.</div></td></tr><tr><td>Rationale</td><td><div class="rationale">Log files contain valuable data and need to be persistent to aid in possible investigations.</div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">tests the value of Storage setting in the /etc/systemd/journald.conf file</span>Â 
        <span class="label label-default">oval:ssg-test_journald_storage:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/systemd/journald.conf</td><td>Storage=persistent</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_kernel_module_dccp_disabled" id="rule-detail-id34421"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Disable DCCP Supportxccdf_org.ssgproject.content_rule_kernel_module_dccp_disabled mediumCCE-91241-0 </div><div class="panel-heading"><h3 class="panel-title">Disable DCCP Support</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_kernel_module_dccp_disabled</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-kernel_module_dccp_disabled:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:07+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
            <abbr title="https://ncp.nist.gov/cce: CCE-91241-0">CCE-91241-0</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
            <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.10.1</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.02</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.03</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.06</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.4.6</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001958</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.3.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.3.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.5.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.6.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-7(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-7(b)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.IP-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-3</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-1.4.2</a>, <a href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">1.4.2</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000096-GPOS-00050</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000378-GPOS-00163</a>, <a href="https://www.cisecurity.org/benchmark/suse_linux/">3.4.1</a></p></td></tr><tr><td>Description</td><td><div class="description">The Datagram Congestion Control Protocol (DCCP) is a
relatively new transport layer protocol, designed to support
streaming media and telephony.

To configure the system to prevent the <code>dccp</code>
kernel module from being loaded, add the following line to the file <code>/etc/modprobe.d/dccp.conf</code>:
<pre>install dccp /bin/true</pre></div></td></tr><tr><td>Rationale</td><td><div class="rationale">Disabling DCCP protects
the system against exploitation of any flaws in its implementation.</div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">kernel module dccp blacklisted</span>Â 
        <span class="label label-default">oval:ssg-test_kernmod_dccp_blacklisted:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/modprobe.d/dccp.conf</td><td>blacklist dccp</td></tr></tbody></table><h4><span class="label label-primary">kernel module dccp disabled</span>Â 
        <span class="label label-default">oval:ssg-test_kernmod_dccp_disabled:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/modprobe.d/dccp.conf</td><td>install dccp /bin/true</td></tr></tbody></table><h4><span class="label label-primary">kernel module dccp disabled in /etc/modprobe.conf</span>Â 
        <span class="label label-default">oval:ssg-test_kernmod_dccp_modprobeconf:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check deprecated /etc/modprobe.conf for disablement of dccp">oval:ssg-obj_kernmod_dccp_modprobeconf:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/modprobe.conf</td><td>^\s*install\s+dccp\s+(/bin/false|/bin/true)$</td><td>1</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_kernel_module_sctp_disabled" id="rule-detail-id34422"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Disable SCTP Supportxccdf_org.ssgproject.content_rule_kernel_module_sctp_disabled mediumCCE-91242-8 </div><div class="panel-heading"><h3 class="panel-title">Disable SCTP Support</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_kernel_module_sctp_disabled</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-kernel_module_sctp_disabled:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:07+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
            <abbr title="https://ncp.nist.gov/cce: CCE-91242-8">CCE-91242-8</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
            <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.10.1</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.02</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.03</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.06</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.4.6</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000381</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.3.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.3.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.5.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.6.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-7(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-7(b)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.IP-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-3</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-1.4.2</a>, <a href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">1.4.2</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000095-GPOS-00049</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a>, <a href="https://www.cisecurity.org/benchmark/suse_linux/">3.4.2</a></p></td></tr><tr><td>Description</td><td><div class="description">The Stream Control Transmission Protocol (SCTP) is a
transport layer protocol, designed to support the idea of
message-oriented communication, with several streams of messages
within one connection.

To configure the system to prevent the <code>sctp</code>
kernel module from being loaded, add the following line to the file <code>/etc/modprobe.d/sctp.conf</code>:
<pre>install sctp /bin/true</pre></div></td></tr><tr><td>Rationale</td><td><div class="rationale">Disabling SCTP protects
the system against exploitation of any flaws in its implementation.</div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">kernel module sctp blacklisted</span>Â 
        <span class="label label-default">oval:ssg-test_kernmod_sctp_blacklisted:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/modprobe.d/sctp.conf</td><td>blacklist sctp</td></tr></tbody></table><h4><span class="label label-primary">kernel module sctp disabled</span>Â 
        <span class="label label-default">oval:ssg-test_kernmod_sctp_disabled:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/modprobe.d/sctp.conf</td><td>install sctp /bin/true</td></tr></tbody></table><h4><span class="label label-primary">kernel module sctp disabled in /etc/modprobe.conf</span>Â 
        <span class="label label-default">oval:ssg-test_kernmod_sctp_modprobeconf:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check deprecated /etc/modprobe.conf for disablement of sctp">oval:ssg-obj_kernmod_sctp_modprobeconf:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/modprobe.conf</td><td>^\s*install\s+sctp\s+(/bin/false|/bin/true)$</td><td>1</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_file_etc_security_opasswd" id="rule-detail-id34423"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Verify Permissions and Ownership of Old Passwords Filexccdf_org.ssgproject.content_rule_file_etc_security_opasswd mediumCCE-85572-6 </div><div class="panel-heading"><h3 class="panel-title">Verify Permissions and Ownership of Old Passwords File</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_file_etc_security_opasswd</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-file_etc_security_opasswd:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:07+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
            <abbr title="https://ncp.nist.gov/cce: CCE-85572-6">CCE-85572-6</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
            <a href="https://public.cyber.mil/stigs/cci/">CCI-000200</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000077-GPOS-00045</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">SLES-15-020240</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-234893r622137_rule</a></p></td></tr><tr><td>Description</td><td><div class="description"> To properly set the owner of <code>/etc/security/opasswd</code>, run the command: <pre>$ sudo chown root /etc/security/opasswd </pre>
To properly set the group owner of <code>/etc/security/opasswd</code>, run the command: <pre>$ sudo chgrp root /etc/security/opasswd</pre>
To properly set the permissions of <code>/etc/security/opasswd</code>, run the command: <pre>$ sudo chmod 0600 /etc/security/opasswd</pre></div></td></tr><tr><td>Rationale</td><td><div class="rationale">The <code>/etc/security/opasswd</code> file stores old passwords to prevent
password reuse. Protection of this file is critical for system security.</div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">/etc/security/opasswd is owned by root:root / 0600</span>Â 
        <span class="label label-default">oval:ssg-test_file_etc_security_opasswd:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Type</th><th>UID</th><th>GID</th><th>Size (B)</th><th>Permissions</th></tr></thead><tbody><tr><td>/etc/security/opasswd</td><td>regular</td><td>0</td><td>0</td><td>239</td><td><code>rw-------Â </code></td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_file_permissions_etc_shadow" id="rule-detail-id34424"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Verify Permissions on shadow Filexccdf_org.ssgproject.content_rule_file_permissions_etc_shadow mediumCCE-85804-3 </div><div class="panel-heading"><h3 class="panel-title">Verify Permissions on shadow File</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_file_permissions_etc_shadow</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-file_permissions_etc_shadow:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:07+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
            <abbr title="https://ncp.nist.gov/cce: CCE-85804-3">CCE-85804-3</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R36)</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">18</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.5.2.2</a>, <a href="https://www.isaca.org/resources/cobit">APO01.06</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.02</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002223</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.iso.org/standard/54534.html">A.10.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.6.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.5</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-003-8 R5.1.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-003-8 R5.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-004-6 R2.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R2.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R2.2</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R2.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.1.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.1.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(1)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.DS-5</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-8.7.c</a>, <a href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">7.2.6</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a>, <a href="https://www.cisecurity.org/benchmark/suse_linux/">6.1.3</a></p></td></tr><tr><td>Description</td><td><div class="description">
To properly set the permissions of <code>/etc/shadow</code>, run the command:
<pre>$ sudo chmod 0640 /etc/shadow</pre></div></td></tr><tr><td>Rationale</td><td><div class="rationale">The <code>/etc/shadow</code> file contains the list of local
system accounts and stores password hashes. Protection of this file is
critical for system security. Failure to give ownership of this file
to root provides the designated owner with access to sensitive information
which could weaken the system security posture.</div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">Testing mode of /etc/shadow</span>Â 
        <span class="label label-default">oval:ssg-test_file_permissions_etc_shadow_0:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="/etc/shadow">oval:ssg-object_file_permissions_etc_shadow_0:obj:1</abbr></strong> of type
                <strong>file_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Filter</th><th>Filter</th></tr></thead><tbody><tr><td>/etc/shadow</td><td>oval:ssg-exclude_symlinks__etc_shadow:ste:1</td><td>oval:ssg-state_file_permissions_etc_shadow_0_mode_0640or_stricter_:ste:1</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_file_groupownership_system_commands_dirs" id="rule-detail-id34425"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Verify that system commands files are group owned by root or a system accountxccdf_org.ssgproject.content_rule_file_groupownership_system_commands_dirs mediumCCE-85742-5 </div><div class="panel-heading"><h3 class="panel-title">Verify that system commands files are group owned by root or a system account</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_file_groupownership_system_commands_dirs</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-file_groupownership_system_commands_dirs:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:07+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
            <abbr title="https://ncp.nist.gov/cce: CCE-85742-5">CCE-85742-5</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
            <a href="https://public.cyber.mil/stigs/cci/">CCI-001499</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-5(6)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-5(6).1</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000259-GPOS-00100</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">SLES-15-010361</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-234844r622137_rule</a></p></td></tr><tr><td>Description</td><td><div class="description">System commands files are stored in the following directories by default:
<pre>/bin
/sbin
/usr/bin
/usr/sbin
/usr/local/bin
/usr/local/sbin
</pre>
All files in these directories should be owned by the <code>root</code> group,
or a system account.
If the directory, or any file in these directories, is found to be owned
by a group other than root or a a system account correct its ownership
with the following command:
<pre>$ sudo chgrp root <i>FILE</i></pre></div></td></tr><tr><td>Rationale</td><td><div class="rationale">If the operating system allows any user to make changes to software
libraries, then those changes might be implemented without undergoing the
appropriate testing and approvals that are part of a robust change management
process.
This requirement applies to operating systems with software libraries
that are accessible and configurable, as in the case of interpreted languages.
Software libraries also include privileged programs which execute with
escalated privileges. Only qualified and authorized individuals must be
allowed to obtain access to information system components for purposes
of initiating changes, including upgrades and modifications.</div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">system commands are owned by root or a system account</span>Â 
        <span class="label label-default">oval:ssg-test_groupownership_system_commands_dirs:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="system commands files">oval:ssg-object_groupownership_system_commands_dirs:obj:1</abbr></strong> of type
                <strong>file_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Filename</th><th>Filter</th></tr></thead><tbody><tr><td>^\/s?bin|^\/usr\/s?bin|^\/usr\/local\/s?bin</td><td>^.*$</td><td>oval:ssg-state_groupowner_system_commands_dirs_not_root_or_system_account:ste:1</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_kernel_module_squashfs_disabled" id="rule-detail-id34426"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Disable Mounting of squashfsxccdf_org.ssgproject.content_rule_kernel_module_squashfs_disabled lowCCE-92452-2 </div><div class="panel-heading"><h3 class="panel-title">Disable Mounting of squashfs</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_kernel_module_squashfs_disabled</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-kernel_module_squashfs_disabled:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:07+00:00</td></tr><tr><td>Severity</td><td>low</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
            <abbr title="https://ncp.nist.gov/cce: CCE-92452-2">CCE-92452-2</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
            <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.02</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.03</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.06</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.4.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.3.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.3.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.5.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.6.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-7(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-7(b)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.IP-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-3</a>, <a href="https://www.cisecurity.org/benchmark/suse_linux/">1.1.1.1</a></p></td></tr><tr><td>Description</td><td><div class="description">
To configure the system to prevent the <code>squashfs</code>
kernel module from being loaded, add the following line to the file <code>/etc/modprobe.d/squashfs.conf</code>:
<pre>install squashfs /bin/true</pre>

This effectively prevents usage of this uncommon filesystem.

The <code>squashfs</code> filesystem type is a compressed read-only Linux
filesystem embedded in small footprint systems (similar to
<code>cramfs</code>). A <code>squashfs</code> image can be used without having
to first decompress the image.</div></td></tr><tr><td>Rationale</td><td><div class="rationale">Removing support for unneeded filesystem types reduces the local attack
surface of the system.</div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">kernel module squashfs blacklisted</span>Â 
        <span class="label label-default">oval:ssg-test_kernmod_squashfs_blacklisted:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/modprobe.d/squashfs.conf</td><td>blacklist squashfs</td></tr></tbody></table><h4><span class="label label-primary">kernel module squashfs disabled</span>Â 
        <span class="label label-default">oval:ssg-test_kernmod_squashfs_disabled:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/modprobe.d/squashfs.conf</td><td>install squashfs /bin/true</td></tr></tbody></table><h4><span class="label label-primary">kernel module squashfs disabled in /etc/modprobe.conf</span>Â 
        <span class="label label-default">oval:ssg-test_kernmod_squashfs_modprobeconf:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check deprecated /etc/modprobe.conf for disablement of squashfs">oval:ssg-obj_kernmod_squashfs_modprobeconf:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/modprobe.conf</td><td>^\s*install\s+squashfs\s+(/bin/false|/bin/true)$</td><td>1</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_kernel_module_udf_disabled" id="rule-detail-id34427"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Disable Mounting of udfxccdf_org.ssgproject.content_rule_kernel_module_udf_disabled lowCCE-92453-0 </div><div class="panel-heading"><h3 class="panel-title">Disable Mounting of udf</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_kernel_module_udf_disabled</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-kernel_module_udf_disabled:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:07+00:00</td></tr><tr><td>Severity</td><td>low</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
            <abbr title="https://ncp.nist.gov/cce: CCE-92453-0">CCE-92453-0</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
            <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.02</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.03</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.06</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.4.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.3.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.3.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.5.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.6.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-7(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-7(b)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.IP-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-3</a>, <a href="https://www.cisecurity.org/benchmark/suse_linux/">1.1.1.2</a></p></td></tr><tr><td>Description</td><td><div class="description">
To configure the system to prevent the <code>udf</code>
kernel module from being loaded, add the following line to the file <code>/etc/modprobe.d/udf.conf</code>:
<pre>install udf /bin/true</pre>

This effectively prevents usage of this uncommon filesystem.

The <code>udf</code> filesystem type is the universal disk format
used to implement the ISO/IEC 13346 and ECMA-167 specifications.
This is an open vendor filesystem type for data storage on a broad
range of media. This filesystem type is neccessary to support
writing DVDs and newer optical disc formats.</div></td></tr><tr><td>Rationale</td><td><div class="rationale">Removing support for unneeded filesystem types reduces the local
attack surface of the system.</div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">kernel module udf blacklisted</span>Â 
        <span class="label label-default">oval:ssg-test_kernmod_udf_blacklisted:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/modprobe.d/udf.conf</td><td>blacklist udf</td></tr></tbody></table><h4><span class="label label-primary">kernel module udf disabled</span>Â 
        <span class="label label-default">oval:ssg-test_kernmod_udf_disabled:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/modprobe.d/udf.conf</td><td>install udf /bin/true</td></tr></tbody></table><h4><span class="label label-primary">kernel module udf disabled in /etc/modprobe.conf</span>Â 
        <span class="label label-default">oval:ssg-test_kernmod_udf_modprobeconf:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check deprecated /etc/modprobe.conf for disablement of udf">oval:ssg-obj_kernmod_udf_modprobeconf:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/modprobe.conf</td><td>^\s*install\s+udf\s+(/bin/false|/bin/true)$</td><td>1</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_kernel_module_usb-storage_disabled" id="rule-detail-id34428"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Disable Modprobe Loading of USB Storage Driverxccdf_org.ssgproject.content_rule_kernel_module_usb-storage_disabled mediumCCE-83294-9 </div><div class="panel-heading"><h3 class="panel-title">Disable Modprobe Loading of USB Storage Driver</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_kernel_module_usb-storage_disabled</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-kernel_module_usb-storage_disabled:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:07+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
            <abbr title="https://ncp.nist.gov/cce: CCE-83294-9">CCE-83294-9</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.10</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.10</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.21</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000778</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001958</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(iv)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.18.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.9.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.3</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-7(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-7(b)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">MP-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-6</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-7</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000114-GPOS-00059</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000378-GPOS-00163</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">SLES-15-010480</a>, <a href="https://www.cisecurity.org/benchmark/suse_linux/">1.1.23</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-234856r622137_rule</a></p></td></tr><tr><td>Description</td><td><div class="description">To prevent USB storage devices from being used, configure the kernel module loading system
to prevent automatic loading of the USB storage driver.

To configure the system to prevent the <code>usb-storage</code>
kernel module from being loaded, add the following line to the file <code>/etc/modprobe.d/usb-storage.conf</code>:
<pre>install usb-storage /bin/true</pre>

This will prevent the <code>modprobe</code> program from loading the <code>usb-storage</code>
module, but will not prevent an administrator (or another program) from using the
<code>insmod</code> program to load the module manually.</div></td></tr><tr><td>Rationale</td><td><div class="rationale">USB storage devices such as thumb drives can be used to introduce
malicious software.</div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">kernel module usb-storage blacklisted</span>Â 
        <span class="label label-default">oval:ssg-test_kernmod_usb-storage_blacklisted:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/modprobe.d/usb-storage.conf</td><td>blacklist usb-storage</td></tr></tbody></table><h4><span class="label label-primary">kernel module usb-storage disabled</span>Â 
        <span class="label label-default">oval:ssg-test_kernmod_usb-storage_disabled:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/modprobe.d/usb-storage.conf</td><td>install usb-storage /bin/true</td></tr></tbody></table><h4><span class="label label-primary">kernel module usb-storage disabled in /etc/modprobe.conf</span>Â 
        <span class="label label-default">oval:ssg-test_kernmod_usb-storage_modprobeconf:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check deprecated /etc/modprobe.conf for disablement of usb-storage">oval:ssg-obj_kernmod_usb-storage_modprobeconf:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/modprobe.conf</td><td>^\s*install\s+usb-storage\s+(/bin/false|/bin/true)$</td><td>1</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_disable_users_coredumps" id="rule-detail-id34429"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Disable Core Dumps for All Usersxccdf_org.ssgproject.content_rule_disable_users_coredumps mediumCCE-85740-9 </div><div class="panel-heading"><h3 class="panel-title">Disable Core Dumps for All Users</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_disable_users_coredumps</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-disable_users_coredumps:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:07+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
            <abbr title="https://ncp.nist.gov/cce: CCE-85740-9">CCE-85740-9</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI04.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.17.2.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">SC-7(10)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.DS-4</a>, <a href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">3.3.1.1</a>, <a href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">3.3.1.2</a>, <a href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">3.3.1.3</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a>, <a href="https://www.cisecurity.org/benchmark/suse_linux/">1.6.1</a></p></td></tr><tr><td>Description</td><td><div class="description">To disable core dumps for all users, add the following line to
<code>/etc/security/limits.conf</code>, or to a file within the
<code>/etc/security/limits.d/</code> directory:
<pre>*     hard   core    0</pre></div></td></tr><tr><td>Rationale</td><td><div class="rationale">A core dump includes a memory image taken at the time the operating system
terminates an application. The memory image could contain sensitive data and is generally useful
only for developers trying to debug problems.</div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">Tests the value of the ^[\s]*\*[\s]+(hard|-)[\s]+core[\s]+([\d]+) setting in the /etc/security/limits.d directory</span>Â 
        <span class="label label-default">oval:ssg-test_core_dumps_limits_d:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_core_dumps_limits_d:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Filename</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/security/limits.d</td><td>^.*\.conf$</td><td>^[\s]*\*[\s]+(?:hard|-)[\s]+core[\s]+([\d]+)</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Tests for existance of the ^[\s]*\*[\s]+(hard|-)[\s]+core setting in the /etc/security/limits.d directory</span>Â 
        <span class="label label-default">oval:ssg-test_core_dumps_limits_d_exists:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_core_dumps_limits_d_exists:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Filename</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/security/limits.d</td><td>^.*\.conf$</td><td>^[\s]*\*[\s]+(?:hard|-)[\s]+core</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Tests the value of the ^[\s]*\*[\s]+(hard|-)[\s]+core[\s]+([\d]+) setting in the /etc/security/limits.conf file</span>Â 
        <span class="label label-default">oval:ssg-test_core_dumps_limitsconf:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/security/limits.conf</td><td>*     hard   core    0</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_file_permissions_cron_d" id="rule-detail-id34430"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Verify Permissions on cron.dxccdf_org.ssgproject.content_rule_file_permissions_cron_d mediumCCE-91304-6 </div><div class="panel-heading"><h3 class="panel-title">Verify Permissions on cron.d</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_file_permissions_cron_d</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-file_permissions_cron_d:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:07+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
            <abbr title="https://ncp.nist.gov/cce: CCE-91304-6">CCE-91304-6</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
            <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">18</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.isaca.org/resources/cobit">APO01.06</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.02</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.iso.org/standard/54534.html">A.10.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.6.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.5</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(1)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.DS-5</a>, <a href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">2.2.6</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a>, <a href="https://www.cisecurity.org/benchmark/suse_linux/">5.1.7</a></p></td></tr><tr><td>Description</td><td><div class="description">
To properly set the permissions of <code>/etc/cron.d</code>, run the command:
<pre>$ sudo chmod 0700 /etc/cron.d</pre></div></td></tr><tr><td>Rationale</td><td><div class="rationale">Service configuration files enable or disable features of their respective services that if configured incorrectly
can lead to insecure and vulnerable configurations. Therefore, service configuration files should have the
correct access rights to prevent unauthorized changes.</div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">Testing mode of /etc/cron.d/</span>Â 
        <span class="label label-default">oval:ssg-test_file_permissions_cron_d_0:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="/etc/cron.d/">oval:ssg-object_file_permissions_cron_d_0:obj:1</abbr></strong> of type
                <strong>file_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Filename</th><th>Filter</th><th>Filter</th></tr></thead><tbody><tr><td>/etc/cron.d</td><td>no value</td><td>oval:ssg-exclude_symlinks__cron_d:ste:1</td><td>oval:ssg-state_file_permissions_cron_d_0_mode_0700or_stricter_:ste:1</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_file_permissions_cron_daily" id="rule-detail-id34431"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Verify Permissions on cron.dailyxccdf_org.ssgproject.content_rule_file_permissions_cron_daily mediumCCE-91301-2 </div><div class="panel-heading"><h3 class="panel-title">Verify Permissions on cron.daily</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_file_permissions_cron_daily</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-file_permissions_cron_daily:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:07+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
            <abbr title="https://ncp.nist.gov/cce: CCE-91301-2">CCE-91301-2</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
            <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">18</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.isaca.org/resources/cobit">APO01.06</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.02</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.iso.org/standard/54534.html">A.10.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.6.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.5</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(1)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.DS-5</a>, <a href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">2.2.6</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a>, <a href="https://www.cisecurity.org/benchmark/suse_linux/">5.1.4</a></p></td></tr><tr><td>Description</td><td><div class="description">
To properly set the permissions of <code>/etc/cron.daily</code>, run the command:
<pre>$ sudo chmod 0700 /etc/cron.daily</pre></div></td></tr><tr><td>Rationale</td><td><div class="rationale">Service configuration files enable or disable features of their respective services that if configured incorrectly
can lead to insecure and vulnerable configurations. Therefore, service configuration files should have the
correct access rights to prevent unauthorized changes.</div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">Testing mode of /etc/cron.daily/</span>Â 
        <span class="label label-default">oval:ssg-test_file_permissions_cron_daily_0:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="/etc/cron.daily/">oval:ssg-object_file_permissions_cron_daily_0:obj:1</abbr></strong> of type
                <strong>file_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Filename</th><th>Filter</th><th>Filter</th></tr></thead><tbody><tr><td>/etc/cron.daily</td><td>no value</td><td>oval:ssg-exclude_symlinks__cron_daily:ste:1</td><td>oval:ssg-state_file_permissions_cron_daily_0_mode_0700or_stricter_:ste:1</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_file_permissions_cron_hourly" id="rule-detail-id34432"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Verify Permissions on cron.hourlyxccdf_org.ssgproject.content_rule_file_permissions_cron_hourly mediumCCE-91300-4 </div><div class="panel-heading"><h3 class="panel-title">Verify Permissions on cron.hourly</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_file_permissions_cron_hourly</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-file_permissions_cron_hourly:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:07+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
            <abbr title="https://ncp.nist.gov/cce: CCE-91300-4">CCE-91300-4</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
            <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">18</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.isaca.org/resources/cobit">APO01.06</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.02</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.iso.org/standard/54534.html">A.10.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.6.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.5</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(1)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.DS-5</a>, <a href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">2.2.6</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a>, <a href="https://www.cisecurity.org/benchmark/suse_linux/">5.1.3</a></p></td></tr><tr><td>Description</td><td><div class="description">
To properly set the permissions of <code>/etc/cron.hourly</code>, run the command:
<pre>$ sudo chmod 0700 /etc/cron.hourly</pre></div></td></tr><tr><td>Rationale</td><td><div class="rationale">Service configuration files enable or disable features of their respective services that if configured incorrectly
can lead to insecure and vulnerable configurations. Therefore, service configuration files should have the
correct access rights to prevent unauthorized changes.</div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">Testing mode of /etc/cron.hourly/</span>Â 
        <span class="label label-default">oval:ssg-test_file_permissions_cron_hourly_0:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="/etc/cron.hourly/">oval:ssg-object_file_permissions_cron_hourly_0:obj:1</abbr></strong> of type
                <strong>file_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Filename</th><th>Filter</th><th>Filter</th></tr></thead><tbody><tr><td>/etc/cron.hourly</td><td>no value</td><td>oval:ssg-exclude_symlinks__cron_hourly:ste:1</td><td>oval:ssg-state_file_permissions_cron_hourly_0_mode_0700or_stricter_:ste:1</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_file_permissions_cron_monthly" id="rule-detail-id34433"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Verify Permissions on cron.monthlyxccdf_org.ssgproject.content_rule_file_permissions_cron_monthly mediumCCE-91303-8 </div><div class="panel-heading"><h3 class="panel-title">Verify Permissions on cron.monthly</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_file_permissions_cron_monthly</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-file_permissions_cron_monthly:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:07+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
            <abbr title="https://ncp.nist.gov/cce: CCE-91303-8">CCE-91303-8</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
            <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">18</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.isaca.org/resources/cobit">APO01.06</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.02</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.iso.org/standard/54534.html">A.10.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.6.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.5</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(1)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.DS-5</a>, <a href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">2.2.6</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a>, <a href="https://www.cisecurity.org/benchmark/suse_linux/">5.1.6</a></p></td></tr><tr><td>Description</td><td><div class="description">
To properly set the permissions of <code>/etc/cron.monthly</code>, run the command:
<pre>$ sudo chmod 0700 /etc/cron.monthly</pre></div></td></tr><tr><td>Rationale</td><td><div class="rationale">Service configuration files enable or disable features of their respective services that if configured incorrectly
can lead to insecure and vulnerable configurations. Therefore, service configuration files should have the
correct access rights to prevent unauthorized changes.</div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">Testing mode of /etc/cron.monthly/</span>Â 
        <span class="label label-default">oval:ssg-test_file_permissions_cron_monthly_0:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="/etc/cron.monthly/">oval:ssg-object_file_permissions_cron_monthly_0:obj:1</abbr></strong> of type
                <strong>file_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Filename</th><th>Filter</th><th>Filter</th></tr></thead><tbody><tr><td>/etc/cron.monthly</td><td>no value</td><td>oval:ssg-exclude_symlinks__cron_monthly:ste:1</td><td>oval:ssg-state_file_permissions_cron_monthly_0_mode_0700or_stricter_:ste:1</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_file_permissions_cron_weekly" id="rule-detail-id34434"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Verify Permissions on cron.weeklyxccdf_org.ssgproject.content_rule_file_permissions_cron_weekly mediumCCE-91302-0 </div><div class="panel-heading"><h3 class="panel-title">Verify Permissions on cron.weekly</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_file_permissions_cron_weekly</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-file_permissions_cron_weekly:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:07+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
            <abbr title="https://ncp.nist.gov/cce: CCE-91302-0">CCE-91302-0</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
            <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">18</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.isaca.org/resources/cobit">APO01.06</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.02</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.iso.org/standard/54534.html">A.10.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.6.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.5</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(1)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.DS-5</a>, <a href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">2.2.6</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a>, <a href="https://www.cisecurity.org/benchmark/suse_linux/">5.1.5</a></p></td></tr><tr><td>Description</td><td><div class="description">
To properly set the permissions of <code>/etc/cron.weekly</code>, run the command:
<pre>$ sudo chmod 0700 /etc/cron.weekly</pre></div></td></tr><tr><td>Rationale</td><td><div class="rationale">Service configuration files enable or disable features of their respective services that if configured incorrectly
can lead to insecure and vulnerable configurations. Therefore, service configuration files should have the
correct access rights to prevent unauthorized changes.</div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">Testing mode of /etc/cron.weekly/</span>Â 
        <span class="label label-default">oval:ssg-test_file_permissions_cron_weekly_0:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="/etc/cron.weekly/">oval:ssg-object_file_permissions_cron_weekly_0:obj:1</abbr></strong> of type
                <strong>file_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Filename</th><th>Filter</th><th>Filter</th></tr></thead><tbody><tr><td>/etc/cron.weekly</td><td>no value</td><td>oval:ssg-exclude_symlinks__cron_weekly:ste:1</td><td>oval:ssg-state_file_permissions_cron_weekly_0_mode_0700or_stricter_:ste:1</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_chronyd_run_as_chrony_user" id="rule-detail-id34435"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Ensure that chronyd is running under chrony user accountxccdf_org.ssgproject.content_rule_chronyd_run_as_chrony_user mediumCCE-91360-8 </div><div class="panel-heading"><h3 class="panel-title">Ensure that chronyd is running under chrony user account</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_chronyd_run_as_chrony_user</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-chronyd_run_as_chrony_user:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:07+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
            <abbr title="https://ncp.nist.gov/cce: CCE-91360-8">CCE-91360-8</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
            <a href="https://www.cisecurity.org/benchmark/suse_linux/">2.2.1.3</a></p></td></tr><tr><td>Description</td><td><div class="description">chrony is a daemon which implements the Network Time Protocol (NTP). It is designed to
synchronize system clocks across a variety of systems and use a source that is highly
accurate. More information on chrony can be found at

    <a href="http://chrony.tuxfamily.org/">http://chrony.tuxfamily.org/</a>.
Chrony can be configured to be a client and/or a server.
To ensure that chronyd is running under chrony user account,
add or edit the
<code>OPTIONS</code> variable in <code>/etc/sysconfig/chronyd</code> to include <code>-u chrony</code>:
<pre>OPTIONS="-u chrony"</pre>

This recommendation only applies if chrony is in use on the system.</div></td></tr><tr><td>Rationale</td><td><div class="rationale">If chrony is in use on the system proper configuration is vital to ensuring time synchronization
is working properly.</div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">tests the value of OPTIONS setting in the /etc/sysconfig/chronyd file</span>Â 
        <span class="label label-default">oval:ssg-test_chronyd_run_as_chrony_user:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/sysconfig/chronyd</td><td>OPTIONS=" -u chrony"</td></tr></tbody></table><h4><span class="label label-primary">The configuration file /etc/sysconfig/chronyd exists for chronyd_run_as_chrony_user</span>Â 
        <span class="label label-default">oval:ssg-test_chronyd_run_as_chrony_user_config_file_exists:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Type</th><th>UID</th><th>GID</th><th>Size (B)</th><th>Permissions</th></tr></thead><tbody><tr><td>/etc/sysconfig/chronyd</td><td>regular</td><td>0</td><td>0</td><td>195</td><td><code>rw-r--r--Â </code></td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_sshd_set_keepalive_0" id="rule-detail-id34436"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Set SSH Client Alive Count Max to zeroxccdf_org.ssgproject.content_rule_sshd_set_keepalive_0 mediumCCE-83284-0 </div><div class="panel-heading"><h3 class="panel-title">Set SSH Client Alive Count Max to zero</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_sshd_set_keepalive_0</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-sshd_set_keepalive_0:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:07+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
            <abbr title="https://ncp.nist.gov/cce: CCE-83284-0">CCE-83284-0</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">18</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.5.6</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.02</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.10</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.10</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.11</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000879</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001133</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002361</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(4)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(b)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(b)(3)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)(2)(ii)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.3.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.5</a>, <a href="https://www.iso.org/standard/54534.html">A.18.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.6.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.6.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.9.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.5</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-004-6 R2.2.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.2</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.3.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.3.2</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.3.3</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-2(5)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-12</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-17(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">SC-10</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-6</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.IP-2</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-8.1.8</a>, <a href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">8.2.8</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000126-GPOS-00066</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000163-GPOS-00072</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000279-GPOS-00109</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">SLES-15-010320</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-234830r622137_rule</a></p></td></tr><tr><td>Description</td><td><div class="description">The SSH server sends at most <code>ClientAliveCountMax</code> messages
during a SSH session and waits for a response from the SSH client.
The option <code>ClientAliveInterval</code> configures timeout after
each <code>ClientAliveCountMax</code> message. If the SSH server does not
receive a response from the client, then the connection is considered unresponsive
and terminated.

To ensure the SSH timeout occurs precisely when the
<code>ClientAliveInterval</code> is set, set the <code>ClientAliveCountMax</code> to
value of <code>0</code> in


<code>/etc/ssh/sshd_config</code>:</div></td></tr><tr><td>Rationale</td><td><div class="rationale">This ensures a user login will be terminated as soon as the <code>ClientAliveInterval</code>
is reached.</div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">Verify if Profile set Value sshd_required as not required</span>Â 
        <span class="label label-default">oval:ssg-test_sshd_not_required:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Var ref</th><th>Value</th></tr></thead><tbody><tr><td>oval:ssg-sshd_required:var:1</td><td>0</td></tr></tbody></table><h4><span class="label label-primary">Verify if Value of sshd_required is the default</span>Â 
        <span class="label label-default">oval:ssg-test_sshd_requirement_unset:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Var ref</th><th>Value</th></tr></thead><tbody><tr><td>oval:ssg-sshd_required:var:1</td><td>0</td></tr></tbody></table><h4><span class="label label-primary">package openssh is removed</span>Â 
        <span class="label label-default">oval:ssg-test_package_openssh_removed:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th><th>Arch</th><th>Epoch</th><th>Release</th><th>Version</th><th>Evr</th><th>Signature keyid</th><th>Extended name</th></tr></thead><tbody><tr><td>openssh</td><td>x86_64</td><td>(none)</td><td>150300.3.22.1</td><td>8.4p1</td><td>0:8.4p1-150300.3.22.1</td><td>70af9e8139db7c82</td><td>openssh-0:8.4p1-150300.3.22.1.x86_64</td></tr></tbody></table><h4><span class="label label-primary">Verify if Profile set Value sshd_required as required</span>Â 
        <span class="label label-default">oval:ssg-test_sshd_required:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Var ref</th><th>Value</th></tr></thead><tbody><tr><td>oval:ssg-sshd_required:var:1</td><td>0</td></tr></tbody></table><h4><span class="label label-primary">Verify if Value of sshd_required is the default</span>Â 
        <span class="label label-default">oval:ssg-test_sshd_requirement_unset:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Var ref</th><th>Value</th></tr></thead><tbody><tr><td>oval:ssg-sshd_required:var:1</td><td>0</td></tr></tbody></table><h4><span class="label label-primary">package openssh is installed</span>Â 
        <span class="label label-default">oval:ssg-test_package_openssh_installed:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th><th>Arch</th><th>Epoch</th><th>Release</th><th>Version</th><th>Evr</th><th>Signature keyid</th><th>Extended name</th></tr></thead><tbody><tr><td>openssh</td><td>x86_64</td><td>(none)</td><td>150300.3.22.1</td><td>8.4p1</td><td>0:8.4p1-150300.3.22.1</td><td>70af9e8139db7c82</td><td>openssh-0:8.4p1-150300.3.22.1.x86_64</td></tr></tbody></table><h4><span class="label label-primary">tests the value of ClientAliveCountMax setting in the /etc/ssh/sshd_config file</span>Â 
        <span class="label label-default">oval:ssg-test_sshd_set_keepalive_0:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/ssh/sshd_config</td><td>ClientAliveCountMax 0</td></tr></tbody></table><h4><span class="label label-primary">Verify that the value of ClientAliveCountMax is present</span>Â 
        <span class="label label-default">oval:ssg-test_ClientAliveCountMax_present_sshd_set_keepalive_0:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/ssh/sshd_config</td><td>ClientAliveCountMax 0</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_sshd_set_idle_timeout" id="rule-detail-id34437"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Set SSH Client Alive Intervalxccdf_org.ssgproject.content_rule_sshd_set_idle_timeout mediumCCE-83281-6 </div><div class="panel-heading"><h3 class="panel-title">Set SSH Client Alive Interval</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_sshd_set_idle_timeout</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-sshd_set_idle_timeout:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:07+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
            <abbr title="https://ncp.nist.gov/cce: CCE-83281-6">CCE-83281-6</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R29)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">18</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.5.6</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.02</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.10</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.10</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.11</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000879</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001133</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002361</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.3.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.5</a>, <a href="https://www.iso.org/standard/54534.html">A.18.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.6.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.6.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.9.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.5</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-004-6 R2.2.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.2</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.3.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.3.2</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.3.3</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-17(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-2(5)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-12</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-17(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">SC-10</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-6</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.IP-2</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-8.1.8</a>, <a href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">8.2.8</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000126-GPOS-00066</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000163-GPOS-00072</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000279-GPOS-00109</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000395-GPOS-00175</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">SLES-15-010280</a>, <a href="https://www.cisecurity.org/benchmark/suse_linux/">5.2.16</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-234827r622137_rule</a></p></td></tr><tr><td>Description</td><td><div class="description">SSH allows administrators to set a network responsiveness timeout interval.
After this interval has passed, the unresponsive client will be automatically logged out.
<br><br>
To set this timeout interval, edit the following line in <code>/etc/ssh/sshd_config</code> as
follows:
<pre>ClientAliveInterval <b><abbr title="from TestResult: xccdf_org.ssgproject.content_value_sshd_idle_timeout_value">600</abbr></b></pre>
<br><br>
The timeout <b>interval</b> is given in seconds. For example, have a timeout
of 10 minutes, set <b>interval</b> to 600.
<br><br>
If a shorter timeout has already been set for the login shell, that value will
preempt any SSH setting made in <code>/etc/ssh/sshd_config</code>. Keep in mind that
some processes may stop SSH from correctly detecting that the user is idle.</div></td></tr><tr><td>Rationale</td><td><div class="rationale">Terminating an idle ssh session within a short time period reduces the window of
opportunity for unauthorized personnel to take control of a management session
enabled on the console or console port that has been let unattended.</div></td></tr><tr><td>Warnings</td><td><div class="panel panel-warning"><div class="panel-heading"><span class="label label-warning">warning</span>Â 
                                SSH disconnecting unresponsive clients will not have desired effect without also
configuring ClientAliveCountMax in the SSH service configuration.</div></div><div class="panel panel-warning"><div class="panel-heading"><span class="label label-warning">warning</span>Â 
                                Following conditions may prevent the SSH session to time out:
<ul><li>Remote processes on the remote machine generates output. As the output has to be transferred over the network to the client, the timeout is reset every time such transfer happens.</li><li>Any <code>scp</code> or <code>sftp</code> activity by the same user to the host resets the timeout.</li></ul></div></div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">Verify if Profile set Value sshd_required as not required</span>Â 
        <span class="label label-default">oval:ssg-test_sshd_not_required:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Var ref</th><th>Value</th></tr></thead><tbody><tr><td>oval:ssg-sshd_required:var:1</td><td>0</td></tr></tbody></table><h4><span class="label label-primary">Verify if Value of sshd_required is the default</span>Â 
        <span class="label label-default">oval:ssg-test_sshd_requirement_unset:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Var ref</th><th>Value</th></tr></thead><tbody><tr><td>oval:ssg-sshd_required:var:1</td><td>0</td></tr></tbody></table><h4><span class="label label-primary">package openssh is removed</span>Â 
        <span class="label label-default">oval:ssg-test_package_openssh_removed:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th><th>Arch</th><th>Epoch</th><th>Release</th><th>Version</th><th>Evr</th><th>Signature keyid</th><th>Extended name</th></tr></thead><tbody><tr><td>openssh</td><td>x86_64</td><td>(none)</td><td>150300.3.22.1</td><td>8.4p1</td><td>0:8.4p1-150300.3.22.1</td><td>70af9e8139db7c82</td><td>openssh-0:8.4p1-150300.3.22.1.x86_64</td></tr></tbody></table><h4><span class="label label-primary">Verify if Profile set Value sshd_required as required</span>Â 
        <span class="label label-default">oval:ssg-test_sshd_required:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Var ref</th><th>Value</th></tr></thead><tbody><tr><td>oval:ssg-sshd_required:var:1</td><td>0</td></tr></tbody></table><h4><span class="label label-primary">Verify if Value of sshd_required is the default</span>Â 
        <span class="label label-default">oval:ssg-test_sshd_requirement_unset:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Var ref</th><th>Value</th></tr></thead><tbody><tr><td>oval:ssg-sshd_required:var:1</td><td>0</td></tr></tbody></table><h4><span class="label label-primary">package openssh is installed</span>Â 
        <span class="label label-default">oval:ssg-test_package_openssh_installed:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th><th>Arch</th><th>Epoch</th><th>Release</th><th>Version</th><th>Evr</th><th>Signature keyid</th><th>Extended name</th></tr></thead><tbody><tr><td>openssh</td><td>x86_64</td><td>(none)</td><td>150300.3.22.1</td><td>8.4p1</td><td>0:8.4p1-150300.3.22.1</td><td>70af9e8139db7c82</td><td>openssh-0:8.4p1-150300.3.22.1.x86_64</td></tr></tbody></table><h4><span class="label label-primary">timeout is configured</span>Â 
        <span class="label label-default">oval:ssg-test_sshd_idle_timeout:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/ssh/sshd_config</td><td>ClientAliveInterval 600</td></tr></tbody></table><h4><span class="label label-primary">Verify if Profile set Value sshd_required as not required</span>Â 
        <span class="label label-default">oval:ssg-test_sshd_not_required:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Var ref</th><th>Value</th></tr></thead><tbody><tr><td>oval:ssg-sshd_required:var:1</td><td>0</td></tr></tbody></table><h4><span class="label label-primary">Verify if Value of sshd_required is the default</span>Â 
        <span class="label label-default">oval:ssg-test_sshd_requirement_unset:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Var ref</th><th>Value</th></tr></thead><tbody><tr><td>oval:ssg-sshd_required:var:1</td><td>0</td></tr></tbody></table><h4><span class="label label-primary">package openssh is removed</span>Â 
        <span class="label label-default">oval:ssg-test_package_openssh_removed:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th><th>Arch</th><th>Epoch</th><th>Release</th><th>Version</th><th>Evr</th><th>Signature keyid</th><th>Extended name</th></tr></thead><tbody><tr><td>openssh</td><td>x86_64</td><td>(none)</td><td>150300.3.22.1</td><td>8.4p1</td><td>0:8.4p1-150300.3.22.1</td><td>70af9e8139db7c82</td><td>openssh-0:8.4p1-150300.3.22.1.x86_64</td></tr></tbody></table><h4><span class="label label-primary">Verify if Profile set Value sshd_required as required</span>Â 
        <span class="label label-default">oval:ssg-test_sshd_required:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Var ref</th><th>Value</th></tr></thead><tbody><tr><td>oval:ssg-sshd_required:var:1</td><td>0</td></tr></tbody></table><h4><span class="label label-primary">Verify if Value of sshd_required is the default</span>Â 
        <span class="label label-default">oval:ssg-test_sshd_requirement_unset:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Var ref</th><th>Value</th></tr></thead><tbody><tr><td>oval:ssg-sshd_required:var:1</td><td>0</td></tr></tbody></table><h4><span class="label label-primary">package openssh is installed</span>Â 
        <span class="label label-default">oval:ssg-test_package_openssh_installed:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th><th>Arch</th><th>Epoch</th><th>Release</th><th>Version</th><th>Evr</th><th>Signature keyid</th><th>Extended name</th></tr></thead><tbody><tr><td>openssh</td><td>x86_64</td><td>(none)</td><td>150300.3.22.1</td><td>8.4p1</td><td>0:8.4p1-150300.3.22.1</td><td>70af9e8139db7c82</td><td>openssh-0:8.4p1-150300.3.22.1.x86_64</td></tr></tbody></table><h4><span class="label label-primary">Check the value of ClientAliveCountMax setting in the /etc/ssh/sshd_config file</span>Â 
        <span class="label label-default">oval:ssg-test_sshd_set_keepalive_clientalivecountmax:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/ssh/sshd_config</td><td>ClientAliveCountMax 0</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-fail rule-detail-id-xccdf_org.ssgproject.content_rule_sshd_disable_root_login" id="rule-detail-id34438"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Disable SSH Root Loginxccdf_org.ssgproject.content_rule_sshd_disable_root_login mediumCCE-85557-7 </div><div class="panel-heading"><h3 class="panel-title">Disable SSH Root Login</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_sshd_disable_root_login</td></tr><tr><td>Result</td><td class="rule-result rule-result-fail"><div><abbr title="The target system or system component did not satisfy at least one condition of the rule.">fail</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-sshd_disable_root_login:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:07+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
            <abbr title="https://ncp.nist.gov/cce: CCE-85557-7">CCE-85557-7</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R19)</a>, <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">NT007(R21)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">18</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.5.6</a>, <a href="https://www.isaca.org/resources/cobit">APO01.06</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.10</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.06</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.10</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.5</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000770</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(4)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(b)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(b)(3)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)(2)(ii)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.iso.org/standard/54534.html">A.10.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.18.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.6.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.9.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.5</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-003-8 R5.1.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-003-8 R5.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-004-6 R2.2.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-004-6 R2.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R2.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R2.2</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R2.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.1.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.1.2</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.2</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.3.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.3.2</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.3.3</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(2)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-17(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-2(5)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-7(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-7(b)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-6</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.DS-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-3</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-2.2.4</a>, <a href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">2.2.6</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000109-GPOS-00056</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=application-servers">SRG-APP-000148-CTR-000335</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=application-servers">SRG-APP-000190-CTR-000500</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">SLES-15-020040</a>, <a href="https://www.cisecurity.org/benchmark/suse_linux/">5.2.10</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-234870r622137_rule</a></p></td></tr><tr><td>Description</td><td><div class="description">The root user should never be allowed to login to a
system directly over a network.
To disable root login via SSH, add or correct the following line in


<code>/etc/ssh/sshd_config</code>:

<pre>PermitRootLogin no</pre></div></td></tr><tr><td>Rationale</td><td><div class="rationale">Even though the communications channel may be encrypted, an additional layer of
security is gained by extending the policy of not logging directly on as root.
In addition, logging in with a user-specific account provides individual
accountability of actions performed on the system and also helps to minimize
direct attack attempts on root's password.</div></td></tr><tr class="noprint"><td colspan="2"><div class="remediation"><a class="btn btn-success" data-toggle="collapse" data-target="#id34457" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet â²</a><br><div class="panel-collapse collapse" id="id34457"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Reboot:</th><td>false</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>- name: Disable SSH Root Login
  block:

  - name: Check for duplicate values
    lineinfile:
      path: /etc/ssh/sshd_config
      create: false
      regexp: (?i)^\s*PermitRootLogin\s+
      state: absent
    check_mode: true
    changed_when: false
    register: dupes

  - name: Deduplicate values from /etc/ssh/sshd_config
    lineinfile:
      path: /etc/ssh/sshd_config
      create: false
      regexp: (?i)^\s*PermitRootLogin\s+
      state: absent
    when: dupes.found is defined and dupes.found &gt; 1

  - name: Insert correct line to /etc/ssh/sshd_config
    lineinfile:
      path: /etc/ssh/sshd_config
      create: true
      regexp: (?i)^\s*PermitRootLogin\s+
      line: PermitRootLogin no
      state: present
      insertbefore: ^[#\s]*Match
      validate: /usr/sbin/sshd -t -f %s
  when: ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
  tags:
  - CCE-85557-7
  - CJIS-5.5.6
  - DISA-STIG-SLES-15-020040
  - NIST-800-171-3.1.1
  - NIST-800-171-3.1.5
  - NIST-800-53-AC-17(a)
  - NIST-800-53-AC-6(2)
  - NIST-800-53-CM-6(a)
  - NIST-800-53-CM-7(a)
  - NIST-800-53-CM-7(b)
  - NIST-800-53-IA-2
  - NIST-800-53-IA-2(5)
  - PCI-DSS-Req-2.2.4
  - PCI-DSSv4-2.2.6
  - low_complexity
  - low_disruption
  - medium_severity
  - no_reboot_needed
  - restrict_strategy
  - sshd_disable_root_login
</code></pre></div></div></td></tr><tr class="noprint"><td colspan="2"><div class="remediation"><a class="btn btn-success" data-toggle="collapse" data-target="#id34458" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script â²</a><br><div class="panel-collapse collapse" id="id34458"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Reboot:</th><td>false</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code># Remediation is applicable only in certain platforms
if [ ! -f /.dockerenv ] &amp;&amp; [ ! -f /run/.containerenv ]; then

if [ -e "/etc/ssh/sshd_config" ] ; then
    
    LC_ALL=C sed -i "/^\s*PermitRootLogin\s\+/Id" "/etc/ssh/sshd_config"
else
    touch "/etc/ssh/sshd_config"
fi
# make sure file has newline at the end
sed -i -e '$a\' "/etc/ssh/sshd_config"

cp "/etc/ssh/sshd_config" "/etc/ssh/sshd_config.bak"
# Insert before the line matching the regex '^Match'.
line_number="$(LC_ALL=C grep -n "^Match" "/etc/ssh/sshd_config.bak" | LC_ALL=C sed 's/:.*//g')"
if [ -z "$line_number" ]; then
    # There was no match of '^Match', insert at
    # the end of the file.
    printf '%s\n' "PermitRootLogin no" &gt;&gt; "/etc/ssh/sshd_config"
else
    head -n "$(( line_number - 1 ))" "/etc/ssh/sshd_config.bak" &gt; "/etc/ssh/sshd_config"
    printf '%s\n' "PermitRootLogin no" &gt;&gt; "/etc/ssh/sshd_config"
    tail -n "+$(( line_number ))" "/etc/ssh/sshd_config.bak" &gt;&gt; "/etc/ssh/sshd_config"
fi
# Clean up after ourselves.
rm "/etc/ssh/sshd_config.bak"

else
    &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
fi
</code></pre></div></div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">Verify if Profile set Value sshd_required as not required</span>Â 
        <span class="label label-default">oval:ssg-test_sshd_not_required:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Var ref</th><th>Value</th></tr></thead><tbody><tr><td>oval:ssg-sshd_required:var:1</td><td>0</td></tr></tbody></table><h4><span class="label label-primary">Verify if Value of sshd_required is the default</span>Â 
        <span class="label label-default">oval:ssg-test_sshd_requirement_unset:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Var ref</th><th>Value</th></tr></thead><tbody><tr><td>oval:ssg-sshd_required:var:1</td><td>0</td></tr></tbody></table><h4><span class="label label-primary">package openssh is removed</span>Â 
        <span class="label label-default">oval:ssg-test_package_openssh_removed:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th><th>Arch</th><th>Epoch</th><th>Release</th><th>Version</th><th>Evr</th><th>Signature keyid</th><th>Extended name</th></tr></thead><tbody><tr><td>openssh</td><td>x86_64</td><td>(none)</td><td>150300.3.22.1</td><td>8.4p1</td><td>0:8.4p1-150300.3.22.1</td><td>70af9e8139db7c82</td><td>openssh-0:8.4p1-150300.3.22.1.x86_64</td></tr></tbody></table><h4><span class="label label-primary">Verify if Profile set Value sshd_required as required</span>Â 
        <span class="label label-default">oval:ssg-test_sshd_required:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Var ref</th><th>Value</th></tr></thead><tbody><tr><td>oval:ssg-sshd_required:var:1</td><td>0</td></tr></tbody></table><h4><span class="label label-primary">Verify if Value of sshd_required is the default</span>Â 
        <span class="label label-default">oval:ssg-test_sshd_requirement_unset:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Var ref</th><th>Value</th></tr></thead><tbody><tr><td>oval:ssg-sshd_required:var:1</td><td>0</td></tr></tbody></table><h4><span class="label label-primary">package openssh is installed</span>Â 
        <span class="label label-default">oval:ssg-test_package_openssh_installed:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th><th>Arch</th><th>Epoch</th><th>Release</th><th>Version</th><th>Evr</th><th>Signature keyid</th><th>Extended name</th></tr></thead><tbody><tr><td>openssh</td><td>x86_64</td><td>(none)</td><td>150300.3.22.1</td><td>8.4p1</td><td>0:8.4p1-150300.3.22.1</td><td>70af9e8139db7c82</td><td>openssh-0:8.4p1-150300.3.22.1.x86_64</td></tr></tbody></table><h4><span class="label label-primary">tests the value of PermitRootLogin setting in the /etc/ssh/sshd_config file</span>Â 
        <span class="label label-default">oval:ssg-test_sshd_disable_root_login:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/ssh/sshd_config</td><td>PermitRootLogin prohibit-password</td></tr></tbody></table><h4><span class="label label-primary">Verify that the value of PermitRootLogin is present</span>Â 
        <span class="label label-default">oval:ssg-test_PermitRootLogin_present_sshd_disable_root_login:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/ssh/sshd_config</td><td>PermitRootLogin prohibit-password</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-fail rule-detail-id-xccdf_org.ssgproject.content_rule_sshd_disable_tcp_forwarding" id="rule-detail-id34439"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Disable SSH TCP Forwardingxccdf_org.ssgproject.content_rule_sshd_disable_tcp_forwarding mediumCCE-91334-3 </div><div class="panel-heading"><h3 class="panel-title">Disable SSH TCP Forwarding</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_sshd_disable_tcp_forwarding</td></tr><tr><td>Result</td><td class="rule-result rule-result-fail"><div><abbr title="The target system or system component did not satisfy at least one condition of the rule.">fail</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-sshd_disable_tcp_forwarding:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:07+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
            <abbr title="https://ncp.nist.gov/cce: CCE-91334-3">CCE-91334-3</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
            <a href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">2.2.6</a>, <a href="https://www.cisecurity.org/benchmark/suse_linux/">5.2.20</a></p></td></tr><tr><td>Description</td><td><div class="description">The <code>AllowTcpForwarding</code> parameter specifies whether TCP forwarding is permitted.
To disable TCP forwarding, add or correct the following line in


<code>/etc/ssh/sshd_config</code>:

<pre>AllowTcpForwarding no</pre></div></td></tr><tr><td>Rationale</td><td><div class="rationale">Leaving port forwarding enabled can expose the organization to security risks and back-doors.</div></td></tr><tr class="noprint"><td colspan="2"><div class="remediation"><a class="btn btn-success" data-toggle="collapse" data-target="#id34459" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet â²</a><br><div class="panel-collapse collapse" id="id34459"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Reboot:</th><td>false</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>- name: Disable SSH TCP Forwarding
  block:

  - name: Check for duplicate values
    lineinfile:
      path: /etc/ssh/sshd_config
      create: false
      regexp: (?i)^\s*AllowTcpForwarding\s+
      state: absent
    check_mode: true
    changed_when: false
    register: dupes

  - name: Deduplicate values from /etc/ssh/sshd_config
    lineinfile:
      path: /etc/ssh/sshd_config
      create: false
      regexp: (?i)^\s*AllowTcpForwarding\s+
      state: absent
    when: dupes.found is defined and dupes.found &gt; 1

  - name: Insert correct line to /etc/ssh/sshd_config
    lineinfile:
      path: /etc/ssh/sshd_config
      create: true
      regexp: (?i)^\s*AllowTcpForwarding\s+
      line: AllowTcpForwarding no
      state: present
      insertbefore: ^[#\s]*Match
      validate: /usr/sbin/sshd -t -f %s
  when: ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
  tags:
  - CCE-91334-3
  - PCI-DSSv4-2.2.6
  - low_complexity
  - low_disruption
  - medium_severity
  - no_reboot_needed
  - restrict_strategy
  - sshd_disable_tcp_forwarding
</code></pre></div></div></td></tr><tr class="noprint"><td colspan="2"><div class="remediation"><a class="btn btn-success" data-toggle="collapse" data-target="#id34460" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script â²</a><br><div class="panel-collapse collapse" id="id34460"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Reboot:</th><td>false</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code># Remediation is applicable only in certain platforms
if [ ! -f /.dockerenv ] &amp;&amp; [ ! -f /run/.containerenv ]; then

if [ -e "/etc/ssh/sshd_config" ] ; then
    
    LC_ALL=C sed -i "/^\s*AllowTcpForwarding\s\+/Id" "/etc/ssh/sshd_config"
else
    touch "/etc/ssh/sshd_config"
fi
# make sure file has newline at the end
sed -i -e '$a\' "/etc/ssh/sshd_config"

cp "/etc/ssh/sshd_config" "/etc/ssh/sshd_config.bak"
# Insert before the line matching the regex '^Match'.
line_number="$(LC_ALL=C grep -n "^Match" "/etc/ssh/sshd_config.bak" | LC_ALL=C sed 's/:.*//g')"
if [ -z "$line_number" ]; then
    # There was no match of '^Match', insert at
    # the end of the file.
    printf '%s\n' "AllowTcpForwarding no" &gt;&gt; "/etc/ssh/sshd_config"
else
    head -n "$(( line_number - 1 ))" "/etc/ssh/sshd_config.bak" &gt; "/etc/ssh/sshd_config"
    printf '%s\n' "AllowTcpForwarding no" &gt;&gt; "/etc/ssh/sshd_config"
    tail -n "+$(( line_number ))" "/etc/ssh/sshd_config.bak" &gt;&gt; "/etc/ssh/sshd_config"
fi
# Clean up after ourselves.
rm "/etc/ssh/sshd_config.bak"

else
    &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
fi
</code></pre></div></div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">Verify if Profile set Value sshd_required as not required</span>Â 
        <span class="label label-default">oval:ssg-test_sshd_not_required:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Var ref</th><th>Value</th></tr></thead><tbody><tr><td>oval:ssg-sshd_required:var:1</td><td>0</td></tr></tbody></table><h4><span class="label label-primary">Verify if Value of sshd_required is the default</span>Â 
        <span class="label label-default">oval:ssg-test_sshd_requirement_unset:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Var ref</th><th>Value</th></tr></thead><tbody><tr><td>oval:ssg-sshd_required:var:1</td><td>0</td></tr></tbody></table><h4><span class="label label-primary">package openssh is removed</span>Â 
        <span class="label label-default">oval:ssg-test_package_openssh_removed:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th><th>Arch</th><th>Epoch</th><th>Release</th><th>Version</th><th>Evr</th><th>Signature keyid</th><th>Extended name</th></tr></thead><tbody><tr><td>openssh</td><td>x86_64</td><td>(none)</td><td>150300.3.22.1</td><td>8.4p1</td><td>0:8.4p1-150300.3.22.1</td><td>70af9e8139db7c82</td><td>openssh-0:8.4p1-150300.3.22.1.x86_64</td></tr></tbody></table><h4><span class="label label-primary">Verify if Profile set Value sshd_required as required</span>Â 
        <span class="label label-default">oval:ssg-test_sshd_required:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Var ref</th><th>Value</th></tr></thead><tbody><tr><td>oval:ssg-sshd_required:var:1</td><td>0</td></tr></tbody></table><h4><span class="label label-primary">Verify if Value of sshd_required is the default</span>Â 
        <span class="label label-default">oval:ssg-test_sshd_requirement_unset:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Var ref</th><th>Value</th></tr></thead><tbody><tr><td>oval:ssg-sshd_required:var:1</td><td>0</td></tr></tbody></table><h4><span class="label label-primary">package openssh is installed</span>Â 
        <span class="label label-default">oval:ssg-test_package_openssh_installed:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th><th>Arch</th><th>Epoch</th><th>Release</th><th>Version</th><th>Evr</th><th>Signature keyid</th><th>Extended name</th></tr></thead><tbody><tr><td>openssh</td><td>x86_64</td><td>(none)</td><td>150300.3.22.1</td><td>8.4p1</td><td>0:8.4p1-150300.3.22.1</td><td>70af9e8139db7c82</td><td>openssh-0:8.4p1-150300.3.22.1.x86_64</td></tr></tbody></table><h4><span class="label label-primary">tests the value of AllowTcpForwarding setting in the /etc/ssh/sshd_config file</span>Â 
        <span class="label label-default">oval:ssg-test_sshd_disable_tcp_forwarding:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/ssh/sshd_config</td><td>AllowTcpForwarding yes</td></tr></tbody></table><h4><span class="label label-primary">Verify that the value of AllowTcpForwarding is present</span>Â 
        <span class="label label-default">oval:ssg-test_AllowTcpForwarding_present_sshd_disable_tcp_forwarding:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/ssh/sshd_config</td><td>AllowTcpForwarding yes</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_sshd_disable_user_known_hosts" id="rule-detail-id34440"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Disable SSH Support for User Known Hostsxccdf_org.ssgproject.content_rule_sshd_disable_user_known_hosts mediumCCE-85642-7 </div><div class="panel-heading"><h3 class="panel-title">Disable SSH Support for User Known Hosts</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_sshd_disable_user_known_hosts</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-sshd_disable_user_known_hosts:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:07+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
            <abbr title="https://ncp.nist.gov/cce: CCE-85642-7">CCE-85642-7</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
            <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.02</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.03</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.05</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.12</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(4)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(b)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(b)(3)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)(2)(ii)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.3.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.3.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.5.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.6.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.4</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-17(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-7(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-7(b)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.IP-1</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FIA_UAU.1</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">SLES-15-040230</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-235007r622137_rule</a></p></td></tr><tr><td>Description</td><td><div class="description">SSH can allow system users to connect to systems if a cache of the remote
systems public keys is available.  This should be disabled.
<br><br>
To ensure this behavior is disabled, add or correct the following line in


<code>/etc/ssh/sshd_config</code>:

<pre>IgnoreUserKnownHosts yes</pre></div></td></tr><tr><td>Rationale</td><td><div class="rationale">Configuring this setting for the SSH daemon provides additional
assurance that remote login via SSH will require a password, even
in the event of misconfiguration elsewhere.</div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">Verify if Profile set Value sshd_required as not required</span>Â 
        <span class="label label-default">oval:ssg-test_sshd_not_required:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Var ref</th><th>Value</th></tr></thead><tbody><tr><td>oval:ssg-sshd_required:var:1</td><td>0</td></tr></tbody></table><h4><span class="label label-primary">Verify if Value of sshd_required is the default</span>Â 
        <span class="label label-default">oval:ssg-test_sshd_requirement_unset:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Var ref</th><th>Value</th></tr></thead><tbody><tr><td>oval:ssg-sshd_required:var:1</td><td>0</td></tr></tbody></table><h4><span class="label label-primary">package openssh is removed</span>Â 
        <span class="label label-default">oval:ssg-test_package_openssh_removed:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th><th>Arch</th><th>Epoch</th><th>Release</th><th>Version</th><th>Evr</th><th>Signature keyid</th><th>Extended name</th></tr></thead><tbody><tr><td>openssh</td><td>x86_64</td><td>(none)</td><td>150300.3.22.1</td><td>8.4p1</td><td>0:8.4p1-150300.3.22.1</td><td>70af9e8139db7c82</td><td>openssh-0:8.4p1-150300.3.22.1.x86_64</td></tr></tbody></table><h4><span class="label label-primary">Verify if Profile set Value sshd_required as required</span>Â 
        <span class="label label-default">oval:ssg-test_sshd_required:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Var ref</th><th>Value</th></tr></thead><tbody><tr><td>oval:ssg-sshd_required:var:1</td><td>0</td></tr></tbody></table><h4><span class="label label-primary">Verify if Value of sshd_required is the default</span>Â 
        <span class="label label-default">oval:ssg-test_sshd_requirement_unset:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Var ref</th><th>Value</th></tr></thead><tbody><tr><td>oval:ssg-sshd_required:var:1</td><td>0</td></tr></tbody></table><h4><span class="label label-primary">package openssh is installed</span>Â 
        <span class="label label-default">oval:ssg-test_package_openssh_installed:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th><th>Arch</th><th>Epoch</th><th>Release</th><th>Version</th><th>Evr</th><th>Signature keyid</th><th>Extended name</th></tr></thead><tbody><tr><td>openssh</td><td>x86_64</td><td>(none)</td><td>150300.3.22.1</td><td>8.4p1</td><td>0:8.4p1-150300.3.22.1</td><td>70af9e8139db7c82</td><td>openssh-0:8.4p1-150300.3.22.1.x86_64</td></tr></tbody></table><h4><span class="label label-primary">tests the value of IgnoreUserKnownHosts setting in the /etc/ssh/sshd_config file</span>Â 
        <span class="label label-default">oval:ssg-test_sshd_disable_user_known_hosts:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/ssh/sshd_config</td><td>IgnoreUserKnownHosts yes</td></tr></tbody></table><h4><span class="label label-primary">Verify that the value of IgnoreUserKnownHosts is present</span>Â 
        <span class="label label-default">oval:ssg-test_IgnoreUserKnownHosts_present_sshd_disable_user_known_hosts:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/ssh/sshd_config</td><td>IgnoreUserKnownHosts yes</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_sshd_disable_x11_forwarding" id="rule-detail-id34441"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Disable X11 Forwardingxccdf_org.ssgproject.content_rule_sshd_disable_x11_forwarding mediumCCE-85707-8 </div><div class="panel-heading"><h3 class="panel-title">Disable X11 Forwarding</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_sshd_disable_x11_forwarding</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-sshd_disable_x11_forwarding:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:07+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
            <abbr title="https://ncp.nist.gov/cce: CCE-85707-8">CCE-85707-8</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
            <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6.1(iv)</a>, <a href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">2.2.4</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">SLES-15-040290</a>, <a href="https://www.cisecurity.org/benchmark/suse_linux/">5.2.6</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-235013r622137_rule</a></p></td></tr><tr><td>Description</td><td><div class="description">The X11Forwarding parameter provides the ability to tunnel X11 traffic
through the connection to enable remote graphic connections.
SSH has the capability to encrypt remote X11 connections when SSH's
<code>X11Forwarding</code> option is enabled.
<br>
The default SSH configuration disables X11Forwarding. The appropriate
configuration is used if no value is set for <code>X11Forwarding</code>.
<br>
To explicitly disable X11 Forwarding, add or correct the following line in


<code>/etc/ssh/sshd_config</code>:

<pre>X11Forwarding no</pre></div></td></tr><tr><td>Rationale</td><td><div class="rationale">Disable X11 forwarding unless there is an operational requirement to use X11
applications directly. There is a small risk that the remote X11 servers of
users who are logged in via SSH with X11 forwarding could be compromised by
other users on the X11 server. Note that even if X11 forwarding is disabled,
users can always install their own forwarders.</div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">Verify if Profile set Value sshd_required as not required</span>Â 
        <span class="label label-default">oval:ssg-test_sshd_not_required:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Var ref</th><th>Value</th></tr></thead><tbody><tr><td>oval:ssg-sshd_required:var:1</td><td>0</td></tr></tbody></table><h4><span class="label label-primary">Verify if Value of sshd_required is the default</span>Â 
        <span class="label label-default">oval:ssg-test_sshd_requirement_unset:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Var ref</th><th>Value</th></tr></thead><tbody><tr><td>oval:ssg-sshd_required:var:1</td><td>0</td></tr></tbody></table><h4><span class="label label-primary">package openssh is removed</span>Â 
        <span class="label label-default">oval:ssg-test_package_openssh_removed:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th><th>Arch</th><th>Epoch</th><th>Release</th><th>Version</th><th>Evr</th><th>Signature keyid</th><th>Extended name</th></tr></thead><tbody><tr><td>openssh</td><td>x86_64</td><td>(none)</td><td>150300.3.22.1</td><td>8.4p1</td><td>0:8.4p1-150300.3.22.1</td><td>70af9e8139db7c82</td><td>openssh-0:8.4p1-150300.3.22.1.x86_64</td></tr></tbody></table><h4><span class="label label-primary">Verify if Profile set Value sshd_required as required</span>Â 
        <span class="label label-default">oval:ssg-test_sshd_required:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Var ref</th><th>Value</th></tr></thead><tbody><tr><td>oval:ssg-sshd_required:var:1</td><td>0</td></tr></tbody></table><h4><span class="label label-primary">Verify if Value of sshd_required is the default</span>Â 
        <span class="label label-default">oval:ssg-test_sshd_requirement_unset:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Var ref</th><th>Value</th></tr></thead><tbody><tr><td>oval:ssg-sshd_required:var:1</td><td>0</td></tr></tbody></table><h4><span class="label label-primary">package openssh is installed</span>Â 
        <span class="label label-default">oval:ssg-test_package_openssh_installed:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th><th>Arch</th><th>Epoch</th><th>Release</th><th>Version</th><th>Evr</th><th>Signature keyid</th><th>Extended name</th></tr></thead><tbody><tr><td>openssh</td><td>x86_64</td><td>(none)</td><td>150300.3.22.1</td><td>8.4p1</td><td>0:8.4p1-150300.3.22.1</td><td>70af9e8139db7c82</td><td>openssh-0:8.4p1-150300.3.22.1.x86_64</td></tr></tbody></table><h4><span class="label label-primary">tests the value of X11Forwarding setting in the /etc/ssh/sshd_config file</span>Â 
        <span class="label label-default">oval:ssg-test_sshd_disable_x11_forwarding:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/ssh/sshd_config</td><td>X11Forwarding no</td></tr></tbody></table><h4><span class="label label-primary">Verify that the value of X11Forwarding is present</span>Â 
        <span class="label label-default">oval:ssg-test_X11Forwarding_present_sshd_disable_x11_forwarding:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/ssh/sshd_config</td><td>X11Forwarding no</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_sshd_enable_warning_banner" id="rule-detail-id34442"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Enable SSH Warning Bannerxccdf_org.ssgproject.content_rule_sshd_enable_warning_banner mediumCCE-83263-4 </div><div class="panel-heading"><h3 class="panel-title">Enable SSH Warning Banner</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_sshd_enable_warning_banner</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-sshd_enable_warning_banner:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:07+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
            <abbr title="https://ncp.nist.gov/cce: CCE-83263-4">CCE-83263-4</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.5.6</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.10</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.10</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.9</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000048</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000050</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001384</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001385</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001386</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001387</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001388</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(4)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(b)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(b)(3)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)(2)(ii)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.9</a>, <a href="https://www.iso.org/standard/54534.html">A.18.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.3</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-8(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-8(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-17(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-7</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FTA_TAB.1</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-2.2.4</a>, <a href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">2.2.6</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000023-GPOS-00006</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000228-GPOS-00088</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">SLES-15-010040</a>, <a href="https://www.cisecurity.org/benchmark/suse_linux/">5.2.18</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-234805r622137_rule</a></p></td></tr><tr><td>Description</td><td><div class="description">To enable the warning banner and ensure it is consistent
across the system, add or correct the following line in


<code>/etc/ssh/sshd_config</code>:

<pre>Banner /etc/issue</pre>
Another section contains information on how to create an
appropriate system-wide warning banner.</div></td></tr><tr><td>Rationale</td><td><div class="rationale">The warning message reinforces policy awareness during the logon process and
facilitates possible legal action against attackers. Alternatively, systems
whose ownership should not be obvious should ensure usage of a banner that does
not provide easy attribution.</div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">Verify if Profile set Value sshd_required as not required</span>Â 
        <span class="label label-default">oval:ssg-test_sshd_not_required:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Var ref</th><th>Value</th></tr></thead><tbody><tr><td>oval:ssg-sshd_required:var:1</td><td>0</td></tr></tbody></table><h4><span class="label label-primary">Verify if Value of sshd_required is the default</span>Â 
        <span class="label label-default">oval:ssg-test_sshd_requirement_unset:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Var ref</th><th>Value</th></tr></thead><tbody><tr><td>oval:ssg-sshd_required:var:1</td><td>0</td></tr></tbody></table><h4><span class="label label-primary">package openssh is removed</span>Â 
        <span class="label label-default">oval:ssg-test_package_openssh_removed:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th><th>Arch</th><th>Epoch</th><th>Release</th><th>Version</th><th>Evr</th><th>Signature keyid</th><th>Extended name</th></tr></thead><tbody><tr><td>openssh</td><td>x86_64</td><td>(none)</td><td>150300.3.22.1</td><td>8.4p1</td><td>0:8.4p1-150300.3.22.1</td><td>70af9e8139db7c82</td><td>openssh-0:8.4p1-150300.3.22.1.x86_64</td></tr></tbody></table><h4><span class="label label-primary">Verify if Profile set Value sshd_required as required</span>Â 
        <span class="label label-default">oval:ssg-test_sshd_required:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Var ref</th><th>Value</th></tr></thead><tbody><tr><td>oval:ssg-sshd_required:var:1</td><td>0</td></tr></tbody></table><h4><span class="label label-primary">Verify if Value of sshd_required is the default</span>Â 
        <span class="label label-default">oval:ssg-test_sshd_requirement_unset:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Var ref</th><th>Value</th></tr></thead><tbody><tr><td>oval:ssg-sshd_required:var:1</td><td>0</td></tr></tbody></table><h4><span class="label label-primary">package openssh is installed</span>Â 
        <span class="label label-default">oval:ssg-test_package_openssh_installed:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th><th>Arch</th><th>Epoch</th><th>Release</th><th>Version</th><th>Evr</th><th>Signature keyid</th><th>Extended name</th></tr></thead><tbody><tr><td>openssh</td><td>x86_64</td><td>(none)</td><td>150300.3.22.1</td><td>8.4p1</td><td>0:8.4p1-150300.3.22.1</td><td>70af9e8139db7c82</td><td>openssh-0:8.4p1-150300.3.22.1.x86_64</td></tr></tbody></table><h4><span class="label label-primary">tests the value of Banner setting in the /etc/ssh/sshd_config file</span>Â 
        <span class="label label-default">oval:ssg-test_sshd_enable_warning_banner:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/ssh/sshd_config</td><td>Banner /etc/issue</td></tr></tbody></table><h4><span class="label label-primary">Verify that the value of Banner is present</span>Â 
        <span class="label label-default">oval:ssg-test_Banner_present_sshd_enable_warning_banner:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/ssh/sshd_config</td><td>Banner /etc/issue</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_sshd_set_login_grace_time" id="rule-detail-id34443"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Ensure SSH LoginGraceTime is configuredxccdf_org.ssgproject.content_rule_sshd_set_login_grace_time mediumCCE-91397-0 </div><div class="panel-heading"><h3 class="panel-title">Ensure SSH LoginGraceTime is configured</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_sshd_set_login_grace_time</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-sshd_set_login_grace_time:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:07+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
            <abbr title="https://ncp.nist.gov/cce: CCE-91397-0">CCE-91397-0</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
            <a href="https://www.cisecurity.org/benchmark/suse_linux/">5.2.17</a></p></td></tr><tr><td>Description</td><td><div class="description">The <code>LoginGraceTime</code> parameter to the SSH server specifies the time allowed for successful authentication to
the SSH server. The longer the Grace period is the more open unauthenticated connections
can exist. Like other session controls in this session the Grace Period should be limited to
appropriate limits to ensure the service is available for needed access.</div></td></tr><tr><td>Rationale</td><td><div class="rationale">Setting the <code>LoginGraceTime</code> parameter to a low number will minimize the risk of successful
brute force attacks to the SSH server. It will also limit the number of concurrent
unauthenticated connections.</div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">Verify if Profile set Value sshd_required as not required</span>Â 
        <span class="label label-default">oval:ssg-test_sshd_not_required:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Var ref</th><th>Value</th></tr></thead><tbody><tr><td>oval:ssg-sshd_required:var:1</td><td>0</td></tr></tbody></table><h4><span class="label label-primary">Verify if Value of sshd_required is the default</span>Â 
        <span class="label label-default">oval:ssg-test_sshd_requirement_unset:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Var ref</th><th>Value</th></tr></thead><tbody><tr><td>oval:ssg-sshd_required:var:1</td><td>0</td></tr></tbody></table><h4><span class="label label-primary">package openssh is removed</span>Â 
        <span class="label label-default">oval:ssg-test_package_openssh_removed:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th><th>Arch</th><th>Epoch</th><th>Release</th><th>Version</th><th>Evr</th><th>Signature keyid</th><th>Extended name</th></tr></thead><tbody><tr><td>openssh</td><td>x86_64</td><td>(none)</td><td>150300.3.22.1</td><td>8.4p1</td><td>0:8.4p1-150300.3.22.1</td><td>70af9e8139db7c82</td><td>openssh-0:8.4p1-150300.3.22.1.x86_64</td></tr></tbody></table><h4><span class="label label-primary">Verify if Profile set Value sshd_required as required</span>Â 
        <span class="label label-default">oval:ssg-test_sshd_required:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Var ref</th><th>Value</th></tr></thead><tbody><tr><td>oval:ssg-sshd_required:var:1</td><td>0</td></tr></tbody></table><h4><span class="label label-primary">Verify if Value of sshd_required is the default</span>Â 
        <span class="label label-default">oval:ssg-test_sshd_requirement_unset:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Var ref</th><th>Value</th></tr></thead><tbody><tr><td>oval:ssg-sshd_required:var:1</td><td>0</td></tr></tbody></table><h4><span class="label label-primary">package openssh is installed</span>Â 
        <span class="label label-default">oval:ssg-test_package_openssh_installed:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th><th>Arch</th><th>Epoch</th><th>Release</th><th>Version</th><th>Evr</th><th>Signature keyid</th><th>Extended name</th></tr></thead><tbody><tr><td>openssh</td><td>x86_64</td><td>(none)</td><td>150300.3.22.1</td><td>8.4p1</td><td>0:8.4p1-150300.3.22.1</td><td>70af9e8139db7c82</td><td>openssh-0:8.4p1-150300.3.22.1.x86_64</td></tr></tbody></table><h4><span class="label label-primary">LoginGraceTime is configured</span>Â 
        <span class="label label-default">oval:ssg-test_sshd_login_grace_time:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/ssh/sshd_config</td><td>LoginGraceTime 60</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_sshd_set_loglevel_verbose" id="rule-detail-id34444"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Set SSH Daemon LogLevel to VERBOSExccdf_org.ssgproject.content_rule_sshd_set_loglevel_verbose mediumCCE-83270-9 </div><div class="panel-heading"><h3 class="panel-title">Set SSH Daemon LogLevel to VERBOSE</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_sshd_set_loglevel_verbose</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-sshd_set_loglevel_verbose:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:07+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
            <abbr title="https://ncp.nist.gov/cce: CCE-83270-9">CCE-83270-9</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
            <a href="https://public.cyber.mil/stigs/cci/">CCI-000067</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R7.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-17(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-17(1)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-2.2.4</a>, <a href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">2.2.6</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000032-GPOS-00013</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">SLES-15-010150</a>, <a href="https://www.cisecurity.org/benchmark/suse_linux/">5.2.5</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-234815r622137_rule</a></p></td></tr><tr><td>Description</td><td><div class="description">The <code>VERBOSE</code> parameter configures the SSH daemon to record login and logout activity.
To specify the log level in
SSH, add or correct the following line in


<code>/etc/ssh/sshd_config</code>:

<pre>LogLevel VERBOSE</pre></div></td></tr><tr><td>Rationale</td><td><div class="rationale">SSH provides several logging levels with varying amounts of verbosity. <code>DEBUG</code> is specifically
not recommended other than strictly for debugging SSH communications since it provides
so much data that it is difficult to identify important security information. <code>INFO</code> or
<code>VERBOSE</code> level is the basic level that only records login activity of SSH users. In many
situations, such as Incident Response, it is important to determine when a particular user was active
on a system. The logout record can eliminate those users who disconnected, which helps narrow the
field.</div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">Verify if Profile set Value sshd_required as not required</span>Â 
        <span class="label label-default">oval:ssg-test_sshd_not_required:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Var ref</th><th>Value</th></tr></thead><tbody><tr><td>oval:ssg-sshd_required:var:1</td><td>0</td></tr></tbody></table><h4><span class="label label-primary">Verify if Value of sshd_required is the default</span>Â 
        <span class="label label-default">oval:ssg-test_sshd_requirement_unset:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Var ref</th><th>Value</th></tr></thead><tbody><tr><td>oval:ssg-sshd_required:var:1</td><td>0</td></tr></tbody></table><h4><span class="label label-primary">package openssh is removed</span>Â 
        <span class="label label-default">oval:ssg-test_package_openssh_removed:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th><th>Arch</th><th>Epoch</th><th>Release</th><th>Version</th><th>Evr</th><th>Signature keyid</th><th>Extended name</th></tr></thead><tbody><tr><td>openssh</td><td>x86_64</td><td>(none)</td><td>150300.3.22.1</td><td>8.4p1</td><td>0:8.4p1-150300.3.22.1</td><td>70af9e8139db7c82</td><td>openssh-0:8.4p1-150300.3.22.1.x86_64</td></tr></tbody></table><h4><span class="label label-primary">Verify if Profile set Value sshd_required as required</span>Â 
        <span class="label label-default">oval:ssg-test_sshd_required:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Var ref</th><th>Value</th></tr></thead><tbody><tr><td>oval:ssg-sshd_required:var:1</td><td>0</td></tr></tbody></table><h4><span class="label label-primary">Verify if Value of sshd_required is the default</span>Â 
        <span class="label label-default">oval:ssg-test_sshd_requirement_unset:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Var ref</th><th>Value</th></tr></thead><tbody><tr><td>oval:ssg-sshd_required:var:1</td><td>0</td></tr></tbody></table><h4><span class="label label-primary">package openssh is installed</span>Â 
        <span class="label label-default">oval:ssg-test_package_openssh_installed:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th><th>Arch</th><th>Epoch</th><th>Release</th><th>Version</th><th>Evr</th><th>Signature keyid</th><th>Extended name</th></tr></thead><tbody><tr><td>openssh</td><td>x86_64</td><td>(none)</td><td>150300.3.22.1</td><td>8.4p1</td><td>0:8.4p1-150300.3.22.1</td><td>70af9e8139db7c82</td><td>openssh-0:8.4p1-150300.3.22.1.x86_64</td></tr></tbody></table><h4><span class="label label-primary">tests the value of LogLevel setting in the /etc/ssh/sshd_config file</span>Â 
        <span class="label label-default">oval:ssg-test_sshd_set_loglevel_verbose:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/ssh/sshd_config</td><td>LogLevel VERBOSE</td></tr></tbody></table><h4><span class="label label-primary">Verify that the value of LogLevel is present</span>Â 
        <span class="label label-default">oval:ssg-test_LogLevel_present_sshd_set_loglevel_verbose:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/ssh/sshd_config</td><td>LogLevel VERBOSE</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_sshd_set_max_auth_tries" id="rule-detail-id34445"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Set SSH authentication attempt limitxccdf_org.ssgproject.content_rule_sshd_set_max_auth_tries mediumCCE-91332-7 </div><div class="panel-heading"><h3 class="panel-title">Set SSH authentication attempt limit</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_sshd_set_max_auth_tries</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-sshd_set_max_auth_tries:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:07+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
            <abbr title="https://ncp.nist.gov/cce: CCE-91332-7">CCE-91332-7</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
            <a href="https://www.cyber.gov.au/acsc/view-all-content/ism">0421</a>, <a href="https://www.cyber.gov.au/acsc/view-all-content/ism">0422</a>, <a href="https://www.cyber.gov.au/acsc/view-all-content/ism">0431</a>, <a href="https://www.cyber.gov.au/acsc/view-all-content/ism">0974</a>, <a href="https://www.cyber.gov.au/acsc/view-all-content/ism">1173</a>, <a href="https://www.cyber.gov.au/acsc/view-all-content/ism">1401</a>, <a href="https://www.cyber.gov.au/acsc/view-all-content/ism">1504</a>, <a href="https://www.cyber.gov.au/acsc/view-all-content/ism">1505</a>, <a href="https://www.cyber.gov.au/acsc/view-all-content/ism">1546</a>, <a href="https://www.cyber.gov.au/acsc/view-all-content/ism">1557</a>, <a href="https://www.cyber.gov.au/acsc/view-all-content/ism">1558</a>, <a href="https://www.cyber.gov.au/acsc/view-all-content/ism">1559</a>, <a href="https://www.cyber.gov.au/acsc/view-all-content/ism">1560</a>, <a href="https://www.cyber.gov.au/acsc/view-all-content/ism">1561</a>, <a href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">2.2.6</a>, <a href="https://www.cisecurity.org/benchmark/suse_linux/">5.2.7</a></p></td></tr><tr><td>Description</td><td><div class="description">The <code>MaxAuthTries</code> parameter specifies the maximum number of authentication attempts
permitted per connection. Once the number of failures reaches half this value, additional failures are logged.
to set MaxAUthTries edit <code>/etc/ssh/sshd_config</code> as follows:
<pre>MaxAuthTries <abbr title="from TestResult: xccdf_org.ssgproject.content_value_sshd_max_auth_tries_value">4</abbr></pre></div></td></tr><tr><td>Rationale</td><td><div class="rationale">Setting the MaxAuthTries parameter to a low number will minimize the risk of successful
brute force attacks to the SSH server.</div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">Verify if Profile set Value sshd_required as not required</span>Â 
        <span class="label label-default">oval:ssg-test_sshd_not_required:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Var ref</th><th>Value</th></tr></thead><tbody><tr><td>oval:ssg-sshd_required:var:1</td><td>0</td></tr></tbody></table><h4><span class="label label-primary">Verify if Value of sshd_required is the default</span>Â 
        <span class="label label-default">oval:ssg-test_sshd_requirement_unset:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Var ref</th><th>Value</th></tr></thead><tbody><tr><td>oval:ssg-sshd_required:var:1</td><td>0</td></tr></tbody></table><h4><span class="label label-primary">package openssh-server is removed</span>Â 
        <span class="label label-default">oval:ssg-test_package_openssh-server_removed:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th><th>Arch</th><th>Epoch</th><th>Release</th><th>Version</th><th>Evr</th><th>Signature keyid</th><th>Extended name</th></tr></thead><tbody><tr><td>openssh-server</td><td>x86_64</td><td>(none)</td><td>150300.3.22.1</td><td>8.4p1</td><td>0:8.4p1-150300.3.22.1</td><td>70af9e8139db7c82</td><td>openssh-server-0:8.4p1-150300.3.22.1.x86_64</td></tr></tbody></table><h4><span class="label label-primary">Verify if Profile set Value sshd_required as required</span>Â 
        <span class="label label-default">oval:ssg-test_sshd_required:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Var ref</th><th>Value</th></tr></thead><tbody><tr><td>oval:ssg-sshd_required:var:1</td><td>0</td></tr></tbody></table><h4><span class="label label-primary">Verify if Value of sshd_required is the default</span>Â 
        <span class="label label-default">oval:ssg-test_sshd_requirement_unset:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Var ref</th><th>Value</th></tr></thead><tbody><tr><td>oval:ssg-sshd_required:var:1</td><td>0</td></tr></tbody></table><h4><span class="label label-primary">package openssh-server is installed</span>Â 
        <span class="label label-default">oval:ssg-test_package_openssh-server_installed:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th><th>Arch</th><th>Epoch</th><th>Release</th><th>Version</th><th>Evr</th><th>Signature keyid</th><th>Extended name</th></tr></thead><tbody><tr><td>openssh-server</td><td>x86_64</td><td>(none)</td><td>150300.3.22.1</td><td>8.4p1</td><td>0:8.4p1-150300.3.22.1</td><td>70af9e8139db7c82</td><td>openssh-server-0:8.4p1-150300.3.22.1.x86_64</td></tr></tbody></table><h4><span class="label label-primary">maxauthtries is configured</span>Â 
        <span class="label label-default">oval:ssg-test_sshd_max_auth_tries:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/ssh/sshd_config</td><td>MaxAuthTries 4</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_sshd_set_max_sessions" id="rule-detail-id34446"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Set SSH MaxSessions limitxccdf_org.ssgproject.content_rule_sshd_set_max_sessions mediumCCE-91309-5 </div><div class="panel-heading"><h3 class="panel-title">Set SSH MaxSessions limit</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_sshd_set_max_sessions</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-sshd_set_max_sessions:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:07+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
            <abbr title="https://ncp.nist.gov/cce: CCE-91309-5">CCE-91309-5</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
            <a href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">2.2.6</a>, <a href="https://www.cisecurity.org/benchmark/suse_linux/">5.2.22</a></p></td></tr><tr><td>Description</td><td><div class="description">The <code>MaxSessions</code> parameter specifies the maximum number of open sessions permitted
from a given connection. To set MaxSessions edit
<code>/etc/ssh/sshd_config</code> as follows: <pre>MaxSessions <abbr title="from TestResult: xccdf_org.ssgproject.content_value_var_sshd_max_sessions">10</abbr></pre></div></td></tr><tr><td>Rationale</td><td><div class="rationale">To protect a system from denial of service due to a large number of concurrent
sessions, use the rate limiting function of MaxSessions to protect availability
of sshd logins and prevent overwhelming the daemon.</div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">Verify if Profile set Value sshd_required as not required</span>Â 
        <span class="label label-default">oval:ssg-test_sshd_not_required:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Var ref</th><th>Value</th></tr></thead><tbody><tr><td>oval:ssg-sshd_required:var:1</td><td>0</td></tr></tbody></table><h4><span class="label label-primary">Verify if Value of sshd_required is the default</span>Â 
        <span class="label label-default">oval:ssg-test_sshd_requirement_unset:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Var ref</th><th>Value</th></tr></thead><tbody><tr><td>oval:ssg-sshd_required:var:1</td><td>0</td></tr></tbody></table><h4><span class="label label-primary">package openssh is removed</span>Â 
        <span class="label label-default">oval:ssg-test_package_openssh_removed:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th><th>Arch</th><th>Epoch</th><th>Release</th><th>Version</th><th>Evr</th><th>Signature keyid</th><th>Extended name</th></tr></thead><tbody><tr><td>openssh</td><td>x86_64</td><td>(none)</td><td>150300.3.22.1</td><td>8.4p1</td><td>0:8.4p1-150300.3.22.1</td><td>70af9e8139db7c82</td><td>openssh-0:8.4p1-150300.3.22.1.x86_64</td></tr></tbody></table><h4><span class="label label-primary">Verify if Profile set Value sshd_required as required</span>Â 
        <span class="label label-default">oval:ssg-test_sshd_required:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Var ref</th><th>Value</th></tr></thead><tbody><tr><td>oval:ssg-sshd_required:var:1</td><td>0</td></tr></tbody></table><h4><span class="label label-primary">Verify if Value of sshd_required is the default</span>Â 
        <span class="label label-default">oval:ssg-test_sshd_requirement_unset:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Var ref</th><th>Value</th></tr></thead><tbody><tr><td>oval:ssg-sshd_required:var:1</td><td>0</td></tr></tbody></table><h4><span class="label label-primary">package openssh is installed</span>Â 
        <span class="label label-default">oval:ssg-test_package_openssh_installed:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th><th>Arch</th><th>Epoch</th><th>Release</th><th>Version</th><th>Evr</th><th>Signature keyid</th><th>Extended name</th></tr></thead><tbody><tr><td>openssh</td><td>x86_64</td><td>(none)</td><td>150300.3.22.1</td><td>8.4p1</td><td>0:8.4p1-150300.3.22.1</td><td>70af9e8139db7c82</td><td>openssh-0:8.4p1-150300.3.22.1.x86_64</td></tr></tbody></table><h4><span class="label label-primary">maxsessions is configured</span>Â 
        <span class="label label-default">oval:ssg-test_sshd_max_sessions:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/ssh/sshd_config</td><td>MaxSessions 10</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_sshd_set_maxstartups" id="rule-detail-id34447"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Ensure SSH MaxStartups is configuredxccdf_org.ssgproject.content_rule_sshd_set_maxstartups mediumCCE-91308-7 </div><div class="panel-heading"><h3 class="panel-title">Ensure SSH MaxStartups is configured</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_sshd_set_maxstartups</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-sshd_set_maxstartups:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:07+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
            <abbr title="https://ncp.nist.gov/cce: CCE-91308-7">CCE-91308-7</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
            <a href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">2.2.6</a>, <a href="https://www.cisecurity.org/benchmark/suse_linux/">5.2.21</a></p></td></tr><tr><td>Description</td><td><div class="description">The MaxStartups parameter specifies the maximum number of concurrent
unauthenticated connections to the SSH daemon. Additional connections will be
dropped until authentication succeeds or the LoginGraceTime expires for a
connection. To confgure MaxStartups, you should add or correct the following
line in the
<code>/etc/ssh/sshd_config</code> file:
<pre>MaxStartups <abbr title="from TestResult: xccdf_org.ssgproject.content_value_var_sshd_set_maxstartups">10:30:100</abbr></pre>
CIS recommends a MaxStartups value of '10:30:60', or more restrictive where
dictated by site policy.</div></td></tr><tr><td>Rationale</td><td><div class="rationale">To protect a system from denial of service due to a large number of pending
authentication connection attempts, use the rate limiting function of MaxStartups
to protect availability of sshd logins and prevent overwhelming the daemon.</div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">Verify if Profile set Value sshd_required as not required</span>Â 
        <span class="label label-default">oval:ssg-test_sshd_not_required:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Var ref</th><th>Value</th></tr></thead><tbody><tr><td>oval:ssg-sshd_required:var:1</td><td>0</td></tr></tbody></table><h4><span class="label label-primary">Verify if Value of sshd_required is the default</span>Â 
        <span class="label label-default">oval:ssg-test_sshd_requirement_unset:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Var ref</th><th>Value</th></tr></thead><tbody><tr><td>oval:ssg-sshd_required:var:1</td><td>0</td></tr></tbody></table><h4><span class="label label-primary">package openssh is removed</span>Â 
        <span class="label label-default">oval:ssg-test_package_openssh_removed:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th><th>Arch</th><th>Epoch</th><th>Release</th><th>Version</th><th>Evr</th><th>Signature keyid</th><th>Extended name</th></tr></thead><tbody><tr><td>openssh</td><td>x86_64</td><td>(none)</td><td>150300.3.22.1</td><td>8.4p1</td><td>0:8.4p1-150300.3.22.1</td><td>70af9e8139db7c82</td><td>openssh-0:8.4p1-150300.3.22.1.x86_64</td></tr></tbody></table><h4><span class="label label-primary">SSH MaxStartups start parameter is less than or equal to 10</span>Â 
        <span class="label label-default">oval:ssg-tst_maxstartups_start_parameter:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/ssh/sshd_config</td><td>MaxStartups 10:30:100</td></tr></tbody></table><h4><span class="label label-primary">SSH MaxStartups rate parameter is greater than or equal to 30</span>Â 
        <span class="label label-default">oval:ssg-tst_maxstartups_rate_parameter:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/ssh/sshd_config</td><td>MaxStartups 10:30:100</td></tr></tbody></table><h4><span class="label label-primary">SSH MaxStartups full parameter is less than or equal to 100</span>Â 
        <span class="label label-default">oval:ssg-tst_maxstartups_full_parameter:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/ssh/sshd_config</td><td>MaxStartups 10:30:100</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_sshd_use_approved_ciphers" id="rule-detail-id34448"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Use Only FIPS 140-2 Validated Ciphersxccdf_org.ssgproject.content_rule_sshd_use_approved_ciphers mediumCCE-91337-6 </div><div class="panel-heading"><h3 class="panel-title">Use Only FIPS 140-2 Validated Ciphers</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_sshd_use_approved_ciphers</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-sshd_use_approved_ciphers:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:07+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
            <abbr title="https://ncp.nist.gov/cce: CCE-91337-6">CCE-91337-6</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">18</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.5.6</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.02</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.03</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.10</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.06</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.10</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.13</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.13.11</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.13.8</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000068</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000803</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000877</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002890</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-003123</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(b)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(b)(2)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)(2)(ii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.314(b)(2)(i)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.3.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.3.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.5.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.6.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.18.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.6.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.9.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.5</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-17(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-17(2)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">SC-13</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">MA-4(6)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(1)(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">SC-12(2)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">SC-12(3)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-6</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.IP-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">2.2.7</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000033-GPOS-00014</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000120-GPOS-00061</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000125-GPOS-00065</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000250-GPOS-00093</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000393-GPOS-00173</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000394-GPOS-00174</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">SLES-15-010160</a>, <a href="https://www.cisecurity.org/benchmark/suse_linux/">5.2.13</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-234816r744125_rule</a></p></td></tr><tr><td>Description</td><td><div class="description">Limit the ciphers to those algorithms which are FIPS-approved.
Counter (CTR) mode is also preferred over cipher-block chaining (CBC) mode.
The following line in <code>/etc/ssh/sshd_config</code>
demonstrates use of FIPS-approved ciphers:
<pre>Ciphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc</pre>
The man page <code>sshd_config(5)</code> contains a list of supported ciphers.

The rule is parametrized to use the following ciphers: <code><abbr title="from TestResult: xccdf_org.ssgproject.content_value_sshd_approved_ciphers">aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se</abbr></code>.</div></td></tr><tr><td>Rationale</td><td><div class="rationale">Unapproved mechanisms that are used for authentication to the cryptographic module are not verified and therefore
cannot be relied upon to provide confidentiality or integrity, and system data may be compromised.
<br>
Operating systems utilizing encryption are required to use FIPS-compliant mechanisms for authenticating to
cryptographic modules.
<br>
FIPS 140-2 is the current standard for validating that mechanisms used to access cryptographic modules
utilize authentication that meets industry and government requirements. For government systems, this allows
Security Levels 1, 2, 3, or 4 for use on SUSE Linux Enterprise 15.</div></td></tr><tr><td>Warnings</td><td><div class="panel panel-warning"><div class="panel-heading"><span class="label label-warning">warning</span>Â 
                                The system needs to be rebooted for these changes to take effect.</div></div><div class="panel panel-warning"><div class="panel-heading"><span class="label label-warning">warning</span>Â 
                                System Crypto Modules must be provided by a vendor that undergoes
FIPS-140 certifications.
FIPS-140 is applicable to all Federal agencies that use
cryptographic-based security systems to protect sensitive information
in computer and telecommunication systems (including voice systems) as
defined in Section 5131 of the Information Technology Management Reform
Act of 1996, Public Law 104-106. This standard shall be used in
designing and implementing cryptographic modules that Federal
departments and agencies operate or are operated for them under
contract. See <b><a href="https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.140-2.pdf">https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.140-2.pdf</a></b>
To meet this, the system has to have cryptographic software provided by
a vendor that has undergone this certification. This means providing
documentation, test results, design information, and independent third
party review by an accredited lab. While open source software is
capable of meeting this, it does not meet FIPS-140 unless the vendor
submits to this process.</div></div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">installed OS part of unix family</span>Â 
        <span class="label label-default">oval:ssg-test_rhel7_unix_family:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">installed OS part of unix family</span>Â 
        <span class="label label-default">oval:ssg-test_rhel7_unix_family:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhel7_unix_family:obj:1</abbr></strong> of type
                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">redhat-release-client is version 7</span>Â 
        <span class="label label-default">oval:ssg-test_rhel7_client:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhel7_client:obj:1</abbr></strong> of type
                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>redhat-release-client</td></tr></tbody></table><h4><span class="label label-primary">redhat-release-client is version 7</span>Â 
        <span class="label label-default">oval:ssg-test_rhel7_client:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhel7_client:obj:1</abbr></strong> of type
                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>redhat-release-client</td></tr></tbody></table><h4><span class="label label-primary">redhat-release-workstation is version 7</span>Â 
        <span class="label label-default">oval:ssg-test_rhel7_workstation:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhel7_workstation:obj:1</abbr></strong> of type
                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>redhat-release-workstation</td></tr></tbody></table><h4><span class="label label-primary">redhat-release-workstation is version 7</span>Â 
        <span class="label label-default">oval:ssg-test_rhel7_workstation:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhel7_workstation:obj:1</abbr></strong> of type
                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>redhat-release-workstation</td></tr></tbody></table><h4><span class="label label-primary">redhat-release-server is version 7</span>Â 
        <span class="label label-default">oval:ssg-test_rhel7_server:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhel7_server:obj:1</abbr></strong> of type
                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>redhat-release-server</td></tr></tbody></table><h4><span class="label label-primary">redhat-release-server is version 7</span>Â 
        <span class="label label-default">oval:ssg-test_rhel7_server:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhel7_server:obj:1</abbr></strong> of type
                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>redhat-release-server</td></tr></tbody></table><h4><span class="label label-primary">redhat-release-computenode is version 7</span>Â 
        <span class="label label-default">oval:ssg-test_rhel7_computenode:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhel7_computenode:obj:1</abbr></strong> of type
                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>redhat-release-computenode</td></tr></tbody></table><h4><span class="label label-primary">redhat-release-computenode is version 7</span>Â 
        <span class="label label-default">oval:ssg-test_rhel7_computenode:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhel7_computenode:obj:1</abbr></strong> of type
                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>redhat-release-computenode</td></tr></tbody></table><h4><span class="label label-primary">redhat-release-virtualization-host RPM package is installed</span>Â 
        <span class="label label-default">oval:ssg-test_rhvh4_version:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhvh4_version:obj:1</abbr></strong> of type
                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>redhat-release-virtualization-host</td></tr></tbody></table><h4><span class="label label-primary">redhat-release-virtualization-host RPM package is installed</span>Â 
        <span class="label label-default">oval:ssg-test_rhvh4_version:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhvh4_version:obj:1</abbr></strong> of type
                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>redhat-release-virtualization-host</td></tr></tbody></table><h4><span class="label label-primary">RHEVH base RHEL is version 7</span>Â 
        <span class="label label-default">oval:ssg-test_rhevh_rhel7_version:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhevh_rhel7_version:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/redhat-release</td><td>^Red Hat Enterprise Linux release (\d)\.\d+$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">RHEVH base RHEL is version 7</span>Â 
        <span class="label label-default">oval:ssg-test_rhevh_rhel7_version:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhevh_rhel7_version:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/redhat-release</td><td>^Red Hat Enterprise Linux release (\d)\.\d+$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">installed OS part of unix family</span>Â 
        <span class="label label-default">oval:ssg-test_rhel7_unix_family:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">installed OS part of unix family</span>Â 
        <span class="label label-default">oval:ssg-test_rhel7_unix_family:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhel7_unix_family:obj:1</abbr></strong> of type
                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">redhat-release-client is version 7</span>Â 
        <span class="label label-default">oval:ssg-test_rhel7_client:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhel7_client:obj:1</abbr></strong> of type
                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>redhat-release-client</td></tr></tbody></table><h4><span class="label label-primary">redhat-release-client is version 7</span>Â 
        <span class="label label-default">oval:ssg-test_rhel7_client:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhel7_client:obj:1</abbr></strong> of type
                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>redhat-release-client</td></tr></tbody></table><h4><span class="label label-primary">redhat-release-workstation is version 7</span>Â 
        <span class="label label-default">oval:ssg-test_rhel7_workstation:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhel7_workstation:obj:1</abbr></strong> of type
                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>redhat-release-workstation</td></tr></tbody></table><h4><span class="label label-primary">redhat-release-workstation is version 7</span>Â 
        <span class="label label-default">oval:ssg-test_rhel7_workstation:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhel7_workstation:obj:1</abbr></strong> of type
                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>redhat-release-workstation</td></tr></tbody></table><h4><span class="label label-primary">redhat-release-server is version 7</span>Â 
        <span class="label label-default">oval:ssg-test_rhel7_server:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhel7_server:obj:1</abbr></strong> of type
                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>redhat-release-server</td></tr></tbody></table><h4><span class="label label-primary">redhat-release-server is version 7</span>Â 
        <span class="label label-default">oval:ssg-test_rhel7_server:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhel7_server:obj:1</abbr></strong> of type
                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>redhat-release-server</td></tr></tbody></table><h4><span class="label label-primary">redhat-release-computenode is version 7</span>Â 
        <span class="label label-default">oval:ssg-test_rhel7_computenode:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhel7_computenode:obj:1</abbr></strong> of type
                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>redhat-release-computenode</td></tr></tbody></table><h4><span class="label label-primary">redhat-release-computenode is version 7</span>Â 
        <span class="label label-default">oval:ssg-test_rhel7_computenode:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhel7_computenode:obj:1</abbr></strong> of type
                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>redhat-release-computenode</td></tr></tbody></table><h4><span class="label label-primary">redhat-release-virtualization-host RPM package is installed</span>Â 
        <span class="label label-default">oval:ssg-test_rhvh4_version:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhvh4_version:obj:1</abbr></strong> of type
                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>redhat-release-virtualization-host</td></tr></tbody></table><h4><span class="label label-primary">redhat-release-virtualization-host RPM package is installed</span>Â 
        <span class="label label-default">oval:ssg-test_rhvh4_version:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhvh4_version:obj:1</abbr></strong> of type
                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>redhat-release-virtualization-host</td></tr></tbody></table><h4><span class="label label-primary">RHEVH base RHEL is version 7</span>Â 
        <span class="label label-default">oval:ssg-test_rhevh_rhel7_version:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhevh_rhel7_version:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/redhat-release</td><td>^Red Hat Enterprise Linux release (\d)\.\d+$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">RHEVH base RHEL is version 7</span>Â 
        <span class="label label-default">oval:ssg-test_rhevh_rhel7_version:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhevh_rhel7_version:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/redhat-release</td><td>^Red Hat Enterprise Linux release (\d)\.\d+$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">installed OS part of unix family</span>Â 
        <span class="label label-default">oval:ssg-test_rhel8_unix_family:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">installed OS part of unix family</span>Â 
        <span class="label label-default">oval:ssg-test_rhel8_unix_family:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhel8_unix_family:obj:1</abbr></strong> of type
                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">redhat-release is version 8</span>Â 
        <span class="label label-default">oval:ssg-test_rhel8:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhel8:obj:1</abbr></strong> of type
                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>redhat-release</td></tr></tbody></table><h4><span class="label label-primary">redhat-release is version 8</span>Â 
        <span class="label label-default">oval:ssg-test_rhel8:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhel8:obj:1</abbr></strong> of type
                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>redhat-release</td></tr></tbody></table><h4><span class="label label-primary">redhat-release-virtualization-host RPM package is installed</span>Â 
        <span class="label label-default">oval:ssg-test_rhvh4_version:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhvh4_version:obj:1</abbr></strong> of type
                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>redhat-release-virtualization-host</td></tr></tbody></table><h4><span class="label label-primary">redhat-release-virtualization-host RPM package is installed</span>Â 
        <span class="label label-default">oval:ssg-test_rhvh4_version:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhvh4_version:obj:1</abbr></strong> of type
                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>redhat-release-virtualization-host</td></tr></tbody></table><h4><span class="label label-primary">RHEVH base RHEL is version 8</span>Â 
        <span class="label label-default">oval:ssg-test_rhevh_rhel8_version:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhevh_rhel8_version:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/redhat-release</td><td>^Red Hat Enterprise Linux release (\d)\.\d+$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">RHEVH base RHEL is version 8</span>Â 
        <span class="label label-default">oval:ssg-test_rhevh_rhel8_version:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhevh_rhel8_version:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/redhat-release</td><td>^Red Hat Enterprise Linux release (\d)\.\d+$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">installed OS part of unix family</span>Â 
        <span class="label label-default">oval:ssg-test_rhel8_unix_family:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">installed OS part of unix family</span>Â 
        <span class="label label-default">oval:ssg-test_rhel8_unix_family:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhel8_unix_family:obj:1</abbr></strong> of type
                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">redhat-release is version 8</span>Â 
        <span class="label label-default">oval:ssg-test_rhel8:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhel8:obj:1</abbr></strong> of type
                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>redhat-release</td></tr></tbody></table><h4><span class="label label-primary">redhat-release is version 8</span>Â 
        <span class="label label-default">oval:ssg-test_rhel8:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhel8:obj:1</abbr></strong> of type
                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>redhat-release</td></tr></tbody></table><h4><span class="label label-primary">redhat-release-virtualization-host RPM package is installed</span>Â 
        <span class="label label-default">oval:ssg-test_rhvh4_version:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhvh4_version:obj:1</abbr></strong> of type
                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>redhat-release-virtualization-host</td></tr></tbody></table><h4><span class="label label-primary">redhat-release-virtualization-host RPM package is installed</span>Â 
        <span class="label label-default">oval:ssg-test_rhvh4_version:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhvh4_version:obj:1</abbr></strong> of type
                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>redhat-release-virtualization-host</td></tr></tbody></table><h4><span class="label label-primary">RHEVH base RHEL is version 8</span>Â 
        <span class="label label-default">oval:ssg-test_rhevh_rhel8_version:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhevh_rhel8_version:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/redhat-release</td><td>^Red Hat Enterprise Linux release (\d)\.\d+$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">RHEVH base RHEL is version 8</span>Â 
        <span class="label label-default">oval:ssg-test_rhevh_rhel8_version:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhevh_rhel8_version:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/redhat-release</td><td>^Red Hat Enterprise Linux release (\d)\.\d+$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">os-release is rhcos</span>Â 
        <span class="label label-default">oval:ssg-test_rhcos:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/os-release</td><td>ID="sles"</td></tr></tbody></table><h4><span class="label label-primary">os-release is rhcos</span>Â 
        <span class="label label-default">oval:ssg-test_rhcos:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhcos:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/os-release</td><td>^ID="(\w+)"$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">rhcoreos is version 4</span>Â 
        <span class="label label-default">oval:ssg-test_rhcos4:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhcos4:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/os-release</td><td>^VERSION_ID="(\d)\.\d+"$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">rhcoreos is version 4</span>Â 
        <span class="label label-default">oval:ssg-test_rhcos4:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhcos4:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/os-release</td><td>^VERSION_ID="(\d)\.\d+"$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">os-release is rhcos</span>Â 
        <span class="label label-default">oval:ssg-test_rhcos:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/os-release</td><td>ID="sles"</td></tr></tbody></table><h4><span class="label label-primary">os-release is rhcos</span>Â 
        <span class="label label-default">oval:ssg-test_rhcos:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhcos:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/os-release</td><td>^ID="(\w+)"$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">rhcoreos is version 4</span>Â 
        <span class="label label-default">oval:ssg-test_rhcos4:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhcos4:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/os-release</td><td>^VERSION_ID="(\d)\.\d+"$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">rhcoreos is version 4</span>Â 
        <span class="label label-default">oval:ssg-test_rhcos4:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhcos4:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/os-release</td><td>^VERSION_ID="(\d)\.\d+"$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_unix_family:obj:1</abbr></strong> of type
                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_unix_family:obj:1</abbr></strong> of type
                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">oraclelinux-release is version 7</span>Â 
        <span class="label label-default">oval:ssg-test_ol7_system:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_ol7_system:obj:1</abbr></strong> of type
                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>oraclelinux-release</td></tr></tbody></table><h4><span class="label label-primary">oraclelinux-release is version 7</span>Â 
        <span class="label label-default">oval:ssg-test_ol7_system:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_ol7_system:obj:1</abbr></strong> of type
                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>oraclelinux-release</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_unix_family:obj:1</abbr></strong> of type
                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_unix_family:obj:1</abbr></strong> of type
                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">oraclelinux-release is version 7</span>Â 
        <span class="label label-default">oval:ssg-test_ol7_system:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_ol7_system:obj:1</abbr></strong> of type
                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>oraclelinux-release</td></tr></tbody></table><h4><span class="label label-primary">oraclelinux-release is version 7</span>Â 
        <span class="label label-default">oval:ssg-test_ol7_system:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_ol7_system:obj:1</abbr></strong> of type
                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>oraclelinux-release</td></tr></tbody></table><h4><span class="label label-primary">installed OS part of unix family</span>Â 
        <span class="label label-default">oval:ssg-test_sle12_unix_family:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">installed OS part of unix family</span>Â 
        <span class="label label-default">oval:ssg-test_sle12_unix_family:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_sle12_unix_family:obj:1</abbr></strong> of type
                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">sled-release is version 6</span>Â 
        <span class="label label-default">oval:ssg-test_sle12_desktop:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_sle12_desktop:obj:1</abbr></strong> of type
                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>sled-release</td></tr></tbody></table><h4><span class="label label-primary">sled-release is version 6</span>Â 
        <span class="label label-default">oval:ssg-test_sle12_desktop:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_sle12_desktop:obj:1</abbr></strong> of type
                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>sled-release</td></tr></tbody></table><h4><span class="label label-primary">sles-release is version 6</span>Â 
        <span class="label label-default">oval:ssg-test_sle12_server:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th><th>Arch</th><th>Epoch</th><th>Release</th><th>Version</th><th>Evr</th><th>Signature keyid</th><th>Extended name</th></tr></thead><tbody><tr><td>sles-release</td><td>x86_64</td><td>(none)</td><td>150500.43.4</td><td>15.5</td><td>0:15.5-150500.43.4</td><td>70af9e8139db7c82</td><td>sles-release-0:15.5-150500.43.4.x86_64</td></tr></tbody></table><h4><span class="label label-primary">sles-release is version 6</span>Â 
        <span class="label label-default">oval:ssg-test_sle12_server:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_sle12_server:obj:1</abbr></strong> of type
                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>sles-release</td></tr></tbody></table><h4><span class="label label-primary">SLES_SAP-release is version 12</span>Â 
        <span class="label label-default">oval:ssg-test_sles_12_for_sap:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_sles_12_for_sap:obj:1</abbr></strong> of type
                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>SLES_SAP-release</td></tr></tbody></table><h4><span class="label label-primary">SLES_SAP-release is version 12</span>Â 
        <span class="label label-default">oval:ssg-test_sles_12_for_sap:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_sles_12_for_sap:obj:1</abbr></strong> of type
                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>SLES_SAP-release</td></tr></tbody></table><h4><span class="label label-primary">installed OS part of unix family</span>Â 
        <span class="label label-default">oval:ssg-test_sle12_unix_family:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">installed OS part of unix family</span>Â 
        <span class="label label-default">oval:ssg-test_sle12_unix_family:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_sle12_unix_family:obj:1</abbr></strong> of type
                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">sled-release is version 6</span>Â 
        <span class="label label-default">oval:ssg-test_sle12_desktop:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_sle12_desktop:obj:1</abbr></strong> of type
                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>sled-release</td></tr></tbody></table><h4><span class="label label-primary">sled-release is version 6</span>Â 
        <span class="label label-default">oval:ssg-test_sle12_desktop:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_sle12_desktop:obj:1</abbr></strong> of type
                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>sled-release</td></tr></tbody></table><h4><span class="label label-primary">sles-release is version 6</span>Â 
        <span class="label label-default">oval:ssg-test_sle12_server:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th><th>Arch</th><th>Epoch</th><th>Release</th><th>Version</th><th>Evr</th><th>Signature keyid</th><th>Extended name</th></tr></thead><tbody><tr><td>sles-release</td><td>x86_64</td><td>(none)</td><td>150500.43.4</td><td>15.5</td><td>0:15.5-150500.43.4</td><td>70af9e8139db7c82</td><td>sles-release-0:15.5-150500.43.4.x86_64</td></tr></tbody></table><h4><span class="label label-primary">sles-release is version 6</span>Â 
        <span class="label label-default">oval:ssg-test_sle12_server:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_sle12_server:obj:1</abbr></strong> of type
                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>sles-release</td></tr></tbody></table><h4><span class="label label-primary">SLES_SAP-release is version 12</span>Â 
        <span class="label label-default">oval:ssg-test_sles_12_for_sap:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_sles_12_for_sap:obj:1</abbr></strong> of type
                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>SLES_SAP-release</td></tr></tbody></table><h4><span class="label label-primary">SLES_SAP-release is version 12</span>Â 
        <span class="label label-default">oval:ssg-test_sles_12_for_sap:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_sles_12_for_sap:obj:1</abbr></strong> of type
                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>SLES_SAP-release</td></tr></tbody></table><h4><span class="label label-primary">installed OS part of unix family</span>Â 
        <span class="label label-default">oval:ssg-test_sle15_unix_family:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">installed OS part of unix family</span>Â 
        <span class="label label-default">oval:ssg-test_sle15_unix_family:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">sled-release is version 15</span>Â 
        <span class="label label-default">oval:ssg-test_sle15_desktop:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_sle15_desktop:obj:1</abbr></strong> of type
                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>sled-release</td></tr></tbody></table><h4><span class="label label-primary">sled-release is version 15</span>Â 
        <span class="label label-default">oval:ssg-test_sle15_desktop:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_sle15_desktop:obj:1</abbr></strong> of type
                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>sled-release</td></tr></tbody></table><h4><span class="label label-primary">sles-release is version 15</span>Â 
        <span class="label label-default">oval:ssg-test_sle15_server:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th><th>Arch</th><th>Epoch</th><th>Release</th><th>Version</th><th>Evr</th><th>Signature keyid</th><th>Extended name</th></tr></thead><tbody><tr><td>sles-release</td><td>x86_64</td><td>(none)</td><td>150500.43.4</td><td>15.5</td><td>0:15.5-150500.43.4</td><td>70af9e8139db7c82</td><td>sles-release-0:15.5-150500.43.4.x86_64</td></tr></tbody></table><h4><span class="label label-primary">sles-release is version 15</span>Â 
        <span class="label label-default">oval:ssg-test_sle15_server:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th><th>Arch</th><th>Epoch</th><th>Release</th><th>Version</th><th>Evr</th><th>Signature keyid</th><th>Extended name</th></tr></thead><tbody><tr><td>sles-release</td><td>x86_64</td><td>(none)</td><td>150500.43.4</td><td>15.5</td><td>0:15.5-150500.43.4</td><td>70af9e8139db7c82</td><td>sles-release-0:15.5-150500.43.4.x86_64</td></tr></tbody></table><h4><span class="label label-primary">SLES_SAP-release is version 15</span>Â 
        <span class="label label-default">oval:ssg-test_sles_15_for_sap:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_sles_15_for_sap:obj:1</abbr></strong> of type
                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>SLES_SAP-release</td></tr></tbody></table><h4><span class="label label-primary">SLES_SAP-release is version 15</span>Â 
        <span class="label label-default">oval:ssg-test_sles_15_for_sap:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_sles_15_for_sap:obj:1</abbr></strong> of type
                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>SLES_SAP-release</td></tr></tbody></table><h4><span class="label label-primary">SUMA is version 4</span>Â 
        <span class="label label-default">oval:ssg-test_suma_4:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_suma_4:obj:1</abbr></strong> of type
                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>SUSE-Manager-Server-release</td></tr></tbody></table><h4><span class="label label-primary">SUMA is version 4</span>Â 
        <span class="label label-default">oval:ssg-test_suma_4:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_suma_4:obj:1</abbr></strong> of type
                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>SUSE-Manager-Server-release</td></tr></tbody></table><h4><span class="label label-primary">SLE HPC release is version 15</span>Â 
        <span class="label label-default">oval:ssg-test_sle_hpc:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_sle_hpc:obj:1</abbr></strong> of type
                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>SLE_HPC-release</td></tr></tbody></table><h4><span class="label label-primary">SLE HPC release is version 15</span>Â 
        <span class="label label-default">oval:ssg-test_sle_hpc:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_sle_hpc:obj:1</abbr></strong> of type
                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>SLE_HPC-release</td></tr></tbody></table><h4><span class="label label-primary">installed OS part of unix family</span>Â 
        <span class="label label-default">oval:ssg-test_sle15_unix_family:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">installed OS part of unix family</span>Â 
        <span class="label label-default">oval:ssg-test_sle15_unix_family:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">sled-release is version 15</span>Â 
        <span class="label label-default">oval:ssg-test_sle15_desktop:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_sle15_desktop:obj:1</abbr></strong> of type
                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>sled-release</td></tr></tbody></table><h4><span class="label label-primary">sled-release is version 15</span>Â 
        <span class="label label-default">oval:ssg-test_sle15_desktop:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_sle15_desktop:obj:1</abbr></strong> of type
                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>sled-release</td></tr></tbody></table><h4><span class="label label-primary">sles-release is version 15</span>Â 
        <span class="label label-default">oval:ssg-test_sle15_server:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th><th>Arch</th><th>Epoch</th><th>Release</th><th>Version</th><th>Evr</th><th>Signature keyid</th><th>Extended name</th></tr></thead><tbody><tr><td>sles-release</td><td>x86_64</td><td>(none)</td><td>150500.43.4</td><td>15.5</td><td>0:15.5-150500.43.4</td><td>70af9e8139db7c82</td><td>sles-release-0:15.5-150500.43.4.x86_64</td></tr></tbody></table><h4><span class="label label-primary">sles-release is version 15</span>Â 
        <span class="label label-default">oval:ssg-test_sle15_server:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th><th>Arch</th><th>Epoch</th><th>Release</th><th>Version</th><th>Evr</th><th>Signature keyid</th><th>Extended name</th></tr></thead><tbody><tr><td>sles-release</td><td>x86_64</td><td>(none)</td><td>150500.43.4</td><td>15.5</td><td>0:15.5-150500.43.4</td><td>70af9e8139db7c82</td><td>sles-release-0:15.5-150500.43.4.x86_64</td></tr></tbody></table><h4><span class="label label-primary">SLES_SAP-release is version 15</span>Â 
        <span class="label label-default">oval:ssg-test_sles_15_for_sap:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_sles_15_for_sap:obj:1</abbr></strong> of type
                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>SLES_SAP-release</td></tr></tbody></table><h4><span class="label label-primary">SLES_SAP-release is version 15</span>Â 
        <span class="label label-default">oval:ssg-test_sles_15_for_sap:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_sles_15_for_sap:obj:1</abbr></strong> of type
                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>SLES_SAP-release</td></tr></tbody></table><h4><span class="label label-primary">SUMA is version 4</span>Â 
        <span class="label label-default">oval:ssg-test_suma_4:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_suma_4:obj:1</abbr></strong> of type
                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>SUSE-Manager-Server-release</td></tr></tbody></table><h4><span class="label label-primary">SUMA is version 4</span>Â 
        <span class="label label-default">oval:ssg-test_suma_4:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_suma_4:obj:1</abbr></strong> of type
                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>SUSE-Manager-Server-release</td></tr></tbody></table><h4><span class="label label-primary">SLE HPC release is version 15</span>Â 
        <span class="label label-default">oval:ssg-test_sle_hpc:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_sle_hpc:obj:1</abbr></strong> of type
                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>SLE_HPC-release</td></tr></tbody></table><h4><span class="label label-primary">SLE HPC release is version 15</span>Â 
        <span class="label label-default">oval:ssg-test_sle_hpc:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_sle_hpc:obj:1</abbr></strong> of type
                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>SLE_HPC-release</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_unix_family:obj:1</abbr></strong> of type
                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_unix_family:obj:1</abbr></strong> of type
                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">/etc/lsb-release exists</span>Â 
        <span class="label label-default">oval:ssg-test_lsb:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="check /etc/lsb-release file">oval:ssg-obj_lsb:obj:1</abbr></strong> of type
                <strong>file_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th></tr></thead><tbody><tr><td>/etc/lsb-release</td></tr></tbody></table><h4><span class="label label-primary">/etc/lsb-release exists</span>Â 
        <span class="label label-default">oval:ssg-test_lsb:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="check /etc/lsb-release file">oval:ssg-obj_lsb:obj:1</abbr></strong> of type
                <strong>file_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th></tr></thead><tbody><tr><td>/etc/lsb-release</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu</span>Â 
        <span class="label label-default">oval:ssg-test_ubuntu:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu">oval:ssg-obj_ubuntu:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_ID=Ubuntu$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu</span>Â 
        <span class="label label-default">oval:ssg-test_ubuntu:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu">oval:ssg-obj_ubuntu:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_ID=Ubuntu$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_unix_family:obj:1</abbr></strong> of type
                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_unix_family:obj:1</abbr></strong> of type
                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">/etc/lsb-release exists</span>Â 
        <span class="label label-default">oval:ssg-test_lsb:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="check /etc/lsb-release file">oval:ssg-obj_lsb:obj:1</abbr></strong> of type
                <strong>file_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th></tr></thead><tbody><tr><td>/etc/lsb-release</td></tr></tbody></table><h4><span class="label label-primary">/etc/lsb-release exists</span>Â 
        <span class="label label-default">oval:ssg-test_lsb:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="check /etc/lsb-release file">oval:ssg-obj_lsb:obj:1</abbr></strong> of type
                <strong>file_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th></tr></thead><tbody><tr><td>/etc/lsb-release</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu</span>Â 
        <span class="label label-default">oval:ssg-test_ubuntu:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu">oval:ssg-obj_ubuntu:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_ID=Ubuntu$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu</span>Â 
        <span class="label label-default">oval:ssg-test_ubuntu:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu">oval:ssg-obj_ubuntu:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_ID=Ubuntu$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu version</span>Â 
        <span class="label label-default">oval:ssg-test_ubuntu_xenial:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu version">oval:ssg-obj_ubuntu_xenial:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_CODENAME=xenial$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu version</span>Â 
        <span class="label label-default">oval:ssg-test_ubuntu_xenial:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu version">oval:ssg-obj_ubuntu_xenial:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_CODENAME=xenial$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_unix_family:obj:1</abbr></strong> of type
                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_unix_family:obj:1</abbr></strong> of type
                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">/etc/lsb-release exists</span>Â 
        <span class="label label-default">oval:ssg-test_lsb:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="check /etc/lsb-release file">oval:ssg-obj_lsb:obj:1</abbr></strong> of type
                <strong>file_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th></tr></thead><tbody><tr><td>/etc/lsb-release</td></tr></tbody></table><h4><span class="label label-primary">/etc/lsb-release exists</span>Â 
        <span class="label label-default">oval:ssg-test_lsb:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="check /etc/lsb-release file">oval:ssg-obj_lsb:obj:1</abbr></strong> of type
                <strong>file_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th></tr></thead><tbody><tr><td>/etc/lsb-release</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu</span>Â 
        <span class="label label-default">oval:ssg-test_ubuntu:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu">oval:ssg-obj_ubuntu:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_ID=Ubuntu$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu</span>Â 
        <span class="label label-default">oval:ssg-test_ubuntu:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu">oval:ssg-obj_ubuntu:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_ID=Ubuntu$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_unix_family:obj:1</abbr></strong> of type
                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_unix_family:obj:1</abbr></strong> of type
                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">/etc/lsb-release exists</span>Â 
        <span class="label label-default">oval:ssg-test_lsb:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="check /etc/lsb-release file">oval:ssg-obj_lsb:obj:1</abbr></strong> of type
                <strong>file_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th></tr></thead><tbody><tr><td>/etc/lsb-release</td></tr></tbody></table><h4><span class="label label-primary">/etc/lsb-release exists</span>Â 
        <span class="label label-default">oval:ssg-test_lsb:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="check /etc/lsb-release file">oval:ssg-obj_lsb:obj:1</abbr></strong> of type
                <strong>file_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th></tr></thead><tbody><tr><td>/etc/lsb-release</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu</span>Â 
        <span class="label label-default">oval:ssg-test_ubuntu:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu">oval:ssg-obj_ubuntu:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_ID=Ubuntu$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu</span>Â 
        <span class="label label-default">oval:ssg-test_ubuntu:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu">oval:ssg-obj_ubuntu:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_ID=Ubuntu$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu version</span>Â 
        <span class="label label-default">oval:ssg-test_ubuntu_xenial:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu version">oval:ssg-obj_ubuntu_xenial:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_CODENAME=xenial$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu version</span>Â 
        <span class="label label-default">oval:ssg-test_ubuntu_xenial:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu version">oval:ssg-obj_ubuntu_xenial:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_CODENAME=xenial$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_unix_family:obj:1</abbr></strong> of type
                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_unix_family:obj:1</abbr></strong> of type
                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">/etc/lsb-release exists</span>Â 
        <span class="label label-default">oval:ssg-test_lsb:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="check /etc/lsb-release file">oval:ssg-obj_lsb:obj:1</abbr></strong> of type
                <strong>file_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th></tr></thead><tbody><tr><td>/etc/lsb-release</td></tr></tbody></table><h4><span class="label label-primary">/etc/lsb-release exists</span>Â 
        <span class="label label-default">oval:ssg-test_lsb:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="check /etc/lsb-release file">oval:ssg-obj_lsb:obj:1</abbr></strong> of type
                <strong>file_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th></tr></thead><tbody><tr><td>/etc/lsb-release</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu</span>Â 
        <span class="label label-default">oval:ssg-test_ubuntu:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu">oval:ssg-obj_ubuntu:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_ID=Ubuntu$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu</span>Â 
        <span class="label label-default">oval:ssg-test_ubuntu:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu">oval:ssg-obj_ubuntu:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_ID=Ubuntu$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_unix_family:obj:1</abbr></strong> of type
                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_unix_family:obj:1</abbr></strong> of type
                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">/etc/lsb-release exists</span>Â 
        <span class="label label-default">oval:ssg-test_lsb:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="check /etc/lsb-release file">oval:ssg-obj_lsb:obj:1</abbr></strong> of type
                <strong>file_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th></tr></thead><tbody><tr><td>/etc/lsb-release</td></tr></tbody></table><h4><span class="label label-primary">/etc/lsb-release exists</span>Â 
        <span class="label label-default">oval:ssg-test_lsb:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="check /etc/lsb-release file">oval:ssg-obj_lsb:obj:1</abbr></strong> of type
                <strong>file_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th></tr></thead><tbody><tr><td>/etc/lsb-release</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu</span>Â 
        <span class="label label-default">oval:ssg-test_ubuntu:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu">oval:ssg-obj_ubuntu:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_ID=Ubuntu$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu</span>Â 
        <span class="label label-default">oval:ssg-test_ubuntu:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu">oval:ssg-obj_ubuntu:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_ID=Ubuntu$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu version</span>Â 
        <span class="label label-default">oval:ssg-test_ubuntu_bionic:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu version">oval:ssg-obj_ubuntu_bionic:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_CODENAME=bionic$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu version</span>Â 
        <span class="label label-default">oval:ssg-test_ubuntu_bionic:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu version">oval:ssg-obj_ubuntu_bionic:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_CODENAME=bionic$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_unix_family:obj:1</abbr></strong> of type
                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_unix_family:obj:1</abbr></strong> of type
                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">/etc/lsb-release exists</span>Â 
        <span class="label label-default">oval:ssg-test_lsb:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="check /etc/lsb-release file">oval:ssg-obj_lsb:obj:1</abbr></strong> of type
                <strong>file_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th></tr></thead><tbody><tr><td>/etc/lsb-release</td></tr></tbody></table><h4><span class="label label-primary">/etc/lsb-release exists</span>Â 
        <span class="label label-default">oval:ssg-test_lsb:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="check /etc/lsb-release file">oval:ssg-obj_lsb:obj:1</abbr></strong> of type
                <strong>file_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th></tr></thead><tbody><tr><td>/etc/lsb-release</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu</span>Â 
        <span class="label label-default">oval:ssg-test_ubuntu:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu">oval:ssg-obj_ubuntu:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_ID=Ubuntu$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu</span>Â 
        <span class="label label-default">oval:ssg-test_ubuntu:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu">oval:ssg-obj_ubuntu:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_ID=Ubuntu$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_unix_family:obj:1</abbr></strong> of type
                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_unix_family:obj:1</abbr></strong> of type
                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">/etc/lsb-release exists</span>Â 
        <span class="label label-default">oval:ssg-test_lsb:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="check /etc/lsb-release file">oval:ssg-obj_lsb:obj:1</abbr></strong> of type
                <strong>file_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th></tr></thead><tbody><tr><td>/etc/lsb-release</td></tr></tbody></table><h4><span class="label label-primary">/etc/lsb-release exists</span>Â 
        <span class="label label-default">oval:ssg-test_lsb:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="check /etc/lsb-release file">oval:ssg-obj_lsb:obj:1</abbr></strong> of type
                <strong>file_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th></tr></thead><tbody><tr><td>/etc/lsb-release</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu</span>Â 
        <span class="label label-default">oval:ssg-test_ubuntu:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu">oval:ssg-obj_ubuntu:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_ID=Ubuntu$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu</span>Â 
        <span class="label label-default">oval:ssg-test_ubuntu:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu">oval:ssg-obj_ubuntu:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_ID=Ubuntu$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu version</span>Â 
        <span class="label label-default">oval:ssg-test_ubuntu_bionic:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu version">oval:ssg-obj_ubuntu_bionic:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_CODENAME=bionic$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu version</span>Â 
        <span class="label label-default">oval:ssg-test_ubuntu_bionic:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu version">oval:ssg-obj_ubuntu_bionic:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_CODENAME=bionic$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_unix_family:obj:1</abbr></strong> of type
                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_unix_family:obj:1</abbr></strong> of type
                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">/etc/lsb-release exists</span>Â 
        <span class="label label-default">oval:ssg-test_lsb:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="check /etc/lsb-release file">oval:ssg-obj_lsb:obj:1</abbr></strong> of type
                <strong>file_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th></tr></thead><tbody><tr><td>/etc/lsb-release</td></tr></tbody></table><h4><span class="label label-primary">/etc/lsb-release exists</span>Â 
        <span class="label label-default">oval:ssg-test_lsb:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="check /etc/lsb-release file">oval:ssg-obj_lsb:obj:1</abbr></strong> of type
                <strong>file_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th></tr></thead><tbody><tr><td>/etc/lsb-release</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu</span>Â 
        <span class="label label-default">oval:ssg-test_ubuntu:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu">oval:ssg-obj_ubuntu:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_ID=Ubuntu$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu</span>Â 
        <span class="label label-default">oval:ssg-test_ubuntu:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu">oval:ssg-obj_ubuntu:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_ID=Ubuntu$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_unix_family:obj:1</abbr></strong> of type
                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_unix_family:obj:1</abbr></strong> of type
                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">/etc/lsb-release exists</span>Â 
        <span class="label label-default">oval:ssg-test_lsb:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="check /etc/lsb-release file">oval:ssg-obj_lsb:obj:1</abbr></strong> of type
                <strong>file_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th></tr></thead><tbody><tr><td>/etc/lsb-release</td></tr></tbody></table><h4><span class="label label-primary">/etc/lsb-release exists</span>Â 
        <span class="label label-default">oval:ssg-test_lsb:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="check /etc/lsb-release file">oval:ssg-obj_lsb:obj:1</abbr></strong> of type
                <strong>file_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th></tr></thead><tbody><tr><td>/etc/lsb-release</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu</span>Â 
        <span class="label label-default">oval:ssg-test_ubuntu:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu">oval:ssg-obj_ubuntu:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_ID=Ubuntu$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu</span>Â 
        <span class="label label-default">oval:ssg-test_ubuntu:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu">oval:ssg-obj_ubuntu:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_ID=Ubuntu$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu version</span>Â 
        <span class="label label-default">oval:ssg-test_ubuntu_focal:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu version">oval:ssg-obj_ubuntu_focal:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_CODENAME=focal$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu version</span>Â 
        <span class="label label-default">oval:ssg-test_ubuntu_focal:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu version">oval:ssg-obj_ubuntu_focal:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_CODENAME=focal$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_unix_family:obj:1</abbr></strong> of type
                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_unix_family:obj:1</abbr></strong> of type
                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">/etc/lsb-release exists</span>Â 
        <span class="label label-default">oval:ssg-test_lsb:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="check /etc/lsb-release file">oval:ssg-obj_lsb:obj:1</abbr></strong> of type
                <strong>file_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th></tr></thead><tbody><tr><td>/etc/lsb-release</td></tr></tbody></table><h4><span class="label label-primary">/etc/lsb-release exists</span>Â 
        <span class="label label-default">oval:ssg-test_lsb:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="check /etc/lsb-release file">oval:ssg-obj_lsb:obj:1</abbr></strong> of type
                <strong>file_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th></tr></thead><tbody><tr><td>/etc/lsb-release</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu</span>Â 
        <span class="label label-default">oval:ssg-test_ubuntu:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu">oval:ssg-obj_ubuntu:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_ID=Ubuntu$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu</span>Â 
        <span class="label label-default">oval:ssg-test_ubuntu:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu">oval:ssg-obj_ubuntu:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_ID=Ubuntu$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_unix_family:obj:1</abbr></strong> of type
                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_unix_family:obj:1</abbr></strong> of type
                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">/etc/lsb-release exists</span>Â 
        <span class="label label-default">oval:ssg-test_lsb:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="check /etc/lsb-release file">oval:ssg-obj_lsb:obj:1</abbr></strong> of type
                <strong>file_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th></tr></thead><tbody><tr><td>/etc/lsb-release</td></tr></tbody></table><h4><span class="label label-primary">/etc/lsb-release exists</span>Â 
        <span class="label label-default">oval:ssg-test_lsb:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="check /etc/lsb-release file">oval:ssg-obj_lsb:obj:1</abbr></strong> of type
                <strong>file_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th></tr></thead><tbody><tr><td>/etc/lsb-release</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu</span>Â 
        <span class="label label-default">oval:ssg-test_ubuntu:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu">oval:ssg-obj_ubuntu:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_ID=Ubuntu$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu</span>Â 
        <span class="label label-default">oval:ssg-test_ubuntu:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu">oval:ssg-obj_ubuntu:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_ID=Ubuntu$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu version</span>Â 
        <span class="label label-default">oval:ssg-test_ubuntu_focal:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu version">oval:ssg-obj_ubuntu_focal:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_CODENAME=focal$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu version</span>Â 
        <span class="label label-default">oval:ssg-test_ubuntu_focal:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu version">oval:ssg-obj_ubuntu_focal:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_CODENAME=focal$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Verify if Profile set Value sshd_required as not required</span>Â 
        <span class="label label-default">oval:ssg-test_sshd_not_required:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Var ref</th><th>Value</th></tr></thead><tbody><tr><td>oval:ssg-sshd_required:var:1</td><td>0</td></tr></tbody></table><h4><span class="label label-primary">Verify if Value of sshd_required is the default</span>Â 
        <span class="label label-default">oval:ssg-test_sshd_requirement_unset:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Var ref</th><th>Value</th></tr></thead><tbody><tr><td>oval:ssg-sshd_required:var:1</td><td>0</td></tr></tbody></table><h4><span class="label label-primary">package openssh-server is removed</span>Â 
        <span class="label label-default">oval:ssg-test_package_openssh-server_removed:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th><th>Arch</th><th>Epoch</th><th>Release</th><th>Version</th><th>Evr</th><th>Signature keyid</th><th>Extended name</th></tr></thead><tbody><tr><td>openssh-server</td><td>x86_64</td><td>(none)</td><td>150300.3.22.1</td><td>8.4p1</td><td>0:8.4p1-150300.3.22.1</td><td>70af9e8139db7c82</td><td>openssh-server-0:8.4p1-150300.3.22.1.x86_64</td></tr></tbody></table><h4><span class="label label-primary">Verify if Profile set Value sshd_required as required</span>Â 
        <span class="label label-default">oval:ssg-test_sshd_required:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Var ref</th><th>Value</th></tr></thead><tbody><tr><td>oval:ssg-sshd_required:var:1</td><td>0</td></tr></tbody></table><h4><span class="label label-primary">Verify if Value of sshd_required is the default</span>Â 
        <span class="label label-default">oval:ssg-test_sshd_requirement_unset:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Var ref</th><th>Value</th></tr></thead><tbody><tr><td>oval:ssg-sshd_required:var:1</td><td>0</td></tr></tbody></table><h4><span class="label label-primary">package openssh-server is installed</span>Â 
        <span class="label label-default">oval:ssg-test_package_openssh-server_installed:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th><th>Arch</th><th>Epoch</th><th>Release</th><th>Version</th><th>Evr</th><th>Signature keyid</th><th>Extended name</th></tr></thead><tbody><tr><td>openssh-server</td><td>x86_64</td><td>(none)</td><td>150300.3.22.1</td><td>8.4p1</td><td>0:8.4p1-150300.3.22.1</td><td>70af9e8139db7c82</td><td>openssh-server-0:8.4p1-150300.3.22.1.x86_64</td></tr></tbody></table><h4><span class="label label-primary">tests the value of Ciphers setting in the /etc/ssh/sshd_config file</span>Â 
        <span class="label label-default">oval:ssg-test_sshd_use_approved_ciphers:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Var ref</th><th>Value</th><th>Value</th><th>Value</th></tr></thead><tbody><tr><td>oval:ssg-var_sshd_config_ciphers:var:1</td><td>aes256-ctr</td><td>aes192-ctr</td><td>aes128-ctr</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_sshd_use_approved_ciphers_ordered_stig" id="rule-detail-id34449"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Use Only FIPS 140-2 Validated Ciphersxccdf_org.ssgproject.content_rule_sshd_use_approved_ciphers_ordered_stig mediumCCE-83271-7 </div><div class="panel-heading"><h3 class="panel-title">Use Only FIPS 140-2 Validated Ciphers</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_sshd_use_approved_ciphers_ordered_stig</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-sshd_use_approved_ciphers_ordered_stig:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:07+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
            <abbr title="https://ncp.nist.gov/cce: CCE-83271-7">CCE-83271-7</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
            <a href="https://public.cyber.mil/stigs/cci/">CCI-000068</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000803</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000877</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002890</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-003123</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000033-GPOS-00014</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000120-GPOS-00061</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000125-GPOS-00065</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000250-GPOS-00093</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000393-GPOS-00173</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000394-GPOS-00174</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">SLES-15-010160</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-234816r744125_rule</a></p></td></tr><tr><td>Description</td><td><div class="description">Limit the ciphers to those algorithms which are FIPS-approved.
The following line in <code>/etc/ssh/sshd_config</code>
demonstrates use of FIPS-approved ciphers:
<pre>Ciphers aes256-ctr,aes192-ctr,aes128-ctr</pre>
This rule ensures that there are configured ciphers mentioned
above (or their subset), keeping the given order of algorithms.</div></td></tr><tr><td>Rationale</td><td><div class="rationale">Unapproved mechanisms that are used for authentication to the cryptographic module are not verified and therefore
cannot be relied upon to provide confidentiality or integrity, and system data may be compromised.
<br>
Operating systems utilizing encryption are required to use FIPS-compliant mechanisms for authenticating to
cryptographic modules.
<br>
FIPS 140-2 is the current standard for validating that mechanisms used to access cryptographic modules
utilize authentication that meets industry and government requirements. For government systems, this allows
Security Levels 1, 2, 3, or 4 for use on SUSE Linux Enterprise 15.</div></td></tr><tr><td>Warnings</td><td><div class="panel panel-warning"><div class="panel-heading"><span class="label label-warning">warning</span>Â 
                                The system needs to be rebooted for these changes to take effect.</div></div><div class="panel panel-warning"><div class="panel-heading"><span class="label label-warning">warning</span>Â 
                                System Crypto Modules must be provided by a vendor that undergoes
FIPS-140 certifications.
FIPS-140 is applicable to all Federal agencies that use
cryptographic-based security systems to protect sensitive information
in computer and telecommunication systems (including voice systems) as
defined in Section 5131 of the Information Technology Management Reform
Act of 1996, Public Law 104-106. This standard shall be used in
designing and implementing cryptographic modules that Federal
departments and agencies operate or are operated for them under
contract. See <b><a href="https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.140-2.pdf">https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.140-2.pdf</a></b>
To meet this, the system has to have cryptographic software provided by
a vendor that has undergone this certification. This means providing
documentation, test results, design information, and independent third
party review by an accredited lab. While open source software is
capable of meeting this, it does not meet FIPS-140 unless the vendor
submits to this process.</div></div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">installed OS part of unix family</span>Â 
        <span class="label label-default">oval:ssg-test_rhel7_unix_family:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">installed OS part of unix family</span>Â 
        <span class="label label-default">oval:ssg-test_rhel7_unix_family:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhel7_unix_family:obj:1</abbr></strong> of type
                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">redhat-release-client is version 7</span>Â 
        <span class="label label-default">oval:ssg-test_rhel7_client:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhel7_client:obj:1</abbr></strong> of type
                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>redhat-release-client</td></tr></tbody></table><h4><span class="label label-primary">redhat-release-client is version 7</span>Â 
        <span class="label label-default">oval:ssg-test_rhel7_client:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhel7_client:obj:1</abbr></strong> of type
                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>redhat-release-client</td></tr></tbody></table><h4><span class="label label-primary">redhat-release-workstation is version 7</span>Â 
        <span class="label label-default">oval:ssg-test_rhel7_workstation:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhel7_workstation:obj:1</abbr></strong> of type
                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>redhat-release-workstation</td></tr></tbody></table><h4><span class="label label-primary">redhat-release-workstation is version 7</span>Â 
        <span class="label label-default">oval:ssg-test_rhel7_workstation:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhel7_workstation:obj:1</abbr></strong> of type
                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>redhat-release-workstation</td></tr></tbody></table><h4><span class="label label-primary">redhat-release-server is version 7</span>Â 
        <span class="label label-default">oval:ssg-test_rhel7_server:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhel7_server:obj:1</abbr></strong> of type
                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>redhat-release-server</td></tr></tbody></table><h4><span class="label label-primary">redhat-release-server is version 7</span>Â 
        <span class="label label-default">oval:ssg-test_rhel7_server:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhel7_server:obj:1</abbr></strong> of type
                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>redhat-release-server</td></tr></tbody></table><h4><span class="label label-primary">redhat-release-computenode is version 7</span>Â 
        <span class="label label-default">oval:ssg-test_rhel7_computenode:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhel7_computenode:obj:1</abbr></strong> of type
                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>redhat-release-computenode</td></tr></tbody></table><h4><span class="label label-primary">redhat-release-computenode is version 7</span>Â 
        <span class="label label-default">oval:ssg-test_rhel7_computenode:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhel7_computenode:obj:1</abbr></strong> of type
                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>redhat-release-computenode</td></tr></tbody></table><h4><span class="label label-primary">redhat-release-virtualization-host RPM package is installed</span>Â 
        <span class="label label-default">oval:ssg-test_rhvh4_version:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhvh4_version:obj:1</abbr></strong> of type
                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>redhat-release-virtualization-host</td></tr></tbody></table><h4><span class="label label-primary">redhat-release-virtualization-host RPM package is installed</span>Â 
        <span class="label label-default">oval:ssg-test_rhvh4_version:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhvh4_version:obj:1</abbr></strong> of type
                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>redhat-release-virtualization-host</td></tr></tbody></table><h4><span class="label label-primary">RHEVH base RHEL is version 7</span>Â 
        <span class="label label-default">oval:ssg-test_rhevh_rhel7_version:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhevh_rhel7_version:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/redhat-release</td><td>^Red Hat Enterprise Linux release (\d)\.\d+$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">RHEVH base RHEL is version 7</span>Â 
        <span class="label label-default">oval:ssg-test_rhevh_rhel7_version:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhevh_rhel7_version:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/redhat-release</td><td>^Red Hat Enterprise Linux release (\d)\.\d+$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">installed OS part of unix family</span>Â 
        <span class="label label-default">oval:ssg-test_rhel7_unix_family:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">installed OS part of unix family</span>Â 
        <span class="label label-default">oval:ssg-test_rhel7_unix_family:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhel7_unix_family:obj:1</abbr></strong> of type
                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">redhat-release-client is version 7</span>Â 
        <span class="label label-default">oval:ssg-test_rhel7_client:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhel7_client:obj:1</abbr></strong> of type
                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>redhat-release-client</td></tr></tbody></table><h4><span class="label label-primary">redhat-release-client is version 7</span>Â 
        <span class="label label-default">oval:ssg-test_rhel7_client:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhel7_client:obj:1</abbr></strong> of type
                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>redhat-release-client</td></tr></tbody></table><h4><span class="label label-primary">redhat-release-workstation is version 7</span>Â 
        <span class="label label-default">oval:ssg-test_rhel7_workstation:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhel7_workstation:obj:1</abbr></strong> of type
                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>redhat-release-workstation</td></tr></tbody></table><h4><span class="label label-primary">redhat-release-workstation is version 7</span>Â 
        <span class="label label-default">oval:ssg-test_rhel7_workstation:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhel7_workstation:obj:1</abbr></strong> of type
                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>redhat-release-workstation</td></tr></tbody></table><h4><span class="label label-primary">redhat-release-server is version 7</span>Â 
        <span class="label label-default">oval:ssg-test_rhel7_server:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhel7_server:obj:1</abbr></strong> of type
                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>redhat-release-server</td></tr></tbody></table><h4><span class="label label-primary">redhat-release-server is version 7</span>Â 
        <span class="label label-default">oval:ssg-test_rhel7_server:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhel7_server:obj:1</abbr></strong> of type
                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>redhat-release-server</td></tr></tbody></table><h4><span class="label label-primary">redhat-release-computenode is version 7</span>Â 
        <span class="label label-default">oval:ssg-test_rhel7_computenode:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhel7_computenode:obj:1</abbr></strong> of type
                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>redhat-release-computenode</td></tr></tbody></table><h4><span class="label label-primary">redhat-release-computenode is version 7</span>Â 
        <span class="label label-default">oval:ssg-test_rhel7_computenode:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhel7_computenode:obj:1</abbr></strong> of type
                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>redhat-release-computenode</td></tr></tbody></table><h4><span class="label label-primary">redhat-release-virtualization-host RPM package is installed</span>Â 
        <span class="label label-default">oval:ssg-test_rhvh4_version:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhvh4_version:obj:1</abbr></strong> of type
                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>redhat-release-virtualization-host</td></tr></tbody></table><h4><span class="label label-primary">redhat-release-virtualization-host RPM package is installed</span>Â 
        <span class="label label-default">oval:ssg-test_rhvh4_version:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhvh4_version:obj:1</abbr></strong> of type
                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>redhat-release-virtualization-host</td></tr></tbody></table><h4><span class="label label-primary">RHEVH base RHEL is version 7</span>Â 
        <span class="label label-default">oval:ssg-test_rhevh_rhel7_version:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhevh_rhel7_version:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/redhat-release</td><td>^Red Hat Enterprise Linux release (\d)\.\d+$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">RHEVH base RHEL is version 7</span>Â 
        <span class="label label-default">oval:ssg-test_rhevh_rhel7_version:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhevh_rhel7_version:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/redhat-release</td><td>^Red Hat Enterprise Linux release (\d)\.\d+$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">installed OS part of unix family</span>Â 
        <span class="label label-default">oval:ssg-test_rhel8_unix_family:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">installed OS part of unix family</span>Â 
        <span class="label label-default">oval:ssg-test_rhel8_unix_family:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhel8_unix_family:obj:1</abbr></strong> of type
                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">redhat-release is version 8</span>Â 
        <span class="label label-default">oval:ssg-test_rhel8:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhel8:obj:1</abbr></strong> of type
                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>redhat-release</td></tr></tbody></table><h4><span class="label label-primary">redhat-release is version 8</span>Â 
        <span class="label label-default">oval:ssg-test_rhel8:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhel8:obj:1</abbr></strong> of type
                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>redhat-release</td></tr></tbody></table><h4><span class="label label-primary">redhat-release-virtualization-host RPM package is installed</span>Â 
        <span class="label label-default">oval:ssg-test_rhvh4_version:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhvh4_version:obj:1</abbr></strong> of type
                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>redhat-release-virtualization-host</td></tr></tbody></table><h4><span class="label label-primary">redhat-release-virtualization-host RPM package is installed</span>Â 
        <span class="label label-default">oval:ssg-test_rhvh4_version:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhvh4_version:obj:1</abbr></strong> of type
                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>redhat-release-virtualization-host</td></tr></tbody></table><h4><span class="label label-primary">RHEVH base RHEL is version 8</span>Â 
        <span class="label label-default">oval:ssg-test_rhevh_rhel8_version:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhevh_rhel8_version:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/redhat-release</td><td>^Red Hat Enterprise Linux release (\d)\.\d+$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">RHEVH base RHEL is version 8</span>Â 
        <span class="label label-default">oval:ssg-test_rhevh_rhel8_version:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhevh_rhel8_version:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/redhat-release</td><td>^Red Hat Enterprise Linux release (\d)\.\d+$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">installed OS part of unix family</span>Â 
        <span class="label label-default">oval:ssg-test_rhel8_unix_family:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">installed OS part of unix family</span>Â 
        <span class="label label-default">oval:ssg-test_rhel8_unix_family:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhel8_unix_family:obj:1</abbr></strong> of type
                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">redhat-release is version 8</span>Â 
        <span class="label label-default">oval:ssg-test_rhel8:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhel8:obj:1</abbr></strong> of type
                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>redhat-release</td></tr></tbody></table><h4><span class="label label-primary">redhat-release is version 8</span>Â 
        <span class="label label-default">oval:ssg-test_rhel8:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhel8:obj:1</abbr></strong> of type
                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>redhat-release</td></tr></tbody></table><h4><span class="label label-primary">redhat-release-virtualization-host RPM package is installed</span>Â 
        <span class="label label-default">oval:ssg-test_rhvh4_version:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhvh4_version:obj:1</abbr></strong> of type
                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>redhat-release-virtualization-host</td></tr></tbody></table><h4><span class="label label-primary">redhat-release-virtualization-host RPM package is installed</span>Â 
        <span class="label label-default">oval:ssg-test_rhvh4_version:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhvh4_version:obj:1</abbr></strong> of type
                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>redhat-release-virtualization-host</td></tr></tbody></table><h4><span class="label label-primary">RHEVH base RHEL is version 8</span>Â 
        <span class="label label-default">oval:ssg-test_rhevh_rhel8_version:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhevh_rhel8_version:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/redhat-release</td><td>^Red Hat Enterprise Linux release (\d)\.\d+$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">RHEVH base RHEL is version 8</span>Â 
        <span class="label label-default">oval:ssg-test_rhevh_rhel8_version:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhevh_rhel8_version:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/redhat-release</td><td>^Red Hat Enterprise Linux release (\d)\.\d+$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">os-release is rhcos</span>Â 
        <span class="label label-default">oval:ssg-test_rhcos:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/os-release</td><td>ID="sles"</td></tr></tbody></table><h4><span class="label label-primary">os-release is rhcos</span>Â 
        <span class="label label-default">oval:ssg-test_rhcos:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhcos:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/os-release</td><td>^ID="(\w+)"$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">rhcoreos is version 4</span>Â 
        <span class="label label-default">oval:ssg-test_rhcos4:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhcos4:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/os-release</td><td>^VERSION_ID="(\d)\.\d+"$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">rhcoreos is version 4</span>Â 
        <span class="label label-default">oval:ssg-test_rhcos4:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhcos4:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/os-release</td><td>^VERSION_ID="(\d)\.\d+"$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">os-release is rhcos</span>Â 
        <span class="label label-default">oval:ssg-test_rhcos:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/os-release</td><td>ID="sles"</td></tr></tbody></table><h4><span class="label label-primary">os-release is rhcos</span>Â 
        <span class="label label-default">oval:ssg-test_rhcos:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhcos:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/os-release</td><td>^ID="(\w+)"$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">rhcoreos is version 4</span>Â 
        <span class="label label-default">oval:ssg-test_rhcos4:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhcos4:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/os-release</td><td>^VERSION_ID="(\d)\.\d+"$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">rhcoreos is version 4</span>Â 
        <span class="label label-default">oval:ssg-test_rhcos4:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhcos4:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/os-release</td><td>^VERSION_ID="(\d)\.\d+"$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_unix_family:obj:1</abbr></strong> of type
                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_unix_family:obj:1</abbr></strong> of type
                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">oraclelinux-release is version 7</span>Â 
        <span class="label label-default">oval:ssg-test_ol7_system:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_ol7_system:obj:1</abbr></strong> of type
                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>oraclelinux-release</td></tr></tbody></table><h4><span class="label label-primary">oraclelinux-release is version 7</span>Â 
        <span class="label label-default">oval:ssg-test_ol7_system:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_ol7_system:obj:1</abbr></strong> of type
                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>oraclelinux-release</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_unix_family:obj:1</abbr></strong> of type
                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_unix_family:obj:1</abbr></strong> of type
                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">oraclelinux-release is version 7</span>Â 
        <span class="label label-default">oval:ssg-test_ol7_system:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_ol7_system:obj:1</abbr></strong> of type
                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>oraclelinux-release</td></tr></tbody></table><h4><span class="label label-primary">oraclelinux-release is version 7</span>Â 
        <span class="label label-default">oval:ssg-test_ol7_system:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_ol7_system:obj:1</abbr></strong> of type
                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>oraclelinux-release</td></tr></tbody></table><h4><span class="label label-primary">installed OS part of unix family</span>Â 
        <span class="label label-default">oval:ssg-test_sle12_unix_family:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">installed OS part of unix family</span>Â 
        <span class="label label-default">oval:ssg-test_sle12_unix_family:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_sle12_unix_family:obj:1</abbr></strong> of type
                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">sled-release is version 6</span>Â 
        <span class="label label-default">oval:ssg-test_sle12_desktop:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_sle12_desktop:obj:1</abbr></strong> of type
                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>sled-release</td></tr></tbody></table><h4><span class="label label-primary">sled-release is version 6</span>Â 
        <span class="label label-default">oval:ssg-test_sle12_desktop:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_sle12_desktop:obj:1</abbr></strong> of type
                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>sled-release</td></tr></tbody></table><h4><span class="label label-primary">sles-release is version 6</span>Â 
        <span class="label label-default">oval:ssg-test_sle12_server:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th><th>Arch</th><th>Epoch</th><th>Release</th><th>Version</th><th>Evr</th><th>Signature keyid</th><th>Extended name</th></tr></thead><tbody><tr><td>sles-release</td><td>x86_64</td><td>(none)</td><td>150500.43.4</td><td>15.5</td><td>0:15.5-150500.43.4</td><td>70af9e8139db7c82</td><td>sles-release-0:15.5-150500.43.4.x86_64</td></tr></tbody></table><h4><span class="label label-primary">sles-release is version 6</span>Â 
        <span class="label label-default">oval:ssg-test_sle12_server:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_sle12_server:obj:1</abbr></strong> of type
                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>sles-release</td></tr></tbody></table><h4><span class="label label-primary">SLES_SAP-release is version 12</span>Â 
        <span class="label label-default">oval:ssg-test_sles_12_for_sap:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_sles_12_for_sap:obj:1</abbr></strong> of type
                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>SLES_SAP-release</td></tr></tbody></table><h4><span class="label label-primary">SLES_SAP-release is version 12</span>Â 
        <span class="label label-default">oval:ssg-test_sles_12_for_sap:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_sles_12_for_sap:obj:1</abbr></strong> of type
                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>SLES_SAP-release</td></tr></tbody></table><h4><span class="label label-primary">installed OS part of unix family</span>Â 
        <span class="label label-default">oval:ssg-test_sle12_unix_family:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">installed OS part of unix family</span>Â 
        <span class="label label-default">oval:ssg-test_sle12_unix_family:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_sle12_unix_family:obj:1</abbr></strong> of type
                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">sled-release is version 6</span>Â 
        <span class="label label-default">oval:ssg-test_sle12_desktop:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_sle12_desktop:obj:1</abbr></strong> of type
                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>sled-release</td></tr></tbody></table><h4><span class="label label-primary">sled-release is version 6</span>Â 
        <span class="label label-default">oval:ssg-test_sle12_desktop:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_sle12_desktop:obj:1</abbr></strong> of type
                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>sled-release</td></tr></tbody></table><h4><span class="label label-primary">sles-release is version 6</span>Â 
        <span class="label label-default">oval:ssg-test_sle12_server:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th><th>Arch</th><th>Epoch</th><th>Release</th><th>Version</th><th>Evr</th><th>Signature keyid</th><th>Extended name</th></tr></thead><tbody><tr><td>sles-release</td><td>x86_64</td><td>(none)</td><td>150500.43.4</td><td>15.5</td><td>0:15.5-150500.43.4</td><td>70af9e8139db7c82</td><td>sles-release-0:15.5-150500.43.4.x86_64</td></tr></tbody></table><h4><span class="label label-primary">sles-release is version 6</span>Â 
        <span class="label label-default">oval:ssg-test_sle12_server:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_sle12_server:obj:1</abbr></strong> of type
                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>sles-release</td></tr></tbody></table><h4><span class="label label-primary">SLES_SAP-release is version 12</span>Â 
        <span class="label label-default">oval:ssg-test_sles_12_for_sap:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_sles_12_for_sap:obj:1</abbr></strong> of type
                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>SLES_SAP-release</td></tr></tbody></table><h4><span class="label label-primary">SLES_SAP-release is version 12</span>Â 
        <span class="label label-default">oval:ssg-test_sles_12_for_sap:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_sles_12_for_sap:obj:1</abbr></strong> of type
                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>SLES_SAP-release</td></tr></tbody></table><h4><span class="label label-primary">installed OS part of unix family</span>Â 
        <span class="label label-default">oval:ssg-test_sle15_unix_family:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">installed OS part of unix family</span>Â 
        <span class="label label-default">oval:ssg-test_sle15_unix_family:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">sled-release is version 15</span>Â 
        <span class="label label-default">oval:ssg-test_sle15_desktop:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_sle15_desktop:obj:1</abbr></strong> of type
                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>sled-release</td></tr></tbody></table><h4><span class="label label-primary">sled-release is version 15</span>Â 
        <span class="label label-default">oval:ssg-test_sle15_desktop:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_sle15_desktop:obj:1</abbr></strong> of type
                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>sled-release</td></tr></tbody></table><h4><span class="label label-primary">sles-release is version 15</span>Â 
        <span class="label label-default">oval:ssg-test_sle15_server:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th><th>Arch</th><th>Epoch</th><th>Release</th><th>Version</th><th>Evr</th><th>Signature keyid</th><th>Extended name</th></tr></thead><tbody><tr><td>sles-release</td><td>x86_64</td><td>(none)</td><td>150500.43.4</td><td>15.5</td><td>0:15.5-150500.43.4</td><td>70af9e8139db7c82</td><td>sles-release-0:15.5-150500.43.4.x86_64</td></tr></tbody></table><h4><span class="label label-primary">sles-release is version 15</span>Â 
        <span class="label label-default">oval:ssg-test_sle15_server:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th><th>Arch</th><th>Epoch</th><th>Release</th><th>Version</th><th>Evr</th><th>Signature keyid</th><th>Extended name</th></tr></thead><tbody><tr><td>sles-release</td><td>x86_64</td><td>(none)</td><td>150500.43.4</td><td>15.5</td><td>0:15.5-150500.43.4</td><td>70af9e8139db7c82</td><td>sles-release-0:15.5-150500.43.4.x86_64</td></tr></tbody></table><h4><span class="label label-primary">SLES_SAP-release is version 15</span>Â 
        <span class="label label-default">oval:ssg-test_sles_15_for_sap:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_sles_15_for_sap:obj:1</abbr></strong> of type
                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>SLES_SAP-release</td></tr></tbody></table><h4><span class="label label-primary">SLES_SAP-release is version 15</span>Â 
        <span class="label label-default">oval:ssg-test_sles_15_for_sap:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_sles_15_for_sap:obj:1</abbr></strong> of type
                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>SLES_SAP-release</td></tr></tbody></table><h4><span class="label label-primary">SUMA is version 4</span>Â 
        <span class="label label-default">oval:ssg-test_suma_4:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_suma_4:obj:1</abbr></strong> of type
                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>SUSE-Manager-Server-release</td></tr></tbody></table><h4><span class="label label-primary">SUMA is version 4</span>Â 
        <span class="label label-default">oval:ssg-test_suma_4:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_suma_4:obj:1</abbr></strong> of type
                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>SUSE-Manager-Server-release</td></tr></tbody></table><h4><span class="label label-primary">SLE HPC release is version 15</span>Â 
        <span class="label label-default">oval:ssg-test_sle_hpc:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_sle_hpc:obj:1</abbr></strong> of type
                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>SLE_HPC-release</td></tr></tbody></table><h4><span class="label label-primary">SLE HPC release is version 15</span>Â 
        <span class="label label-default">oval:ssg-test_sle_hpc:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_sle_hpc:obj:1</abbr></strong> of type
                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>SLE_HPC-release</td></tr></tbody></table><h4><span class="label label-primary">installed OS part of unix family</span>Â 
        <span class="label label-default">oval:ssg-test_sle15_unix_family:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">installed OS part of unix family</span>Â 
        <span class="label label-default">oval:ssg-test_sle15_unix_family:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">sled-release is version 15</span>Â 
        <span class="label label-default">oval:ssg-test_sle15_desktop:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_sle15_desktop:obj:1</abbr></strong> of type
                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>sled-release</td></tr></tbody></table><h4><span class="label label-primary">sled-release is version 15</span>Â 
        <span class="label label-default">oval:ssg-test_sle15_desktop:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_sle15_desktop:obj:1</abbr></strong> of type
                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>sled-release</td></tr></tbody></table><h4><span class="label label-primary">sles-release is version 15</span>Â 
        <span class="label label-default">oval:ssg-test_sle15_server:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th><th>Arch</th><th>Epoch</th><th>Release</th><th>Version</th><th>Evr</th><th>Signature keyid</th><th>Extended name</th></tr></thead><tbody><tr><td>sles-release</td><td>x86_64</td><td>(none)</td><td>150500.43.4</td><td>15.5</td><td>0:15.5-150500.43.4</td><td>70af9e8139db7c82</td><td>sles-release-0:15.5-150500.43.4.x86_64</td></tr></tbody></table><h4><span class="label label-primary">sles-release is version 15</span>Â 
        <span class="label label-default">oval:ssg-test_sle15_server:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th><th>Arch</th><th>Epoch</th><th>Release</th><th>Version</th><th>Evr</th><th>Signature keyid</th><th>Extended name</th></tr></thead><tbody><tr><td>sles-release</td><td>x86_64</td><td>(none)</td><td>150500.43.4</td><td>15.5</td><td>0:15.5-150500.43.4</td><td>70af9e8139db7c82</td><td>sles-release-0:15.5-150500.43.4.x86_64</td></tr></tbody></table><h4><span class="label label-primary">SLES_SAP-release is version 15</span>Â 
        <span class="label label-default">oval:ssg-test_sles_15_for_sap:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_sles_15_for_sap:obj:1</abbr></strong> of type
                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>SLES_SAP-release</td></tr></tbody></table><h4><span class="label label-primary">SLES_SAP-release is version 15</span>Â 
        <span class="label label-default">oval:ssg-test_sles_15_for_sap:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_sles_15_for_sap:obj:1</abbr></strong> of type
                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>SLES_SAP-release</td></tr></tbody></table><h4><span class="label label-primary">SUMA is version 4</span>Â 
        <span class="label label-default">oval:ssg-test_suma_4:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_suma_4:obj:1</abbr></strong> of type
                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>SUSE-Manager-Server-release</td></tr></tbody></table><h4><span class="label label-primary">SUMA is version 4</span>Â 
        <span class="label label-default">oval:ssg-test_suma_4:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_suma_4:obj:1</abbr></strong> of type
                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>SUSE-Manager-Server-release</td></tr></tbody></table><h4><span class="label label-primary">SLE HPC release is version 15</span>Â 
        <span class="label label-default">oval:ssg-test_sle_hpc:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_sle_hpc:obj:1</abbr></strong> of type
                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>SLE_HPC-release</td></tr></tbody></table><h4><span class="label label-primary">SLE HPC release is version 15</span>Â 
        <span class="label label-default">oval:ssg-test_sle_hpc:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_sle_hpc:obj:1</abbr></strong> of type
                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>SLE_HPC-release</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_unix_family:obj:1</abbr></strong> of type
                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_unix_family:obj:1</abbr></strong> of type
                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">/etc/lsb-release exists</span>Â 
        <span class="label label-default">oval:ssg-test_lsb:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="check /etc/lsb-release file">oval:ssg-obj_lsb:obj:1</abbr></strong> of type
                <strong>file_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th></tr></thead><tbody><tr><td>/etc/lsb-release</td></tr></tbody></table><h4><span class="label label-primary">/etc/lsb-release exists</span>Â 
        <span class="label label-default">oval:ssg-test_lsb:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="check /etc/lsb-release file">oval:ssg-obj_lsb:obj:1</abbr></strong> of type
                <strong>file_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th></tr></thead><tbody><tr><td>/etc/lsb-release</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu</span>Â 
        <span class="label label-default">oval:ssg-test_ubuntu:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu">oval:ssg-obj_ubuntu:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_ID=Ubuntu$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu</span>Â 
        <span class="label label-default">oval:ssg-test_ubuntu:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu">oval:ssg-obj_ubuntu:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_ID=Ubuntu$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_unix_family:obj:1</abbr></strong> of type
                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_unix_family:obj:1</abbr></strong> of type
                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">/etc/lsb-release exists</span>Â 
        <span class="label label-default">oval:ssg-test_lsb:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="check /etc/lsb-release file">oval:ssg-obj_lsb:obj:1</abbr></strong> of type
                <strong>file_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th></tr></thead><tbody><tr><td>/etc/lsb-release</td></tr></tbody></table><h4><span class="label label-primary">/etc/lsb-release exists</span>Â 
        <span class="label label-default">oval:ssg-test_lsb:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="check /etc/lsb-release file">oval:ssg-obj_lsb:obj:1</abbr></strong> of type
                <strong>file_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th></tr></thead><tbody><tr><td>/etc/lsb-release</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu</span>Â 
        <span class="label label-default">oval:ssg-test_ubuntu:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu">oval:ssg-obj_ubuntu:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_ID=Ubuntu$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu</span>Â 
        <span class="label label-default">oval:ssg-test_ubuntu:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu">oval:ssg-obj_ubuntu:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_ID=Ubuntu$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu version</span>Â 
        <span class="label label-default">oval:ssg-test_ubuntu_xenial:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu version">oval:ssg-obj_ubuntu_xenial:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_CODENAME=xenial$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu version</span>Â 
        <span class="label label-default">oval:ssg-test_ubuntu_xenial:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu version">oval:ssg-obj_ubuntu_xenial:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_CODENAME=xenial$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_unix_family:obj:1</abbr></strong> of type
                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_unix_family:obj:1</abbr></strong> of type
                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">/etc/lsb-release exists</span>Â 
        <span class="label label-default">oval:ssg-test_lsb:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="check /etc/lsb-release file">oval:ssg-obj_lsb:obj:1</abbr></strong> of type
                <strong>file_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th></tr></thead><tbody><tr><td>/etc/lsb-release</td></tr></tbody></table><h4><span class="label label-primary">/etc/lsb-release exists</span>Â 
        <span class="label label-default">oval:ssg-test_lsb:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="check /etc/lsb-release file">oval:ssg-obj_lsb:obj:1</abbr></strong> of type
                <strong>file_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th></tr></thead><tbody><tr><td>/etc/lsb-release</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu</span>Â 
        <span class="label label-default">oval:ssg-test_ubuntu:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu">oval:ssg-obj_ubuntu:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_ID=Ubuntu$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu</span>Â 
        <span class="label label-default">oval:ssg-test_ubuntu:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu">oval:ssg-obj_ubuntu:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_ID=Ubuntu$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_unix_family:obj:1</abbr></strong> of type
                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_unix_family:obj:1</abbr></strong> of type
                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">/etc/lsb-release exists</span>Â 
        <span class="label label-default">oval:ssg-test_lsb:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="check /etc/lsb-release file">oval:ssg-obj_lsb:obj:1</abbr></strong> of type
                <strong>file_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th></tr></thead><tbody><tr><td>/etc/lsb-release</td></tr></tbody></table><h4><span class="label label-primary">/etc/lsb-release exists</span>Â 
        <span class="label label-default">oval:ssg-test_lsb:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="check /etc/lsb-release file">oval:ssg-obj_lsb:obj:1</abbr></strong> of type
                <strong>file_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th></tr></thead><tbody><tr><td>/etc/lsb-release</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu</span>Â 
        <span class="label label-default">oval:ssg-test_ubuntu:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu">oval:ssg-obj_ubuntu:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_ID=Ubuntu$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu</span>Â 
        <span class="label label-default">oval:ssg-test_ubuntu:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu">oval:ssg-obj_ubuntu:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_ID=Ubuntu$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu version</span>Â 
        <span class="label label-default">oval:ssg-test_ubuntu_xenial:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu version">oval:ssg-obj_ubuntu_xenial:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_CODENAME=xenial$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu version</span>Â 
        <span class="label label-default">oval:ssg-test_ubuntu_xenial:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu version">oval:ssg-obj_ubuntu_xenial:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_CODENAME=xenial$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_unix_family:obj:1</abbr></strong> of type
                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_unix_family:obj:1</abbr></strong> of type
                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">/etc/lsb-release exists</span>Â 
        <span class="label label-default">oval:ssg-test_lsb:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="check /etc/lsb-release file">oval:ssg-obj_lsb:obj:1</abbr></strong> of type
                <strong>file_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th></tr></thead><tbody><tr><td>/etc/lsb-release</td></tr></tbody></table><h4><span class="label label-primary">/etc/lsb-release exists</span>Â 
        <span class="label label-default">oval:ssg-test_lsb:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="check /etc/lsb-release file">oval:ssg-obj_lsb:obj:1</abbr></strong> of type
                <strong>file_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th></tr></thead><tbody><tr><td>/etc/lsb-release</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu</span>Â 
        <span class="label label-default">oval:ssg-test_ubuntu:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu">oval:ssg-obj_ubuntu:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_ID=Ubuntu$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu</span>Â 
        <span class="label label-default">oval:ssg-test_ubuntu:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu">oval:ssg-obj_ubuntu:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_ID=Ubuntu$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_unix_family:obj:1</abbr></strong> of type
                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_unix_family:obj:1</abbr></strong> of type
                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">/etc/lsb-release exists</span>Â 
        <span class="label label-default">oval:ssg-test_lsb:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="check /etc/lsb-release file">oval:ssg-obj_lsb:obj:1</abbr></strong> of type
                <strong>file_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th></tr></thead><tbody><tr><td>/etc/lsb-release</td></tr></tbody></table><h4><span class="label label-primary">/etc/lsb-release exists</span>Â 
        <span class="label label-default">oval:ssg-test_lsb:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="check /etc/lsb-release file">oval:ssg-obj_lsb:obj:1</abbr></strong> of type
                <strong>file_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th></tr></thead><tbody><tr><td>/etc/lsb-release</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu</span>Â 
        <span class="label label-default">oval:ssg-test_ubuntu:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu">oval:ssg-obj_ubuntu:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_ID=Ubuntu$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu</span>Â 
        <span class="label label-default">oval:ssg-test_ubuntu:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu">oval:ssg-obj_ubuntu:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_ID=Ubuntu$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu version</span>Â 
        <span class="label label-default">oval:ssg-test_ubuntu_bionic:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu version">oval:ssg-obj_ubuntu_bionic:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_CODENAME=bionic$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu version</span>Â 
        <span class="label label-default">oval:ssg-test_ubuntu_bionic:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu version">oval:ssg-obj_ubuntu_bionic:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_CODENAME=bionic$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_unix_family:obj:1</abbr></strong> of type
                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_unix_family:obj:1</abbr></strong> of type
                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">/etc/lsb-release exists</span>Â 
        <span class="label label-default">oval:ssg-test_lsb:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="check /etc/lsb-release file">oval:ssg-obj_lsb:obj:1</abbr></strong> of type
                <strong>file_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th></tr></thead><tbody><tr><td>/etc/lsb-release</td></tr></tbody></table><h4><span class="label label-primary">/etc/lsb-release exists</span>Â 
        <span class="label label-default">oval:ssg-test_lsb:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="check /etc/lsb-release file">oval:ssg-obj_lsb:obj:1</abbr></strong> of type
                <strong>file_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th></tr></thead><tbody><tr><td>/etc/lsb-release</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu</span>Â 
        <span class="label label-default">oval:ssg-test_ubuntu:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu">oval:ssg-obj_ubuntu:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_ID=Ubuntu$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu</span>Â 
        <span class="label label-default">oval:ssg-test_ubuntu:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu">oval:ssg-obj_ubuntu:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_ID=Ubuntu$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_unix_family:obj:1</abbr></strong> of type
                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_unix_family:obj:1</abbr></strong> of type
                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">/etc/lsb-release exists</span>Â 
        <span class="label label-default">oval:ssg-test_lsb:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="check /etc/lsb-release file">oval:ssg-obj_lsb:obj:1</abbr></strong> of type
                <strong>file_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th></tr></thead><tbody><tr><td>/etc/lsb-release</td></tr></tbody></table><h4><span class="label label-primary">/etc/lsb-release exists</span>Â 
        <span class="label label-default">oval:ssg-test_lsb:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="check /etc/lsb-release file">oval:ssg-obj_lsb:obj:1</abbr></strong> of type
                <strong>file_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th></tr></thead><tbody><tr><td>/etc/lsb-release</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu</span>Â 
        <span class="label label-default">oval:ssg-test_ubuntu:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu">oval:ssg-obj_ubuntu:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_ID=Ubuntu$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu</span>Â 
        <span class="label label-default">oval:ssg-test_ubuntu:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu">oval:ssg-obj_ubuntu:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_ID=Ubuntu$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu version</span>Â 
        <span class="label label-default">oval:ssg-test_ubuntu_bionic:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu version">oval:ssg-obj_ubuntu_bionic:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_CODENAME=bionic$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu version</span>Â 
        <span class="label label-default">oval:ssg-test_ubuntu_bionic:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu version">oval:ssg-obj_ubuntu_bionic:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_CODENAME=bionic$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_unix_family:obj:1</abbr></strong> of type
                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_unix_family:obj:1</abbr></strong> of type
                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">/etc/lsb-release exists</span>Â 
        <span class="label label-default">oval:ssg-test_lsb:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="check /etc/lsb-release file">oval:ssg-obj_lsb:obj:1</abbr></strong> of type
                <strong>file_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th></tr></thead><tbody><tr><td>/etc/lsb-release</td></tr></tbody></table><h4><span class="label label-primary">/etc/lsb-release exists</span>Â 
        <span class="label label-default">oval:ssg-test_lsb:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="check /etc/lsb-release file">oval:ssg-obj_lsb:obj:1</abbr></strong> of type
                <strong>file_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th></tr></thead><tbody><tr><td>/etc/lsb-release</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu</span>Â 
        <span class="label label-default">oval:ssg-test_ubuntu:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu">oval:ssg-obj_ubuntu:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_ID=Ubuntu$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu</span>Â 
        <span class="label label-default">oval:ssg-test_ubuntu:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu">oval:ssg-obj_ubuntu:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_ID=Ubuntu$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_unix_family:obj:1</abbr></strong> of type
                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_unix_family:obj:1</abbr></strong> of type
                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">/etc/lsb-release exists</span>Â 
        <span class="label label-default">oval:ssg-test_lsb:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="check /etc/lsb-release file">oval:ssg-obj_lsb:obj:1</abbr></strong> of type
                <strong>file_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th></tr></thead><tbody><tr><td>/etc/lsb-release</td></tr></tbody></table><h4><span class="label label-primary">/etc/lsb-release exists</span>Â 
        <span class="label label-default">oval:ssg-test_lsb:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="check /etc/lsb-release file">oval:ssg-obj_lsb:obj:1</abbr></strong> of type
                <strong>file_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th></tr></thead><tbody><tr><td>/etc/lsb-release</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu</span>Â 
        <span class="label label-default">oval:ssg-test_ubuntu:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu">oval:ssg-obj_ubuntu:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_ID=Ubuntu$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu</span>Â 
        <span class="label label-default">oval:ssg-test_ubuntu:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu">oval:ssg-obj_ubuntu:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_ID=Ubuntu$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu version</span>Â 
        <span class="label label-default">oval:ssg-test_ubuntu_focal:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu version">oval:ssg-obj_ubuntu_focal:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_CODENAME=focal$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu version</span>Â 
        <span class="label label-default">oval:ssg-test_ubuntu_focal:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu version">oval:ssg-obj_ubuntu_focal:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_CODENAME=focal$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_unix_family:obj:1</abbr></strong> of type
                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_unix_family:obj:1</abbr></strong> of type
                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">/etc/lsb-release exists</span>Â 
        <span class="label label-default">oval:ssg-test_lsb:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="check /etc/lsb-release file">oval:ssg-obj_lsb:obj:1</abbr></strong> of type
                <strong>file_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th></tr></thead><tbody><tr><td>/etc/lsb-release</td></tr></tbody></table><h4><span class="label label-primary">/etc/lsb-release exists</span>Â 
        <span class="label label-default">oval:ssg-test_lsb:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="check /etc/lsb-release file">oval:ssg-obj_lsb:obj:1</abbr></strong> of type
                <strong>file_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th></tr></thead><tbody><tr><td>/etc/lsb-release</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu</span>Â 
        <span class="label label-default">oval:ssg-test_ubuntu:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu">oval:ssg-obj_ubuntu:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_ID=Ubuntu$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu</span>Â 
        <span class="label label-default">oval:ssg-test_ubuntu:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu">oval:ssg-obj_ubuntu:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_ID=Ubuntu$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_unix_family:obj:1</abbr></strong> of type
                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_unix_family:obj:1</abbr></strong> of type
                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">/etc/lsb-release exists</span>Â 
        <span class="label label-default">oval:ssg-test_lsb:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="check /etc/lsb-release file">oval:ssg-obj_lsb:obj:1</abbr></strong> of type
                <strong>file_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th></tr></thead><tbody><tr><td>/etc/lsb-release</td></tr></tbody></table><h4><span class="label label-primary">/etc/lsb-release exists</span>Â 
        <span class="label label-default">oval:ssg-test_lsb:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="check /etc/lsb-release file">oval:ssg-obj_lsb:obj:1</abbr></strong> of type
                <strong>file_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th></tr></thead><tbody><tr><td>/etc/lsb-release</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu</span>Â 
        <span class="label label-default">oval:ssg-test_ubuntu:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu">oval:ssg-obj_ubuntu:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_ID=Ubuntu$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu</span>Â 
        <span class="label label-default">oval:ssg-test_ubuntu:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu">oval:ssg-obj_ubuntu:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_ID=Ubuntu$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu version</span>Â 
        <span class="label label-default">oval:ssg-test_ubuntu_focal:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu version">oval:ssg-obj_ubuntu_focal:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_CODENAME=focal$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu version</span>Â 
        <span class="label label-default">oval:ssg-test_ubuntu_focal:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu version">oval:ssg-obj_ubuntu_focal:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_CODENAME=focal$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Verify if Profile set Value sshd_required as not required</span>Â 
        <span class="label label-default">oval:ssg-test_sshd_not_required:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Var ref</th><th>Value</th></tr></thead><tbody><tr><td>oval:ssg-sshd_required:var:1</td><td>0</td></tr></tbody></table><h4><span class="label label-primary">Verify if Value of sshd_required is the default</span>Â 
        <span class="label label-default">oval:ssg-test_sshd_requirement_unset:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Var ref</th><th>Value</th></tr></thead><tbody><tr><td>oval:ssg-sshd_required:var:1</td><td>0</td></tr></tbody></table><h4><span class="label label-primary">package openssh-server is removed</span>Â 
        <span class="label label-default">oval:ssg-test_package_openssh-server_removed:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th><th>Arch</th><th>Epoch</th><th>Release</th><th>Version</th><th>Evr</th><th>Signature keyid</th><th>Extended name</th></tr></thead><tbody><tr><td>openssh-server</td><td>x86_64</td><td>(none)</td><td>150300.3.22.1</td><td>8.4p1</td><td>0:8.4p1-150300.3.22.1</td><td>70af9e8139db7c82</td><td>openssh-server-0:8.4p1-150300.3.22.1.x86_64</td></tr></tbody></table><h4><span class="label label-primary">Verify if Profile set Value sshd_required as required</span>Â 
        <span class="label label-default">oval:ssg-test_sshd_required:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Var ref</th><th>Value</th></tr></thead><tbody><tr><td>oval:ssg-sshd_required:var:1</td><td>0</td></tr></tbody></table><h4><span class="label label-primary">Verify if Value of sshd_required is the default</span>Â 
        <span class="label label-default">oval:ssg-test_sshd_requirement_unset:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Var ref</th><th>Value</th></tr></thead><tbody><tr><td>oval:ssg-sshd_required:var:1</td><td>0</td></tr></tbody></table><h4><span class="label label-primary">package openssh-server is installed</span>Â 
        <span class="label label-default">oval:ssg-test_package_openssh-server_installed:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th><th>Arch</th><th>Epoch</th><th>Release</th><th>Version</th><th>Evr</th><th>Signature keyid</th><th>Extended name</th></tr></thead><tbody><tr><td>openssh-server</td><td>x86_64</td><td>(none)</td><td>150300.3.22.1</td><td>8.4p1</td><td>0:8.4p1-150300.3.22.1</td><td>70af9e8139db7c82</td><td>openssh-server-0:8.4p1-150300.3.22.1.x86_64</td></tr></tbody></table><h4><span class="label label-primary">tests the value of Ciphers setting in the /etc/ssh/sshd_config file</span>Â 
        <span class="label label-default">oval:ssg-test_sshd_use_approved_ciphers_ordered_stig:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/ssh/sshd_config</td><td>Ciphers aes256-ctr,aes192-ctr,aes128-ctr
# Per CCE-91338-4: Set MACs hmac-sha2-512,hmac-sha2-256,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com in /etc/ssh/sshd_config</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_sshd_use_approved_macs" id="rule-detail-id34450"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Use Only FIPS 140-2 Validated MACsxccdf_org.ssgproject.content_rule_sshd_use_approved_macs mediumCCE-91338-4 </div><div class="panel-heading"><h3 class="panel-title">Use Only FIPS 140-2 Validated MACs</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_sshd_use_approved_macs</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-sshd_use_approved_macs:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:07+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
            <abbr title="https://ncp.nist.gov/cce: CCE-91338-4">CCE-91338-4</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.isaca.org/resources/cobit">APO01.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.03</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.13</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.13.11</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.13.8</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000068</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000803</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000877</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001453</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-003123</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(b)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(b)(2)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)(2)(ii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.314(b)(2)(i)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.10.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.6.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.9.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.5</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-17(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-17(2)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">SC-13</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">MA-4(6)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">SC-12(2)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">SC-12(3)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.DS-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">2.2.7</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000125-GPOS-00065</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000250-GPOS-00093</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000394-GPOS-00174</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">SLES-15-010270</a>, <a href="https://www.cisecurity.org/benchmark/suse_linux/">5.2.14</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-234826r744126_rule</a></p></td></tr><tr><td>Description</td><td><div class="description">Limit the MACs to those hash algorithms which are FIPS-approved.
The following line in <code>/etc/ssh/sshd_config</code>
demonstrates use of FIPS-approved MACs:

<pre>MACs hmac-sha2-512,hmac-sha2-256</pre>

The man page <code>sshd_config(5)</code> contains a list of supported MACs.

The rule is parametrized to use the following MACs: <code><abbr title="from TestResult: xccdf_org.ssgproject.content_value_sshd_approved_macs">hmac-sha2-512,hmac-sha2-256,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com</abbr></code>.</div></td></tr><tr><td>Rationale</td><td><div class="rationale">DoD Information Systems are required to use FIPS-approved cryptographic hash
functions. The only SSHv2 hash algorithms meeting this requirement is SHA2.</div></td></tr><tr><td>Warnings</td><td><div class="panel panel-warning"><div class="panel-heading"><span class="label label-warning">warning</span>Â 
                                The system needs to be rebooted for these changes to take effect.</div></div><div class="panel panel-warning"><div class="panel-heading"><span class="label label-warning">warning</span>Â 
                                System Crypto Modules must be provided by a vendor that undergoes
FIPS-140 certifications.
FIPS-140 is applicable to all Federal agencies that use
cryptographic-based security systems to protect sensitive information
in computer and telecommunication systems (including voice systems) as
defined in Section 5131 of the Information Technology Management Reform
Act of 1996, Public Law 104-106. This standard shall be used in
designing and implementing cryptographic modules that Federal
departments and agencies operate or are operated for them under
contract. See <b><a href="https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.140-2.pdf">https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.140-2.pdf</a></b>
To meet this, the system has to have cryptographic software provided by
a vendor that has undergone this certification. This means providing
documentation, test results, design information, and independent third
party review by an accredited lab. While open source software is
capable of meeting this, it does not meet FIPS-140 unless the vendor
submits to this process.</div></div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">installed OS part of unix family</span>Â 
        <span class="label label-default">oval:ssg-test_rhel7_unix_family:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">installed OS part of unix family</span>Â 
        <span class="label label-default">oval:ssg-test_rhel7_unix_family:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhel7_unix_family:obj:1</abbr></strong> of type
                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">redhat-release-client is version 7</span>Â 
        <span class="label label-default">oval:ssg-test_rhel7_client:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhel7_client:obj:1</abbr></strong> of type
                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>redhat-release-client</td></tr></tbody></table><h4><span class="label label-primary">redhat-release-client is version 7</span>Â 
        <span class="label label-default">oval:ssg-test_rhel7_client:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhel7_client:obj:1</abbr></strong> of type
                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>redhat-release-client</td></tr></tbody></table><h4><span class="label label-primary">redhat-release-workstation is version 7</span>Â 
        <span class="label label-default">oval:ssg-test_rhel7_workstation:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhel7_workstation:obj:1</abbr></strong> of type
                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>redhat-release-workstation</td></tr></tbody></table><h4><span class="label label-primary">redhat-release-workstation is version 7</span>Â 
        <span class="label label-default">oval:ssg-test_rhel7_workstation:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhel7_workstation:obj:1</abbr></strong> of type
                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>redhat-release-workstation</td></tr></tbody></table><h4><span class="label label-primary">redhat-release-server is version 7</span>Â 
        <span class="label label-default">oval:ssg-test_rhel7_server:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhel7_server:obj:1</abbr></strong> of type
                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>redhat-release-server</td></tr></tbody></table><h4><span class="label label-primary">redhat-release-server is version 7</span>Â 
        <span class="label label-default">oval:ssg-test_rhel7_server:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhel7_server:obj:1</abbr></strong> of type
                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>redhat-release-server</td></tr></tbody></table><h4><span class="label label-primary">redhat-release-computenode is version 7</span>Â 
        <span class="label label-default">oval:ssg-test_rhel7_computenode:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhel7_computenode:obj:1</abbr></strong> of type
                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>redhat-release-computenode</td></tr></tbody></table><h4><span class="label label-primary">redhat-release-computenode is version 7</span>Â 
        <span class="label label-default">oval:ssg-test_rhel7_computenode:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhel7_computenode:obj:1</abbr></strong> of type
                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>redhat-release-computenode</td></tr></tbody></table><h4><span class="label label-primary">redhat-release-virtualization-host RPM package is installed</span>Â 
        <span class="label label-default">oval:ssg-test_rhvh4_version:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhvh4_version:obj:1</abbr></strong> of type
                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>redhat-release-virtualization-host</td></tr></tbody></table><h4><span class="label label-primary">redhat-release-virtualization-host RPM package is installed</span>Â 
        <span class="label label-default">oval:ssg-test_rhvh4_version:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhvh4_version:obj:1</abbr></strong> of type
                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>redhat-release-virtualization-host</td></tr></tbody></table><h4><span class="label label-primary">RHEVH base RHEL is version 7</span>Â 
        <span class="label label-default">oval:ssg-test_rhevh_rhel7_version:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhevh_rhel7_version:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/redhat-release</td><td>^Red Hat Enterprise Linux release (\d)\.\d+$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">RHEVH base RHEL is version 7</span>Â 
        <span class="label label-default">oval:ssg-test_rhevh_rhel7_version:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhevh_rhel7_version:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/redhat-release</td><td>^Red Hat Enterprise Linux release (\d)\.\d+$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">installed OS part of unix family</span>Â 
        <span class="label label-default">oval:ssg-test_rhel7_unix_family:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">installed OS part of unix family</span>Â 
        <span class="label label-default">oval:ssg-test_rhel7_unix_family:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhel7_unix_family:obj:1</abbr></strong> of type
                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">redhat-release-client is version 7</span>Â 
        <span class="label label-default">oval:ssg-test_rhel7_client:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhel7_client:obj:1</abbr></strong> of type
                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>redhat-release-client</td></tr></tbody></table><h4><span class="label label-primary">redhat-release-client is version 7</span>Â 
        <span class="label label-default">oval:ssg-test_rhel7_client:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhel7_client:obj:1</abbr></strong> of type
                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>redhat-release-client</td></tr></tbody></table><h4><span class="label label-primary">redhat-release-workstation is version 7</span>Â 
        <span class="label label-default">oval:ssg-test_rhel7_workstation:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhel7_workstation:obj:1</abbr></strong> of type
                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>redhat-release-workstation</td></tr></tbody></table><h4><span class="label label-primary">redhat-release-workstation is version 7</span>Â 
        <span class="label label-default">oval:ssg-test_rhel7_workstation:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhel7_workstation:obj:1</abbr></strong> of type
                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>redhat-release-workstation</td></tr></tbody></table><h4><span class="label label-primary">redhat-release-server is version 7</span>Â 
        <span class="label label-default">oval:ssg-test_rhel7_server:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhel7_server:obj:1</abbr></strong> of type
                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>redhat-release-server</td></tr></tbody></table><h4><span class="label label-primary">redhat-release-server is version 7</span>Â 
        <span class="label label-default">oval:ssg-test_rhel7_server:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhel7_server:obj:1</abbr></strong> of type
                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>redhat-release-server</td></tr></tbody></table><h4><span class="label label-primary">redhat-release-computenode is version 7</span>Â 
        <span class="label label-default">oval:ssg-test_rhel7_computenode:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhel7_computenode:obj:1</abbr></strong> of type
                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>redhat-release-computenode</td></tr></tbody></table><h4><span class="label label-primary">redhat-release-computenode is version 7</span>Â 
        <span class="label label-default">oval:ssg-test_rhel7_computenode:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhel7_computenode:obj:1</abbr></strong> of type
                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>redhat-release-computenode</td></tr></tbody></table><h4><span class="label label-primary">redhat-release-virtualization-host RPM package is installed</span>Â 
        <span class="label label-default">oval:ssg-test_rhvh4_version:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhvh4_version:obj:1</abbr></strong> of type
                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>redhat-release-virtualization-host</td></tr></tbody></table><h4><span class="label label-primary">redhat-release-virtualization-host RPM package is installed</span>Â 
        <span class="label label-default">oval:ssg-test_rhvh4_version:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhvh4_version:obj:1</abbr></strong> of type
                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>redhat-release-virtualization-host</td></tr></tbody></table><h4><span class="label label-primary">RHEVH base RHEL is version 7</span>Â 
        <span class="label label-default">oval:ssg-test_rhevh_rhel7_version:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhevh_rhel7_version:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/redhat-release</td><td>^Red Hat Enterprise Linux release (\d)\.\d+$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">RHEVH base RHEL is version 7</span>Â 
        <span class="label label-default">oval:ssg-test_rhevh_rhel7_version:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhevh_rhel7_version:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/redhat-release</td><td>^Red Hat Enterprise Linux release (\d)\.\d+$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">installed OS part of unix family</span>Â 
        <span class="label label-default">oval:ssg-test_rhel8_unix_family:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">installed OS part of unix family</span>Â 
        <span class="label label-default">oval:ssg-test_rhel8_unix_family:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhel8_unix_family:obj:1</abbr></strong> of type
                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">redhat-release is version 8</span>Â 
        <span class="label label-default">oval:ssg-test_rhel8:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhel8:obj:1</abbr></strong> of type
                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>redhat-release</td></tr></tbody></table><h4><span class="label label-primary">redhat-release is version 8</span>Â 
        <span class="label label-default">oval:ssg-test_rhel8:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhel8:obj:1</abbr></strong> of type
                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>redhat-release</td></tr></tbody></table><h4><span class="label label-primary">redhat-release-virtualization-host RPM package is installed</span>Â 
        <span class="label label-default">oval:ssg-test_rhvh4_version:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhvh4_version:obj:1</abbr></strong> of type
                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>redhat-release-virtualization-host</td></tr></tbody></table><h4><span class="label label-primary">redhat-release-virtualization-host RPM package is installed</span>Â 
        <span class="label label-default">oval:ssg-test_rhvh4_version:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhvh4_version:obj:1</abbr></strong> of type
                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>redhat-release-virtualization-host</td></tr></tbody></table><h4><span class="label label-primary">RHEVH base RHEL is version 8</span>Â 
        <span class="label label-default">oval:ssg-test_rhevh_rhel8_version:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhevh_rhel8_version:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/redhat-release</td><td>^Red Hat Enterprise Linux release (\d)\.\d+$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">RHEVH base RHEL is version 8</span>Â 
        <span class="label label-default">oval:ssg-test_rhevh_rhel8_version:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhevh_rhel8_version:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/redhat-release</td><td>^Red Hat Enterprise Linux release (\d)\.\d+$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">installed OS part of unix family</span>Â 
        <span class="label label-default">oval:ssg-test_rhel8_unix_family:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">installed OS part of unix family</span>Â 
        <span class="label label-default">oval:ssg-test_rhel8_unix_family:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhel8_unix_family:obj:1</abbr></strong> of type
                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">redhat-release is version 8</span>Â 
        <span class="label label-default">oval:ssg-test_rhel8:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhel8:obj:1</abbr></strong> of type
                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>redhat-release</td></tr></tbody></table><h4><span class="label label-primary">redhat-release is version 8</span>Â 
        <span class="label label-default">oval:ssg-test_rhel8:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhel8:obj:1</abbr></strong> of type
                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>redhat-release</td></tr></tbody></table><h4><span class="label label-primary">redhat-release-virtualization-host RPM package is installed</span>Â 
        <span class="label label-default">oval:ssg-test_rhvh4_version:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhvh4_version:obj:1</abbr></strong> of type
                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>redhat-release-virtualization-host</td></tr></tbody></table><h4><span class="label label-primary">redhat-release-virtualization-host RPM package is installed</span>Â 
        <span class="label label-default">oval:ssg-test_rhvh4_version:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhvh4_version:obj:1</abbr></strong> of type
                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>redhat-release-virtualization-host</td></tr></tbody></table><h4><span class="label label-primary">RHEVH base RHEL is version 8</span>Â 
        <span class="label label-default">oval:ssg-test_rhevh_rhel8_version:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhevh_rhel8_version:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/redhat-release</td><td>^Red Hat Enterprise Linux release (\d)\.\d+$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">RHEVH base RHEL is version 8</span>Â 
        <span class="label label-default">oval:ssg-test_rhevh_rhel8_version:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhevh_rhel8_version:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/redhat-release</td><td>^Red Hat Enterprise Linux release (\d)\.\d+$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">os-release is rhcos</span>Â 
        <span class="label label-default">oval:ssg-test_rhcos:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/os-release</td><td>ID="sles"</td></tr></tbody></table><h4><span class="label label-primary">os-release is rhcos</span>Â 
        <span class="label label-default">oval:ssg-test_rhcos:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhcos:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/os-release</td><td>^ID="(\w+)"$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">rhcoreos is version 4</span>Â 
        <span class="label label-default">oval:ssg-test_rhcos4:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhcos4:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/os-release</td><td>^VERSION_ID="(\d)\.\d+"$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">rhcoreos is version 4</span>Â 
        <span class="label label-default">oval:ssg-test_rhcos4:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhcos4:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/os-release</td><td>^VERSION_ID="(\d)\.\d+"$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">os-release is rhcos</span>Â 
        <span class="label label-default">oval:ssg-test_rhcos:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/os-release</td><td>ID="sles"</td></tr></tbody></table><h4><span class="label label-primary">os-release is rhcos</span>Â 
        <span class="label label-default">oval:ssg-test_rhcos:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhcos:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/os-release</td><td>^ID="(\w+)"$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">rhcoreos is version 4</span>Â 
        <span class="label label-default">oval:ssg-test_rhcos4:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhcos4:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/os-release</td><td>^VERSION_ID="(\d)\.\d+"$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">rhcoreos is version 4</span>Â 
        <span class="label label-default">oval:ssg-test_rhcos4:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhcos4:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/os-release</td><td>^VERSION_ID="(\d)\.\d+"$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_unix_family:obj:1</abbr></strong> of type
                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_unix_family:obj:1</abbr></strong> of type
                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">oraclelinux-release is version 7</span>Â 
        <span class="label label-default">oval:ssg-test_ol7_system:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_ol7_system:obj:1</abbr></strong> of type
                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>oraclelinux-release</td></tr></tbody></table><h4><span class="label label-primary">oraclelinux-release is version 7</span>Â 
        <span class="label label-default">oval:ssg-test_ol7_system:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_ol7_system:obj:1</abbr></strong> of type
                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>oraclelinux-release</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_unix_family:obj:1</abbr></strong> of type
                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_unix_family:obj:1</abbr></strong> of type
                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">oraclelinux-release is version 7</span>Â 
        <span class="label label-default">oval:ssg-test_ol7_system:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_ol7_system:obj:1</abbr></strong> of type
                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>oraclelinux-release</td></tr></tbody></table><h4><span class="label label-primary">oraclelinux-release is version 7</span>Â 
        <span class="label label-default">oval:ssg-test_ol7_system:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_ol7_system:obj:1</abbr></strong> of type
                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>oraclelinux-release</td></tr></tbody></table><h4><span class="label label-primary">installed OS part of unix family</span>Â 
        <span class="label label-default">oval:ssg-test_sle12_unix_family:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">installed OS part of unix family</span>Â 
        <span class="label label-default">oval:ssg-test_sle12_unix_family:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_sle12_unix_family:obj:1</abbr></strong> of type
                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">sled-release is version 6</span>Â 
        <span class="label label-default">oval:ssg-test_sle12_desktop:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_sle12_desktop:obj:1</abbr></strong> of type
                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>sled-release</td></tr></tbody></table><h4><span class="label label-primary">sled-release is version 6</span>Â 
        <span class="label label-default">oval:ssg-test_sle12_desktop:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_sle12_desktop:obj:1</abbr></strong> of type
                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>sled-release</td></tr></tbody></table><h4><span class="label label-primary">sles-release is version 6</span>Â 
        <span class="label label-default">oval:ssg-test_sle12_server:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th><th>Arch</th><th>Epoch</th><th>Release</th><th>Version</th><th>Evr</th><th>Signature keyid</th><th>Extended name</th></tr></thead><tbody><tr><td>sles-release</td><td>x86_64</td><td>(none)</td><td>150500.43.4</td><td>15.5</td><td>0:15.5-150500.43.4</td><td>70af9e8139db7c82</td><td>sles-release-0:15.5-150500.43.4.x86_64</td></tr></tbody></table><h4><span class="label label-primary">sles-release is version 6</span>Â 
        <span class="label label-default">oval:ssg-test_sle12_server:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_sle12_server:obj:1</abbr></strong> of type
                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>sles-release</td></tr></tbody></table><h4><span class="label label-primary">SLES_SAP-release is version 12</span>Â 
        <span class="label label-default">oval:ssg-test_sles_12_for_sap:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_sles_12_for_sap:obj:1</abbr></strong> of type
                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>SLES_SAP-release</td></tr></tbody></table><h4><span class="label label-primary">SLES_SAP-release is version 12</span>Â 
        <span class="label label-default">oval:ssg-test_sles_12_for_sap:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_sles_12_for_sap:obj:1</abbr></strong> of type
                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>SLES_SAP-release</td></tr></tbody></table><h4><span class="label label-primary">installed OS part of unix family</span>Â 
        <span class="label label-default">oval:ssg-test_sle12_unix_family:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">installed OS part of unix family</span>Â 
        <span class="label label-default">oval:ssg-test_sle12_unix_family:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_sle12_unix_family:obj:1</abbr></strong> of type
                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">sled-release is version 6</span>Â 
        <span class="label label-default">oval:ssg-test_sle12_desktop:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_sle12_desktop:obj:1</abbr></strong> of type
                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>sled-release</td></tr></tbody></table><h4><span class="label label-primary">sled-release is version 6</span>Â 
        <span class="label label-default">oval:ssg-test_sle12_desktop:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_sle12_desktop:obj:1</abbr></strong> of type
                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>sled-release</td></tr></tbody></table><h4><span class="label label-primary">sles-release is version 6</span>Â 
        <span class="label label-default">oval:ssg-test_sle12_server:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th><th>Arch</th><th>Epoch</th><th>Release</th><th>Version</th><th>Evr</th><th>Signature keyid</th><th>Extended name</th></tr></thead><tbody><tr><td>sles-release</td><td>x86_64</td><td>(none)</td><td>150500.43.4</td><td>15.5</td><td>0:15.5-150500.43.4</td><td>70af9e8139db7c82</td><td>sles-release-0:15.5-150500.43.4.x86_64</td></tr></tbody></table><h4><span class="label label-primary">sles-release is version 6</span>Â 
        <span class="label label-default">oval:ssg-test_sle12_server:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_sle12_server:obj:1</abbr></strong> of type
                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>sles-release</td></tr></tbody></table><h4><span class="label label-primary">SLES_SAP-release is version 12</span>Â 
        <span class="label label-default">oval:ssg-test_sles_12_for_sap:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_sles_12_for_sap:obj:1</abbr></strong> of type
                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>SLES_SAP-release</td></tr></tbody></table><h4><span class="label label-primary">SLES_SAP-release is version 12</span>Â 
        <span class="label label-default">oval:ssg-test_sles_12_for_sap:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_sles_12_for_sap:obj:1</abbr></strong> of type
                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>SLES_SAP-release</td></tr></tbody></table><h4><span class="label label-primary">installed OS part of unix family</span>Â 
        <span class="label label-default">oval:ssg-test_sle15_unix_family:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">installed OS part of unix family</span>Â 
        <span class="label label-default">oval:ssg-test_sle15_unix_family:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">sled-release is version 15</span>Â 
        <span class="label label-default">oval:ssg-test_sle15_desktop:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_sle15_desktop:obj:1</abbr></strong> of type
                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>sled-release</td></tr></tbody></table><h4><span class="label label-primary">sled-release is version 15</span>Â 
        <span class="label label-default">oval:ssg-test_sle15_desktop:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_sle15_desktop:obj:1</abbr></strong> of type
                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>sled-release</td></tr></tbody></table><h4><span class="label label-primary">sles-release is version 15</span>Â 
        <span class="label label-default">oval:ssg-test_sle15_server:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th><th>Arch</th><th>Epoch</th><th>Release</th><th>Version</th><th>Evr</th><th>Signature keyid</th><th>Extended name</th></tr></thead><tbody><tr><td>sles-release</td><td>x86_64</td><td>(none)</td><td>150500.43.4</td><td>15.5</td><td>0:15.5-150500.43.4</td><td>70af9e8139db7c82</td><td>sles-release-0:15.5-150500.43.4.x86_64</td></tr></tbody></table><h4><span class="label label-primary">sles-release is version 15</span>Â 
        <span class="label label-default">oval:ssg-test_sle15_server:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th><th>Arch</th><th>Epoch</th><th>Release</th><th>Version</th><th>Evr</th><th>Signature keyid</th><th>Extended name</th></tr></thead><tbody><tr><td>sles-release</td><td>x86_64</td><td>(none)</td><td>150500.43.4</td><td>15.5</td><td>0:15.5-150500.43.4</td><td>70af9e8139db7c82</td><td>sles-release-0:15.5-150500.43.4.x86_64</td></tr></tbody></table><h4><span class="label label-primary">SLES_SAP-release is version 15</span>Â 
        <span class="label label-default">oval:ssg-test_sles_15_for_sap:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_sles_15_for_sap:obj:1</abbr></strong> of type
                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>SLES_SAP-release</td></tr></tbody></table><h4><span class="label label-primary">SLES_SAP-release is version 15</span>Â 
        <span class="label label-default">oval:ssg-test_sles_15_for_sap:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_sles_15_for_sap:obj:1</abbr></strong> of type
                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>SLES_SAP-release</td></tr></tbody></table><h4><span class="label label-primary">SUMA is version 4</span>Â 
        <span class="label label-default">oval:ssg-test_suma_4:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_suma_4:obj:1</abbr></strong> of type
                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>SUSE-Manager-Server-release</td></tr></tbody></table><h4><span class="label label-primary">SUMA is version 4</span>Â 
        <span class="label label-default">oval:ssg-test_suma_4:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_suma_4:obj:1</abbr></strong> of type
                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>SUSE-Manager-Server-release</td></tr></tbody></table><h4><span class="label label-primary">SLE HPC release is version 15</span>Â 
        <span class="label label-default">oval:ssg-test_sle_hpc:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_sle_hpc:obj:1</abbr></strong> of type
                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>SLE_HPC-release</td></tr></tbody></table><h4><span class="label label-primary">SLE HPC release is version 15</span>Â 
        <span class="label label-default">oval:ssg-test_sle_hpc:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_sle_hpc:obj:1</abbr></strong> of type
                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>SLE_HPC-release</td></tr></tbody></table><h4><span class="label label-primary">installed OS part of unix family</span>Â 
        <span class="label label-default">oval:ssg-test_sle15_unix_family:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">installed OS part of unix family</span>Â 
        <span class="label label-default">oval:ssg-test_sle15_unix_family:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">sled-release is version 15</span>Â 
        <span class="label label-default">oval:ssg-test_sle15_desktop:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_sle15_desktop:obj:1</abbr></strong> of type
                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>sled-release</td></tr></tbody></table><h4><span class="label label-primary">sled-release is version 15</span>Â 
        <span class="label label-default">oval:ssg-test_sle15_desktop:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_sle15_desktop:obj:1</abbr></strong> of type
                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>sled-release</td></tr></tbody></table><h4><span class="label label-primary">sles-release is version 15</span>Â 
        <span class="label label-default">oval:ssg-test_sle15_server:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th><th>Arch</th><th>Epoch</th><th>Release</th><th>Version</th><th>Evr</th><th>Signature keyid</th><th>Extended name</th></tr></thead><tbody><tr><td>sles-release</td><td>x86_64</td><td>(none)</td><td>150500.43.4</td><td>15.5</td><td>0:15.5-150500.43.4</td><td>70af9e8139db7c82</td><td>sles-release-0:15.5-150500.43.4.x86_64</td></tr></tbody></table><h4><span class="label label-primary">sles-release is version 15</span>Â 
        <span class="label label-default">oval:ssg-test_sle15_server:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th><th>Arch</th><th>Epoch</th><th>Release</th><th>Version</th><th>Evr</th><th>Signature keyid</th><th>Extended name</th></tr></thead><tbody><tr><td>sles-release</td><td>x86_64</td><td>(none)</td><td>150500.43.4</td><td>15.5</td><td>0:15.5-150500.43.4</td><td>70af9e8139db7c82</td><td>sles-release-0:15.5-150500.43.4.x86_64</td></tr></tbody></table><h4><span class="label label-primary">SLES_SAP-release is version 15</span>Â 
        <span class="label label-default">oval:ssg-test_sles_15_for_sap:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_sles_15_for_sap:obj:1</abbr></strong> of type
                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>SLES_SAP-release</td></tr></tbody></table><h4><span class="label label-primary">SLES_SAP-release is version 15</span>Â 
        <span class="label label-default">oval:ssg-test_sles_15_for_sap:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_sles_15_for_sap:obj:1</abbr></strong> of type
                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>SLES_SAP-release</td></tr></tbody></table><h4><span class="label label-primary">SUMA is version 4</span>Â 
        <span class="label label-default">oval:ssg-test_suma_4:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_suma_4:obj:1</abbr></strong> of type
                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>SUSE-Manager-Server-release</td></tr></tbody></table><h4><span class="label label-primary">SUMA is version 4</span>Â 
        <span class="label label-default">oval:ssg-test_suma_4:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_suma_4:obj:1</abbr></strong> of type
                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>SUSE-Manager-Server-release</td></tr></tbody></table><h4><span class="label label-primary">SLE HPC release is version 15</span>Â 
        <span class="label label-default">oval:ssg-test_sle_hpc:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_sle_hpc:obj:1</abbr></strong> of type
                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>SLE_HPC-release</td></tr></tbody></table><h4><span class="label label-primary">SLE HPC release is version 15</span>Â 
        <span class="label label-default">oval:ssg-test_sle_hpc:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_sle_hpc:obj:1</abbr></strong> of type
                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>SLE_HPC-release</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_unix_family:obj:1</abbr></strong> of type
                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_unix_family:obj:1</abbr></strong> of type
                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">/etc/lsb-release exists</span>Â 
        <span class="label label-default">oval:ssg-test_lsb:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="check /etc/lsb-release file">oval:ssg-obj_lsb:obj:1</abbr></strong> of type
                <strong>file_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th></tr></thead><tbody><tr><td>/etc/lsb-release</td></tr></tbody></table><h4><span class="label label-primary">/etc/lsb-release exists</span>Â 
        <span class="label label-default">oval:ssg-test_lsb:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="check /etc/lsb-release file">oval:ssg-obj_lsb:obj:1</abbr></strong> of type
                <strong>file_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th></tr></thead><tbody><tr><td>/etc/lsb-release</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu</span>Â 
        <span class="label label-default">oval:ssg-test_ubuntu:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu">oval:ssg-obj_ubuntu:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_ID=Ubuntu$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu</span>Â 
        <span class="label label-default">oval:ssg-test_ubuntu:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu">oval:ssg-obj_ubuntu:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_ID=Ubuntu$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_unix_family:obj:1</abbr></strong> of type
                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_unix_family:obj:1</abbr></strong> of type
                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">/etc/lsb-release exists</span>Â 
        <span class="label label-default">oval:ssg-test_lsb:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="check /etc/lsb-release file">oval:ssg-obj_lsb:obj:1</abbr></strong> of type
                <strong>file_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th></tr></thead><tbody><tr><td>/etc/lsb-release</td></tr></tbody></table><h4><span class="label label-primary">/etc/lsb-release exists</span>Â 
        <span class="label label-default">oval:ssg-test_lsb:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="check /etc/lsb-release file">oval:ssg-obj_lsb:obj:1</abbr></strong> of type
                <strong>file_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th></tr></thead><tbody><tr><td>/etc/lsb-release</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu</span>Â 
        <span class="label label-default">oval:ssg-test_ubuntu:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu">oval:ssg-obj_ubuntu:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_ID=Ubuntu$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu</span>Â 
        <span class="label label-default">oval:ssg-test_ubuntu:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu">oval:ssg-obj_ubuntu:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_ID=Ubuntu$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu version</span>Â 
        <span class="label label-default">oval:ssg-test_ubuntu_xenial:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu version">oval:ssg-obj_ubuntu_xenial:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_CODENAME=xenial$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu version</span>Â 
        <span class="label label-default">oval:ssg-test_ubuntu_xenial:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu version">oval:ssg-obj_ubuntu_xenial:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_CODENAME=xenial$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_unix_family:obj:1</abbr></strong> of type
                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_unix_family:obj:1</abbr></strong> of type
                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">/etc/lsb-release exists</span>Â 
        <span class="label label-default">oval:ssg-test_lsb:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="check /etc/lsb-release file">oval:ssg-obj_lsb:obj:1</abbr></strong> of type
                <strong>file_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th></tr></thead><tbody><tr><td>/etc/lsb-release</td></tr></tbody></table><h4><span class="label label-primary">/etc/lsb-release exists</span>Â 
        <span class="label label-default">oval:ssg-test_lsb:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="check /etc/lsb-release file">oval:ssg-obj_lsb:obj:1</abbr></strong> of type
                <strong>file_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th></tr></thead><tbody><tr><td>/etc/lsb-release</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu</span>Â 
        <span class="label label-default">oval:ssg-test_ubuntu:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu">oval:ssg-obj_ubuntu:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_ID=Ubuntu$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu</span>Â 
        <span class="label label-default">oval:ssg-test_ubuntu:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu">oval:ssg-obj_ubuntu:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_ID=Ubuntu$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_unix_family:obj:1</abbr></strong> of type
                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_unix_family:obj:1</abbr></strong> of type
                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">/etc/lsb-release exists</span>Â 
        <span class="label label-default">oval:ssg-test_lsb:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="check /etc/lsb-release file">oval:ssg-obj_lsb:obj:1</abbr></strong> of type
                <strong>file_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th></tr></thead><tbody><tr><td>/etc/lsb-release</td></tr></tbody></table><h4><span class="label label-primary">/etc/lsb-release exists</span>Â 
        <span class="label label-default">oval:ssg-test_lsb:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="check /etc/lsb-release file">oval:ssg-obj_lsb:obj:1</abbr></strong> of type
                <strong>file_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th></tr></thead><tbody><tr><td>/etc/lsb-release</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu</span>Â 
        <span class="label label-default">oval:ssg-test_ubuntu:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu">oval:ssg-obj_ubuntu:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_ID=Ubuntu$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu</span>Â 
        <span class="label label-default">oval:ssg-test_ubuntu:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu">oval:ssg-obj_ubuntu:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_ID=Ubuntu$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu version</span>Â 
        <span class="label label-default">oval:ssg-test_ubuntu_xenial:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu version">oval:ssg-obj_ubuntu_xenial:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_CODENAME=xenial$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu version</span>Â 
        <span class="label label-default">oval:ssg-test_ubuntu_xenial:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu version">oval:ssg-obj_ubuntu_xenial:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_CODENAME=xenial$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_unix_family:obj:1</abbr></strong> of type
                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_unix_family:obj:1</abbr></strong> of type
                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">/etc/lsb-release exists</span>Â 
        <span class="label label-default">oval:ssg-test_lsb:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="check /etc/lsb-release file">oval:ssg-obj_lsb:obj:1</abbr></strong> of type
                <strong>file_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th></tr></thead><tbody><tr><td>/etc/lsb-release</td></tr></tbody></table><h4><span class="label label-primary">/etc/lsb-release exists</span>Â 
        <span class="label label-default">oval:ssg-test_lsb:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="check /etc/lsb-release file">oval:ssg-obj_lsb:obj:1</abbr></strong> of type
                <strong>file_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th></tr></thead><tbody><tr><td>/etc/lsb-release</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu</span>Â 
        <span class="label label-default">oval:ssg-test_ubuntu:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu">oval:ssg-obj_ubuntu:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_ID=Ubuntu$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu</span>Â 
        <span class="label label-default">oval:ssg-test_ubuntu:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu">oval:ssg-obj_ubuntu:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_ID=Ubuntu$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_unix_family:obj:1</abbr></strong> of type
                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_unix_family:obj:1</abbr></strong> of type
                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">/etc/lsb-release exists</span>Â 
        <span class="label label-default">oval:ssg-test_lsb:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="check /etc/lsb-release file">oval:ssg-obj_lsb:obj:1</abbr></strong> of type
                <strong>file_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th></tr></thead><tbody><tr><td>/etc/lsb-release</td></tr></tbody></table><h4><span class="label label-primary">/etc/lsb-release exists</span>Â 
        <span class="label label-default">oval:ssg-test_lsb:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="check /etc/lsb-release file">oval:ssg-obj_lsb:obj:1</abbr></strong> of type
                <strong>file_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th></tr></thead><tbody><tr><td>/etc/lsb-release</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu</span>Â 
        <span class="label label-default">oval:ssg-test_ubuntu:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu">oval:ssg-obj_ubuntu:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_ID=Ubuntu$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu</span>Â 
        <span class="label label-default">oval:ssg-test_ubuntu:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu">oval:ssg-obj_ubuntu:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_ID=Ubuntu$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu version</span>Â 
        <span class="label label-default">oval:ssg-test_ubuntu_bionic:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu version">oval:ssg-obj_ubuntu_bionic:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_CODENAME=bionic$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu version</span>Â 
        <span class="label label-default">oval:ssg-test_ubuntu_bionic:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu version">oval:ssg-obj_ubuntu_bionic:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_CODENAME=bionic$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_unix_family:obj:1</abbr></strong> of type
                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_unix_family:obj:1</abbr></strong> of type
                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">/etc/lsb-release exists</span>Â 
        <span class="label label-default">oval:ssg-test_lsb:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="check /etc/lsb-release file">oval:ssg-obj_lsb:obj:1</abbr></strong> of type
                <strong>file_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th></tr></thead><tbody><tr><td>/etc/lsb-release</td></tr></tbody></table><h4><span class="label label-primary">/etc/lsb-release exists</span>Â 
        <span class="label label-default">oval:ssg-test_lsb:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="check /etc/lsb-release file">oval:ssg-obj_lsb:obj:1</abbr></strong> of type
                <strong>file_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th></tr></thead><tbody><tr><td>/etc/lsb-release</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu</span>Â 
        <span class="label label-default">oval:ssg-test_ubuntu:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu">oval:ssg-obj_ubuntu:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_ID=Ubuntu$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu</span>Â 
        <span class="label label-default">oval:ssg-test_ubuntu:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu">oval:ssg-obj_ubuntu:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_ID=Ubuntu$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_unix_family:obj:1</abbr></strong> of type
                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_unix_family:obj:1</abbr></strong> of type
                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">/etc/lsb-release exists</span>Â 
        <span class="label label-default">oval:ssg-test_lsb:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="check /etc/lsb-release file">oval:ssg-obj_lsb:obj:1</abbr></strong> of type
                <strong>file_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th></tr></thead><tbody><tr><td>/etc/lsb-release</td></tr></tbody></table><h4><span class="label label-primary">/etc/lsb-release exists</span>Â 
        <span class="label label-default">oval:ssg-test_lsb:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="check /etc/lsb-release file">oval:ssg-obj_lsb:obj:1</abbr></strong> of type
                <strong>file_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th></tr></thead><tbody><tr><td>/etc/lsb-release</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu</span>Â 
        <span class="label label-default">oval:ssg-test_ubuntu:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu">oval:ssg-obj_ubuntu:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_ID=Ubuntu$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu</span>Â 
        <span class="label label-default">oval:ssg-test_ubuntu:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu">oval:ssg-obj_ubuntu:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_ID=Ubuntu$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu version</span>Â 
        <span class="label label-default">oval:ssg-test_ubuntu_bionic:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu version">oval:ssg-obj_ubuntu_bionic:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_CODENAME=bionic$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu version</span>Â 
        <span class="label label-default">oval:ssg-test_ubuntu_bionic:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu version">oval:ssg-obj_ubuntu_bionic:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_CODENAME=bionic$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_unix_family:obj:1</abbr></strong> of type
                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_unix_family:obj:1</abbr></strong> of type
                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">/etc/lsb-release exists</span>Â 
        <span class="label label-default">oval:ssg-test_lsb:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="check /etc/lsb-release file">oval:ssg-obj_lsb:obj:1</abbr></strong> of type
                <strong>file_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th></tr></thead><tbody><tr><td>/etc/lsb-release</td></tr></tbody></table><h4><span class="label label-primary">/etc/lsb-release exists</span>Â 
        <span class="label label-default">oval:ssg-test_lsb:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="check /etc/lsb-release file">oval:ssg-obj_lsb:obj:1</abbr></strong> of type
                <strong>file_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th></tr></thead><tbody><tr><td>/etc/lsb-release</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu</span>Â 
        <span class="label label-default">oval:ssg-test_ubuntu:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu">oval:ssg-obj_ubuntu:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_ID=Ubuntu$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu</span>Â 
        <span class="label label-default">oval:ssg-test_ubuntu:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu">oval:ssg-obj_ubuntu:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_ID=Ubuntu$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_unix_family:obj:1</abbr></strong> of type
                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_unix_family:obj:1</abbr></strong> of type
                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">/etc/lsb-release exists</span>Â 
        <span class="label label-default">oval:ssg-test_lsb:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="check /etc/lsb-release file">oval:ssg-obj_lsb:obj:1</abbr></strong> of type
                <strong>file_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th></tr></thead><tbody><tr><td>/etc/lsb-release</td></tr></tbody></table><h4><span class="label label-primary">/etc/lsb-release exists</span>Â 
        <span class="label label-default">oval:ssg-test_lsb:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="check /etc/lsb-release file">oval:ssg-obj_lsb:obj:1</abbr></strong> of type
                <strong>file_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th></tr></thead><tbody><tr><td>/etc/lsb-release</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu</span>Â 
        <span class="label label-default">oval:ssg-test_ubuntu:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu">oval:ssg-obj_ubuntu:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_ID=Ubuntu$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu</span>Â 
        <span class="label label-default">oval:ssg-test_ubuntu:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu">oval:ssg-obj_ubuntu:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_ID=Ubuntu$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu version</span>Â 
        <span class="label label-default">oval:ssg-test_ubuntu_focal:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu version">oval:ssg-obj_ubuntu_focal:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_CODENAME=focal$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu version</span>Â 
        <span class="label label-default">oval:ssg-test_ubuntu_focal:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu version">oval:ssg-obj_ubuntu_focal:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_CODENAME=focal$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_unix_family:obj:1</abbr></strong> of type
                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_unix_family:obj:1</abbr></strong> of type
                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">/etc/lsb-release exists</span>Â 
        <span class="label label-default">oval:ssg-test_lsb:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="check /etc/lsb-release file">oval:ssg-obj_lsb:obj:1</abbr></strong> of type
                <strong>file_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th></tr></thead><tbody><tr><td>/etc/lsb-release</td></tr></tbody></table><h4><span class="label label-primary">/etc/lsb-release exists</span>Â 
        <span class="label label-default">oval:ssg-test_lsb:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="check /etc/lsb-release file">oval:ssg-obj_lsb:obj:1</abbr></strong> of type
                <strong>file_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th></tr></thead><tbody><tr><td>/etc/lsb-release</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu</span>Â 
        <span class="label label-default">oval:ssg-test_ubuntu:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu">oval:ssg-obj_ubuntu:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_ID=Ubuntu$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu</span>Â 
        <span class="label label-default">oval:ssg-test_ubuntu:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu">oval:ssg-obj_ubuntu:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_ID=Ubuntu$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_unix_family:obj:1</abbr></strong> of type
                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_unix_family:obj:1</abbr></strong> of type
                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">/etc/lsb-release exists</span>Â 
        <span class="label label-default">oval:ssg-test_lsb:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="check /etc/lsb-release file">oval:ssg-obj_lsb:obj:1</abbr></strong> of type
                <strong>file_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th></tr></thead><tbody><tr><td>/etc/lsb-release</td></tr></tbody></table><h4><span class="label label-primary">/etc/lsb-release exists</span>Â 
        <span class="label label-default">oval:ssg-test_lsb:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="check /etc/lsb-release file">oval:ssg-obj_lsb:obj:1</abbr></strong> of type
                <strong>file_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th></tr></thead><tbody><tr><td>/etc/lsb-release</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu</span>Â 
        <span class="label label-default">oval:ssg-test_ubuntu:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu">oval:ssg-obj_ubuntu:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_ID=Ubuntu$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu</span>Â 
        <span class="label label-default">oval:ssg-test_ubuntu:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu">oval:ssg-obj_ubuntu:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_ID=Ubuntu$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu version</span>Â 
        <span class="label label-default">oval:ssg-test_ubuntu_focal:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu version">oval:ssg-obj_ubuntu_focal:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_CODENAME=focal$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu version</span>Â 
        <span class="label label-default">oval:ssg-test_ubuntu_focal:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu version">oval:ssg-obj_ubuntu_focal:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_CODENAME=focal$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Verify if Profile set Value sshd_required as not required</span>Â 
        <span class="label label-default">oval:ssg-test_sshd_not_required:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Var ref</th><th>Value</th></tr></thead><tbody><tr><td>oval:ssg-sshd_required:var:1</td><td>0</td></tr></tbody></table><h4><span class="label label-primary">Verify if Value of sshd_required is the default</span>Â 
        <span class="label label-default">oval:ssg-test_sshd_requirement_unset:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Var ref</th><th>Value</th></tr></thead><tbody><tr><td>oval:ssg-sshd_required:var:1</td><td>0</td></tr></tbody></table><h4><span class="label label-primary">package openssh is removed</span>Â 
        <span class="label label-default">oval:ssg-test_package_openssh_removed:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th><th>Arch</th><th>Epoch</th><th>Release</th><th>Version</th><th>Evr</th><th>Signature keyid</th><th>Extended name</th></tr></thead><tbody><tr><td>openssh</td><td>x86_64</td><td>(none)</td><td>150300.3.22.1</td><td>8.4p1</td><td>0:8.4p1-150300.3.22.1</td><td>70af9e8139db7c82</td><td>openssh-0:8.4p1-150300.3.22.1.x86_64</td></tr></tbody></table><h4><span class="label label-primary">Verify if Profile set Value sshd_required as required</span>Â 
        <span class="label label-default">oval:ssg-test_sshd_required:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Var ref</th><th>Value</th></tr></thead><tbody><tr><td>oval:ssg-sshd_required:var:1</td><td>0</td></tr></tbody></table><h4><span class="label label-primary">Verify if Value of sshd_required is the default</span>Â 
        <span class="label label-default">oval:ssg-test_sshd_requirement_unset:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Var ref</th><th>Value</th></tr></thead><tbody><tr><td>oval:ssg-sshd_required:var:1</td><td>0</td></tr></tbody></table><h4><span class="label label-primary">package openssh is installed</span>Â 
        <span class="label label-default">oval:ssg-test_package_openssh_installed:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th><th>Arch</th><th>Epoch</th><th>Release</th><th>Version</th><th>Evr</th><th>Signature keyid</th><th>Extended name</th></tr></thead><tbody><tr><td>openssh</td><td>x86_64</td><td>(none)</td><td>150300.3.22.1</td><td>8.4p1</td><td>0:8.4p1-150300.3.22.1</td><td>70af9e8139db7c82</td><td>openssh-0:8.4p1-150300.3.22.1.x86_64</td></tr></tbody></table><h4><span class="label label-primary">tests the value of MACs setting in the /etc/ssh/sshd_config file</span>Â 
        <span class="label label-default">oval:ssg-test_sshd_use_approved_macs:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Var ref</th><th>Value</th><th>Value</th></tr></thead><tbody><tr><td>oval:ssg-var_sshd_config_macs:var:1</td><td>hmac-sha2-512</td><td>hmac-sha2-256</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_sshd_use_approved_macs_ordered_stig" id="rule-detail-id34451"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Use Only FIPS 140-2 Validated MACsxccdf_org.ssgproject.content_rule_sshd_use_approved_macs_ordered_stig mediumCCE-83280-8 </div><div class="panel-heading"><h3 class="panel-title">Use Only FIPS 140-2 Validated MACs</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_sshd_use_approved_macs_ordered_stig</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-sshd_use_approved_macs_ordered_stig:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:07+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
            <abbr title="https://ncp.nist.gov/cce: CCE-83280-8">CCE-83280-8</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
            <a href="https://public.cyber.mil/stigs/cci/">CCI-000068</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000803</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000877</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001453</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-003123</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000125-GPOS-00065</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000250-GPOS-00093</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000394-GPOS-00174</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">SLES-15-010270</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-234826r744126_rule</a></p></td></tr><tr><td>Description</td><td><div class="description">Limit the MACs to those hash algorithms which are FIPS-approved.
The following line in <code>/etc/ssh/sshd_config</code>
demonstrates use of FIPS-approved MACs:
<pre>MACs hmac-sha2-512,hmac-sha2-256</pre>
This rule ensures that there are configured MACs mentioned
above (or their subset), keeping the given order of algorithms.</div></td></tr><tr><td>Rationale</td><td><div class="rationale">DoD Information Systems are required to use FIPS-approved cryptographic hash
functions. The only SSHv2 hash algorithms meeting this requirement is SHA2.</div></td></tr><tr><td>Warnings</td><td><div class="panel panel-warning"><div class="panel-heading"><span class="label label-warning">warning</span>Â 
                                The system needs to be rebooted for these changes to take effect.</div></div><div class="panel panel-warning"><div class="panel-heading"><span class="label label-warning">warning</span>Â 
                                System Crypto Modules must be provided by a vendor that undergoes
FIPS-140 certifications.
FIPS-140 is applicable to all Federal agencies that use
cryptographic-based security systems to protect sensitive information
in computer and telecommunication systems (including voice systems) as
defined in Section 5131 of the Information Technology Management Reform
Act of 1996, Public Law 104-106. This standard shall be used in
designing and implementing cryptographic modules that Federal
departments and agencies operate or are operated for them under
contract. See <b><a href="https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.140-2.pdf">https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.140-2.pdf</a></b>
To meet this, the system has to have cryptographic software provided by
a vendor that has undergone this certification. This means providing
documentation, test results, design information, and independent third
party review by an accredited lab. While open source software is
capable of meeting this, it does not meet FIPS-140 unless the vendor
submits to this process.</div></div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">installed OS part of unix family</span>Â 
        <span class="label label-default">oval:ssg-test_rhel7_unix_family:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">installed OS part of unix family</span>Â 
        <span class="label label-default">oval:ssg-test_rhel7_unix_family:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhel7_unix_family:obj:1</abbr></strong> of type
                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">redhat-release-client is version 7</span>Â 
        <span class="label label-default">oval:ssg-test_rhel7_client:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhel7_client:obj:1</abbr></strong> of type
                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>redhat-release-client</td></tr></tbody></table><h4><span class="label label-primary">redhat-release-client is version 7</span>Â 
        <span class="label label-default">oval:ssg-test_rhel7_client:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhel7_client:obj:1</abbr></strong> of type
                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>redhat-release-client</td></tr></tbody></table><h4><span class="label label-primary">redhat-release-workstation is version 7</span>Â 
        <span class="label label-default">oval:ssg-test_rhel7_workstation:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhel7_workstation:obj:1</abbr></strong> of type
                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>redhat-release-workstation</td></tr></tbody></table><h4><span class="label label-primary">redhat-release-workstation is version 7</span>Â 
        <span class="label label-default">oval:ssg-test_rhel7_workstation:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhel7_workstation:obj:1</abbr></strong> of type
                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>redhat-release-workstation</td></tr></tbody></table><h4><span class="label label-primary">redhat-release-server is version 7</span>Â 
        <span class="label label-default">oval:ssg-test_rhel7_server:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhel7_server:obj:1</abbr></strong> of type
                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>redhat-release-server</td></tr></tbody></table><h4><span class="label label-primary">redhat-release-server is version 7</span>Â 
        <span class="label label-default">oval:ssg-test_rhel7_server:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhel7_server:obj:1</abbr></strong> of type
                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>redhat-release-server</td></tr></tbody></table><h4><span class="label label-primary">redhat-release-computenode is version 7</span>Â 
        <span class="label label-default">oval:ssg-test_rhel7_computenode:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhel7_computenode:obj:1</abbr></strong> of type
                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>redhat-release-computenode</td></tr></tbody></table><h4><span class="label label-primary">redhat-release-computenode is version 7</span>Â 
        <span class="label label-default">oval:ssg-test_rhel7_computenode:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhel7_computenode:obj:1</abbr></strong> of type
                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>redhat-release-computenode</td></tr></tbody></table><h4><span class="label label-primary">redhat-release-virtualization-host RPM package is installed</span>Â 
        <span class="label label-default">oval:ssg-test_rhvh4_version:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhvh4_version:obj:1</abbr></strong> of type
                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>redhat-release-virtualization-host</td></tr></tbody></table><h4><span class="label label-primary">redhat-release-virtualization-host RPM package is installed</span>Â 
        <span class="label label-default">oval:ssg-test_rhvh4_version:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhvh4_version:obj:1</abbr></strong> of type
                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>redhat-release-virtualization-host</td></tr></tbody></table><h4><span class="label label-primary">RHEVH base RHEL is version 7</span>Â 
        <span class="label label-default">oval:ssg-test_rhevh_rhel7_version:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhevh_rhel7_version:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/redhat-release</td><td>^Red Hat Enterprise Linux release (\d)\.\d+$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">RHEVH base RHEL is version 7</span>Â 
        <span class="label label-default">oval:ssg-test_rhevh_rhel7_version:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhevh_rhel7_version:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/redhat-release</td><td>^Red Hat Enterprise Linux release (\d)\.\d+$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">installed OS part of unix family</span>Â 
        <span class="label label-default">oval:ssg-test_rhel7_unix_family:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">installed OS part of unix family</span>Â 
        <span class="label label-default">oval:ssg-test_rhel7_unix_family:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhel7_unix_family:obj:1</abbr></strong> of type
                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">redhat-release-client is version 7</span>Â 
        <span class="label label-default">oval:ssg-test_rhel7_client:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhel7_client:obj:1</abbr></strong> of type
                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>redhat-release-client</td></tr></tbody></table><h4><span class="label label-primary">redhat-release-client is version 7</span>Â 
        <span class="label label-default">oval:ssg-test_rhel7_client:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhel7_client:obj:1</abbr></strong> of type
                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>redhat-release-client</td></tr></tbody></table><h4><span class="label label-primary">redhat-release-workstation is version 7</span>Â 
        <span class="label label-default">oval:ssg-test_rhel7_workstation:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhel7_workstation:obj:1</abbr></strong> of type
                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>redhat-release-workstation</td></tr></tbody></table><h4><span class="label label-primary">redhat-release-workstation is version 7</span>Â 
        <span class="label label-default">oval:ssg-test_rhel7_workstation:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhel7_workstation:obj:1</abbr></strong> of type
                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>redhat-release-workstation</td></tr></tbody></table><h4><span class="label label-primary">redhat-release-server is version 7</span>Â 
        <span class="label label-default">oval:ssg-test_rhel7_server:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhel7_server:obj:1</abbr></strong> of type
                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>redhat-release-server</td></tr></tbody></table><h4><span class="label label-primary">redhat-release-server is version 7</span>Â 
        <span class="label label-default">oval:ssg-test_rhel7_server:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhel7_server:obj:1</abbr></strong> of type
                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>redhat-release-server</td></tr></tbody></table><h4><span class="label label-primary">redhat-release-computenode is version 7</span>Â 
        <span class="label label-default">oval:ssg-test_rhel7_computenode:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhel7_computenode:obj:1</abbr></strong> of type
                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>redhat-release-computenode</td></tr></tbody></table><h4><span class="label label-primary">redhat-release-computenode is version 7</span>Â 
        <span class="label label-default">oval:ssg-test_rhel7_computenode:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhel7_computenode:obj:1</abbr></strong> of type
                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>redhat-release-computenode</td></tr></tbody></table><h4><span class="label label-primary">redhat-release-virtualization-host RPM package is installed</span>Â 
        <span class="label label-default">oval:ssg-test_rhvh4_version:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhvh4_version:obj:1</abbr></strong> of type
                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>redhat-release-virtualization-host</td></tr></tbody></table><h4><span class="label label-primary">redhat-release-virtualization-host RPM package is installed</span>Â 
        <span class="label label-default">oval:ssg-test_rhvh4_version:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhvh4_version:obj:1</abbr></strong> of type
                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>redhat-release-virtualization-host</td></tr></tbody></table><h4><span class="label label-primary">RHEVH base RHEL is version 7</span>Â 
        <span class="label label-default">oval:ssg-test_rhevh_rhel7_version:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhevh_rhel7_version:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/redhat-release</td><td>^Red Hat Enterprise Linux release (\d)\.\d+$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">RHEVH base RHEL is version 7</span>Â 
        <span class="label label-default">oval:ssg-test_rhevh_rhel7_version:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhevh_rhel7_version:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/redhat-release</td><td>^Red Hat Enterprise Linux release (\d)\.\d+$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">installed OS part of unix family</span>Â 
        <span class="label label-default">oval:ssg-test_rhel8_unix_family:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">installed OS part of unix family</span>Â 
        <span class="label label-default">oval:ssg-test_rhel8_unix_family:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhel8_unix_family:obj:1</abbr></strong> of type
                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">redhat-release is version 8</span>Â 
        <span class="label label-default">oval:ssg-test_rhel8:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhel8:obj:1</abbr></strong> of type
                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>redhat-release</td></tr></tbody></table><h4><span class="label label-primary">redhat-release is version 8</span>Â 
        <span class="label label-default">oval:ssg-test_rhel8:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhel8:obj:1</abbr></strong> of type
                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>redhat-release</td></tr></tbody></table><h4><span class="label label-primary">redhat-release-virtualization-host RPM package is installed</span>Â 
        <span class="label label-default">oval:ssg-test_rhvh4_version:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhvh4_version:obj:1</abbr></strong> of type
                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>redhat-release-virtualization-host</td></tr></tbody></table><h4><span class="label label-primary">redhat-release-virtualization-host RPM package is installed</span>Â 
        <span class="label label-default">oval:ssg-test_rhvh4_version:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhvh4_version:obj:1</abbr></strong> of type
                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>redhat-release-virtualization-host</td></tr></tbody></table><h4><span class="label label-primary">RHEVH base RHEL is version 8</span>Â 
        <span class="label label-default">oval:ssg-test_rhevh_rhel8_version:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhevh_rhel8_version:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/redhat-release</td><td>^Red Hat Enterprise Linux release (\d)\.\d+$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">RHEVH base RHEL is version 8</span>Â 
        <span class="label label-default">oval:ssg-test_rhevh_rhel8_version:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhevh_rhel8_version:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/redhat-release</td><td>^Red Hat Enterprise Linux release (\d)\.\d+$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">installed OS part of unix family</span>Â 
        <span class="label label-default">oval:ssg-test_rhel8_unix_family:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">installed OS part of unix family</span>Â 
        <span class="label label-default">oval:ssg-test_rhel8_unix_family:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhel8_unix_family:obj:1</abbr></strong> of type
                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">redhat-release is version 8</span>Â 
        <span class="label label-default">oval:ssg-test_rhel8:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhel8:obj:1</abbr></strong> of type
                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>redhat-release</td></tr></tbody></table><h4><span class="label label-primary">redhat-release is version 8</span>Â 
        <span class="label label-default">oval:ssg-test_rhel8:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhel8:obj:1</abbr></strong> of type
                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>redhat-release</td></tr></tbody></table><h4><span class="label label-primary">redhat-release-virtualization-host RPM package is installed</span>Â 
        <span class="label label-default">oval:ssg-test_rhvh4_version:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhvh4_version:obj:1</abbr></strong> of type
                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>redhat-release-virtualization-host</td></tr></tbody></table><h4><span class="label label-primary">redhat-release-virtualization-host RPM package is installed</span>Â 
        <span class="label label-default">oval:ssg-test_rhvh4_version:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhvh4_version:obj:1</abbr></strong> of type
                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>redhat-release-virtualization-host</td></tr></tbody></table><h4><span class="label label-primary">RHEVH base RHEL is version 8</span>Â 
        <span class="label label-default">oval:ssg-test_rhevh_rhel8_version:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhevh_rhel8_version:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/redhat-release</td><td>^Red Hat Enterprise Linux release (\d)\.\d+$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">RHEVH base RHEL is version 8</span>Â 
        <span class="label label-default">oval:ssg-test_rhevh_rhel8_version:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhevh_rhel8_version:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/redhat-release</td><td>^Red Hat Enterprise Linux release (\d)\.\d+$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">os-release is rhcos</span>Â 
        <span class="label label-default">oval:ssg-test_rhcos:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/os-release</td><td>ID="sles"</td></tr></tbody></table><h4><span class="label label-primary">os-release is rhcos</span>Â 
        <span class="label label-default">oval:ssg-test_rhcos:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhcos:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/os-release</td><td>^ID="(\w+)"$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">rhcoreos is version 4</span>Â 
        <span class="label label-default">oval:ssg-test_rhcos4:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhcos4:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/os-release</td><td>^VERSION_ID="(\d)\.\d+"$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">rhcoreos is version 4</span>Â 
        <span class="label label-default">oval:ssg-test_rhcos4:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhcos4:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/os-release</td><td>^VERSION_ID="(\d)\.\d+"$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">os-release is rhcos</span>Â 
        <span class="label label-default">oval:ssg-test_rhcos:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/os-release</td><td>ID="sles"</td></tr></tbody></table><h4><span class="label label-primary">os-release is rhcos</span>Â 
        <span class="label label-default">oval:ssg-test_rhcos:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhcos:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/os-release</td><td>^ID="(\w+)"$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">rhcoreos is version 4</span>Â 
        <span class="label label-default">oval:ssg-test_rhcos4:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhcos4:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/os-release</td><td>^VERSION_ID="(\d)\.\d+"$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">rhcoreos is version 4</span>Â 
        <span class="label label-default">oval:ssg-test_rhcos4:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhcos4:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/os-release</td><td>^VERSION_ID="(\d)\.\d+"$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_unix_family:obj:1</abbr></strong> of type
                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_unix_family:obj:1</abbr></strong> of type
                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">oraclelinux-release is version 7</span>Â 
        <span class="label label-default">oval:ssg-test_ol7_system:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_ol7_system:obj:1</abbr></strong> of type
                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>oraclelinux-release</td></tr></tbody></table><h4><span class="label label-primary">oraclelinux-release is version 7</span>Â 
        <span class="label label-default">oval:ssg-test_ol7_system:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_ol7_system:obj:1</abbr></strong> of type
                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>oraclelinux-release</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_unix_family:obj:1</abbr></strong> of type
                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_unix_family:obj:1</abbr></strong> of type
                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">oraclelinux-release is version 7</span>Â 
        <span class="label label-default">oval:ssg-test_ol7_system:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_ol7_system:obj:1</abbr></strong> of type
                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>oraclelinux-release</td></tr></tbody></table><h4><span class="label label-primary">oraclelinux-release is version 7</span>Â 
        <span class="label label-default">oval:ssg-test_ol7_system:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_ol7_system:obj:1</abbr></strong> of type
                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>oraclelinux-release</td></tr></tbody></table><h4><span class="label label-primary">installed OS part of unix family</span>Â 
        <span class="label label-default">oval:ssg-test_sle12_unix_family:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">installed OS part of unix family</span>Â 
        <span class="label label-default">oval:ssg-test_sle12_unix_family:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_sle12_unix_family:obj:1</abbr></strong> of type
                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">sled-release is version 6</span>Â 
        <span class="label label-default">oval:ssg-test_sle12_desktop:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_sle12_desktop:obj:1</abbr></strong> of type
                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>sled-release</td></tr></tbody></table><h4><span class="label label-primary">sled-release is version 6</span>Â 
        <span class="label label-default">oval:ssg-test_sle12_desktop:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_sle12_desktop:obj:1</abbr></strong> of type
                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>sled-release</td></tr></tbody></table><h4><span class="label label-primary">sles-release is version 6</span>Â 
        <span class="label label-default">oval:ssg-test_sle12_server:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th><th>Arch</th><th>Epoch</th><th>Release</th><th>Version</th><th>Evr</th><th>Signature keyid</th><th>Extended name</th></tr></thead><tbody><tr><td>sles-release</td><td>x86_64</td><td>(none)</td><td>150500.43.4</td><td>15.5</td><td>0:15.5-150500.43.4</td><td>70af9e8139db7c82</td><td>sles-release-0:15.5-150500.43.4.x86_64</td></tr></tbody></table><h4><span class="label label-primary">sles-release is version 6</span>Â 
        <span class="label label-default">oval:ssg-test_sle12_server:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_sle12_server:obj:1</abbr></strong> of type
                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>sles-release</td></tr></tbody></table><h4><span class="label label-primary">SLES_SAP-release is version 12</span>Â 
        <span class="label label-default">oval:ssg-test_sles_12_for_sap:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_sles_12_for_sap:obj:1</abbr></strong> of type
                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>SLES_SAP-release</td></tr></tbody></table><h4><span class="label label-primary">SLES_SAP-release is version 12</span>Â 
        <span class="label label-default">oval:ssg-test_sles_12_for_sap:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_sles_12_for_sap:obj:1</abbr></strong> of type
                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>SLES_SAP-release</td></tr></tbody></table><h4><span class="label label-primary">installed OS part of unix family</span>Â 
        <span class="label label-default">oval:ssg-test_sle12_unix_family:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">installed OS part of unix family</span>Â 
        <span class="label label-default">oval:ssg-test_sle12_unix_family:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_sle12_unix_family:obj:1</abbr></strong> of type
                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">sled-release is version 6</span>Â 
        <span class="label label-default">oval:ssg-test_sle12_desktop:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_sle12_desktop:obj:1</abbr></strong> of type
                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>sled-release</td></tr></tbody></table><h4><span class="label label-primary">sled-release is version 6</span>Â 
        <span class="label label-default">oval:ssg-test_sle12_desktop:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_sle12_desktop:obj:1</abbr></strong> of type
                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>sled-release</td></tr></tbody></table><h4><span class="label label-primary">sles-release is version 6</span>Â 
        <span class="label label-default">oval:ssg-test_sle12_server:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th><th>Arch</th><th>Epoch</th><th>Release</th><th>Version</th><th>Evr</th><th>Signature keyid</th><th>Extended name</th></tr></thead><tbody><tr><td>sles-release</td><td>x86_64</td><td>(none)</td><td>150500.43.4</td><td>15.5</td><td>0:15.5-150500.43.4</td><td>70af9e8139db7c82</td><td>sles-release-0:15.5-150500.43.4.x86_64</td></tr></tbody></table><h4><span class="label label-primary">sles-release is version 6</span>Â 
        <span class="label label-default">oval:ssg-test_sle12_server:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_sle12_server:obj:1</abbr></strong> of type
                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>sles-release</td></tr></tbody></table><h4><span class="label label-primary">SLES_SAP-release is version 12</span>Â 
        <span class="label label-default">oval:ssg-test_sles_12_for_sap:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_sles_12_for_sap:obj:1</abbr></strong> of type
                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>SLES_SAP-release</td></tr></tbody></table><h4><span class="label label-primary">SLES_SAP-release is version 12</span>Â 
        <span class="label label-default">oval:ssg-test_sles_12_for_sap:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_sles_12_for_sap:obj:1</abbr></strong> of type
                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>SLES_SAP-release</td></tr></tbody></table><h4><span class="label label-primary">installed OS part of unix family</span>Â 
        <span class="label label-default">oval:ssg-test_sle15_unix_family:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">installed OS part of unix family</span>Â 
        <span class="label label-default">oval:ssg-test_sle15_unix_family:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">sled-release is version 15</span>Â 
        <span class="label label-default">oval:ssg-test_sle15_desktop:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_sle15_desktop:obj:1</abbr></strong> of type
                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>sled-release</td></tr></tbody></table><h4><span class="label label-primary">sled-release is version 15</span>Â 
        <span class="label label-default">oval:ssg-test_sle15_desktop:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_sle15_desktop:obj:1</abbr></strong> of type
                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>sled-release</td></tr></tbody></table><h4><span class="label label-primary">sles-release is version 15</span>Â 
        <span class="label label-default">oval:ssg-test_sle15_server:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th><th>Arch</th><th>Epoch</th><th>Release</th><th>Version</th><th>Evr</th><th>Signature keyid</th><th>Extended name</th></tr></thead><tbody><tr><td>sles-release</td><td>x86_64</td><td>(none)</td><td>150500.43.4</td><td>15.5</td><td>0:15.5-150500.43.4</td><td>70af9e8139db7c82</td><td>sles-release-0:15.5-150500.43.4.x86_64</td></tr></tbody></table><h4><span class="label label-primary">sles-release is version 15</span>Â 
        <span class="label label-default">oval:ssg-test_sle15_server:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th><th>Arch</th><th>Epoch</th><th>Release</th><th>Version</th><th>Evr</th><th>Signature keyid</th><th>Extended name</th></tr></thead><tbody><tr><td>sles-release</td><td>x86_64</td><td>(none)</td><td>150500.43.4</td><td>15.5</td><td>0:15.5-150500.43.4</td><td>70af9e8139db7c82</td><td>sles-release-0:15.5-150500.43.4.x86_64</td></tr></tbody></table><h4><span class="label label-primary">SLES_SAP-release is version 15</span>Â 
        <span class="label label-default">oval:ssg-test_sles_15_for_sap:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_sles_15_for_sap:obj:1</abbr></strong> of type
                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>SLES_SAP-release</td></tr></tbody></table><h4><span class="label label-primary">SLES_SAP-release is version 15</span>Â 
        <span class="label label-default">oval:ssg-test_sles_15_for_sap:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_sles_15_for_sap:obj:1</abbr></strong> of type
                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>SLES_SAP-release</td></tr></tbody></table><h4><span class="label label-primary">SUMA is version 4</span>Â 
        <span class="label label-default">oval:ssg-test_suma_4:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_suma_4:obj:1</abbr></strong> of type
                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>SUSE-Manager-Server-release</td></tr></tbody></table><h4><span class="label label-primary">SUMA is version 4</span>Â 
        <span class="label label-default">oval:ssg-test_suma_4:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_suma_4:obj:1</abbr></strong> of type
                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>SUSE-Manager-Server-release</td></tr></tbody></table><h4><span class="label label-primary">SLE HPC release is version 15</span>Â 
        <span class="label label-default">oval:ssg-test_sle_hpc:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_sle_hpc:obj:1</abbr></strong> of type
                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>SLE_HPC-release</td></tr></tbody></table><h4><span class="label label-primary">SLE HPC release is version 15</span>Â 
        <span class="label label-default">oval:ssg-test_sle_hpc:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_sle_hpc:obj:1</abbr></strong> of type
                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>SLE_HPC-release</td></tr></tbody></table><h4><span class="label label-primary">installed OS part of unix family</span>Â 
        <span class="label label-default">oval:ssg-test_sle15_unix_family:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">installed OS part of unix family</span>Â 
        <span class="label label-default">oval:ssg-test_sle15_unix_family:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">sled-release is version 15</span>Â 
        <span class="label label-default">oval:ssg-test_sle15_desktop:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_sle15_desktop:obj:1</abbr></strong> of type
                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>sled-release</td></tr></tbody></table><h4><span class="label label-primary">sled-release is version 15</span>Â 
        <span class="label label-default">oval:ssg-test_sle15_desktop:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_sle15_desktop:obj:1</abbr></strong> of type
                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>sled-release</td></tr></tbody></table><h4><span class="label label-primary">sles-release is version 15</span>Â 
        <span class="label label-default">oval:ssg-test_sle15_server:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th><th>Arch</th><th>Epoch</th><th>Release</th><th>Version</th><th>Evr</th><th>Signature keyid</th><th>Extended name</th></tr></thead><tbody><tr><td>sles-release</td><td>x86_64</td><td>(none)</td><td>150500.43.4</td><td>15.5</td><td>0:15.5-150500.43.4</td><td>70af9e8139db7c82</td><td>sles-release-0:15.5-150500.43.4.x86_64</td></tr></tbody></table><h4><span class="label label-primary">sles-release is version 15</span>Â 
        <span class="label label-default">oval:ssg-test_sle15_server:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th><th>Arch</th><th>Epoch</th><th>Release</th><th>Version</th><th>Evr</th><th>Signature keyid</th><th>Extended name</th></tr></thead><tbody><tr><td>sles-release</td><td>x86_64</td><td>(none)</td><td>150500.43.4</td><td>15.5</td><td>0:15.5-150500.43.4</td><td>70af9e8139db7c82</td><td>sles-release-0:15.5-150500.43.4.x86_64</td></tr></tbody></table><h4><span class="label label-primary">SLES_SAP-release is version 15</span>Â 
        <span class="label label-default">oval:ssg-test_sles_15_for_sap:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_sles_15_for_sap:obj:1</abbr></strong> of type
                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>SLES_SAP-release</td></tr></tbody></table><h4><span class="label label-primary">SLES_SAP-release is version 15</span>Â 
        <span class="label label-default">oval:ssg-test_sles_15_for_sap:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_sles_15_for_sap:obj:1</abbr></strong> of type
                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>SLES_SAP-release</td></tr></tbody></table><h4><span class="label label-primary">SUMA is version 4</span>Â 
        <span class="label label-default">oval:ssg-test_suma_4:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_suma_4:obj:1</abbr></strong> of type
                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>SUSE-Manager-Server-release</td></tr></tbody></table><h4><span class="label label-primary">SUMA is version 4</span>Â 
        <span class="label label-default">oval:ssg-test_suma_4:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_suma_4:obj:1</abbr></strong> of type
                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>SUSE-Manager-Server-release</td></tr></tbody></table><h4><span class="label label-primary">SLE HPC release is version 15</span>Â 
        <span class="label label-default">oval:ssg-test_sle_hpc:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_sle_hpc:obj:1</abbr></strong> of type
                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>SLE_HPC-release</td></tr></tbody></table><h4><span class="label label-primary">SLE HPC release is version 15</span>Â 
        <span class="label label-default">oval:ssg-test_sle_hpc:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_sle_hpc:obj:1</abbr></strong> of type
                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>SLE_HPC-release</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_unix_family:obj:1</abbr></strong> of type
                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_unix_family:obj:1</abbr></strong> of type
                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">/etc/lsb-release exists</span>Â 
        <span class="label label-default">oval:ssg-test_lsb:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="check /etc/lsb-release file">oval:ssg-obj_lsb:obj:1</abbr></strong> of type
                <strong>file_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th></tr></thead><tbody><tr><td>/etc/lsb-release</td></tr></tbody></table><h4><span class="label label-primary">/etc/lsb-release exists</span>Â 
        <span class="label label-default">oval:ssg-test_lsb:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="check /etc/lsb-release file">oval:ssg-obj_lsb:obj:1</abbr></strong> of type
                <strong>file_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th></tr></thead><tbody><tr><td>/etc/lsb-release</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu</span>Â 
        <span class="label label-default">oval:ssg-test_ubuntu:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu">oval:ssg-obj_ubuntu:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_ID=Ubuntu$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu</span>Â 
        <span class="label label-default">oval:ssg-test_ubuntu:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu">oval:ssg-obj_ubuntu:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_ID=Ubuntu$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_unix_family:obj:1</abbr></strong> of type
                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_unix_family:obj:1</abbr></strong> of type
                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">/etc/lsb-release exists</span>Â 
        <span class="label label-default">oval:ssg-test_lsb:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="check /etc/lsb-release file">oval:ssg-obj_lsb:obj:1</abbr></strong> of type
                <strong>file_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th></tr></thead><tbody><tr><td>/etc/lsb-release</td></tr></tbody></table><h4><span class="label label-primary">/etc/lsb-release exists</span>Â 
        <span class="label label-default">oval:ssg-test_lsb:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="check /etc/lsb-release file">oval:ssg-obj_lsb:obj:1</abbr></strong> of type
                <strong>file_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th></tr></thead><tbody><tr><td>/etc/lsb-release</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu</span>Â 
        <span class="label label-default">oval:ssg-test_ubuntu:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu">oval:ssg-obj_ubuntu:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_ID=Ubuntu$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu</span>Â 
        <span class="label label-default">oval:ssg-test_ubuntu:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu">oval:ssg-obj_ubuntu:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_ID=Ubuntu$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu version</span>Â 
        <span class="label label-default">oval:ssg-test_ubuntu_xenial:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu version">oval:ssg-obj_ubuntu_xenial:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_CODENAME=xenial$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu version</span>Â 
        <span class="label label-default">oval:ssg-test_ubuntu_xenial:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu version">oval:ssg-obj_ubuntu_xenial:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_CODENAME=xenial$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_unix_family:obj:1</abbr></strong> of type
                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_unix_family:obj:1</abbr></strong> of type
                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">/etc/lsb-release exists</span>Â 
        <span class="label label-default">oval:ssg-test_lsb:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="check /etc/lsb-release file">oval:ssg-obj_lsb:obj:1</abbr></strong> of type
                <strong>file_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th></tr></thead><tbody><tr><td>/etc/lsb-release</td></tr></tbody></table><h4><span class="label label-primary">/etc/lsb-release exists</span>Â 
        <span class="label label-default">oval:ssg-test_lsb:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="check /etc/lsb-release file">oval:ssg-obj_lsb:obj:1</abbr></strong> of type
                <strong>file_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th></tr></thead><tbody><tr><td>/etc/lsb-release</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu</span>Â 
        <span class="label label-default">oval:ssg-test_ubuntu:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu">oval:ssg-obj_ubuntu:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_ID=Ubuntu$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu</span>Â 
        <span class="label label-default">oval:ssg-test_ubuntu:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu">oval:ssg-obj_ubuntu:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_ID=Ubuntu$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_unix_family:obj:1</abbr></strong> of type
                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_unix_family:obj:1</abbr></strong> of type
                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">/etc/lsb-release exists</span>Â 
        <span class="label label-default">oval:ssg-test_lsb:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="check /etc/lsb-release file">oval:ssg-obj_lsb:obj:1</abbr></strong> of type
                <strong>file_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th></tr></thead><tbody><tr><td>/etc/lsb-release</td></tr></tbody></table><h4><span class="label label-primary">/etc/lsb-release exists</span>Â 
        <span class="label label-default">oval:ssg-test_lsb:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="check /etc/lsb-release file">oval:ssg-obj_lsb:obj:1</abbr></strong> of type
                <strong>file_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th></tr></thead><tbody><tr><td>/etc/lsb-release</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu</span>Â 
        <span class="label label-default">oval:ssg-test_ubuntu:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu">oval:ssg-obj_ubuntu:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_ID=Ubuntu$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu</span>Â 
        <span class="label label-default">oval:ssg-test_ubuntu:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu">oval:ssg-obj_ubuntu:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_ID=Ubuntu$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu version</span>Â 
        <span class="label label-default">oval:ssg-test_ubuntu_xenial:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu version">oval:ssg-obj_ubuntu_xenial:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_CODENAME=xenial$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu version</span>Â 
        <span class="label label-default">oval:ssg-test_ubuntu_xenial:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu version">oval:ssg-obj_ubuntu_xenial:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_CODENAME=xenial$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_unix_family:obj:1</abbr></strong> of type
                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_unix_family:obj:1</abbr></strong> of type
                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">/etc/lsb-release exists</span>Â 
        <span class="label label-default">oval:ssg-test_lsb:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="check /etc/lsb-release file">oval:ssg-obj_lsb:obj:1</abbr></strong> of type
                <strong>file_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th></tr></thead><tbody><tr><td>/etc/lsb-release</td></tr></tbody></table><h4><span class="label label-primary">/etc/lsb-release exists</span>Â 
        <span class="label label-default">oval:ssg-test_lsb:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="check /etc/lsb-release file">oval:ssg-obj_lsb:obj:1</abbr></strong> of type
                <strong>file_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th></tr></thead><tbody><tr><td>/etc/lsb-release</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu</span>Â 
        <span class="label label-default">oval:ssg-test_ubuntu:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu">oval:ssg-obj_ubuntu:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_ID=Ubuntu$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu</span>Â 
        <span class="label label-default">oval:ssg-test_ubuntu:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu">oval:ssg-obj_ubuntu:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_ID=Ubuntu$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_unix_family:obj:1</abbr></strong> of type
                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_unix_family:obj:1</abbr></strong> of type
                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">/etc/lsb-release exists</span>Â 
        <span class="label label-default">oval:ssg-test_lsb:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="check /etc/lsb-release file">oval:ssg-obj_lsb:obj:1</abbr></strong> of type
                <strong>file_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th></tr></thead><tbody><tr><td>/etc/lsb-release</td></tr></tbody></table><h4><span class="label label-primary">/etc/lsb-release exists</span>Â 
        <span class="label label-default">oval:ssg-test_lsb:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="check /etc/lsb-release file">oval:ssg-obj_lsb:obj:1</abbr></strong> of type
                <strong>file_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th></tr></thead><tbody><tr><td>/etc/lsb-release</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu</span>Â 
        <span class="label label-default">oval:ssg-test_ubuntu:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu">oval:ssg-obj_ubuntu:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_ID=Ubuntu$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu</span>Â 
        <span class="label label-default">oval:ssg-test_ubuntu:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu">oval:ssg-obj_ubuntu:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_ID=Ubuntu$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu version</span>Â 
        <span class="label label-default">oval:ssg-test_ubuntu_bionic:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu version">oval:ssg-obj_ubuntu_bionic:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_CODENAME=bionic$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu version</span>Â 
        <span class="label label-default">oval:ssg-test_ubuntu_bionic:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu version">oval:ssg-obj_ubuntu_bionic:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_CODENAME=bionic$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_unix_family:obj:1</abbr></strong> of type
                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_unix_family:obj:1</abbr></strong> of type
                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">/etc/lsb-release exists</span>Â 
        <span class="label label-default">oval:ssg-test_lsb:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="check /etc/lsb-release file">oval:ssg-obj_lsb:obj:1</abbr></strong> of type
                <strong>file_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th></tr></thead><tbody><tr><td>/etc/lsb-release</td></tr></tbody></table><h4><span class="label label-primary">/etc/lsb-release exists</span>Â 
        <span class="label label-default">oval:ssg-test_lsb:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="check /etc/lsb-release file">oval:ssg-obj_lsb:obj:1</abbr></strong> of type
                <strong>file_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th></tr></thead><tbody><tr><td>/etc/lsb-release</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu</span>Â 
        <span class="label label-default">oval:ssg-test_ubuntu:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu">oval:ssg-obj_ubuntu:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_ID=Ubuntu$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu</span>Â 
        <span class="label label-default">oval:ssg-test_ubuntu:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu">oval:ssg-obj_ubuntu:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_ID=Ubuntu$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_unix_family:obj:1</abbr></strong> of type
                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_unix_family:obj:1</abbr></strong> of type
                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">/etc/lsb-release exists</span>Â 
        <span class="label label-default">oval:ssg-test_lsb:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="check /etc/lsb-release file">oval:ssg-obj_lsb:obj:1</abbr></strong> of type
                <strong>file_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th></tr></thead><tbody><tr><td>/etc/lsb-release</td></tr></tbody></table><h4><span class="label label-primary">/etc/lsb-release exists</span>Â 
        <span class="label label-default">oval:ssg-test_lsb:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="check /etc/lsb-release file">oval:ssg-obj_lsb:obj:1</abbr></strong> of type
                <strong>file_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th></tr></thead><tbody><tr><td>/etc/lsb-release</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu</span>Â 
        <span class="label label-default">oval:ssg-test_ubuntu:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu">oval:ssg-obj_ubuntu:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_ID=Ubuntu$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu</span>Â 
        <span class="label label-default">oval:ssg-test_ubuntu:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu">oval:ssg-obj_ubuntu:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_ID=Ubuntu$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu version</span>Â 
        <span class="label label-default">oval:ssg-test_ubuntu_bionic:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu version">oval:ssg-obj_ubuntu_bionic:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_CODENAME=bionic$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu version</span>Â 
        <span class="label label-default">oval:ssg-test_ubuntu_bionic:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu version">oval:ssg-obj_ubuntu_bionic:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_CODENAME=bionic$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_unix_family:obj:1</abbr></strong> of type
                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_unix_family:obj:1</abbr></strong> of type
                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">/etc/lsb-release exists</span>Â 
        <span class="label label-default">oval:ssg-test_lsb:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="check /etc/lsb-release file">oval:ssg-obj_lsb:obj:1</abbr></strong> of type
                <strong>file_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th></tr></thead><tbody><tr><td>/etc/lsb-release</td></tr></tbody></table><h4><span class="label label-primary">/etc/lsb-release exists</span>Â 
        <span class="label label-default">oval:ssg-test_lsb:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="check /etc/lsb-release file">oval:ssg-obj_lsb:obj:1</abbr></strong> of type
                <strong>file_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th></tr></thead><tbody><tr><td>/etc/lsb-release</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu</span>Â 
        <span class="label label-default">oval:ssg-test_ubuntu:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu">oval:ssg-obj_ubuntu:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_ID=Ubuntu$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu</span>Â 
        <span class="label label-default">oval:ssg-test_ubuntu:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu">oval:ssg-obj_ubuntu:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_ID=Ubuntu$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_unix_family:obj:1</abbr></strong> of type
                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_unix_family:obj:1</abbr></strong> of type
                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">/etc/lsb-release exists</span>Â 
        <span class="label label-default">oval:ssg-test_lsb:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="check /etc/lsb-release file">oval:ssg-obj_lsb:obj:1</abbr></strong> of type
                <strong>file_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th></tr></thead><tbody><tr><td>/etc/lsb-release</td></tr></tbody></table><h4><span class="label label-primary">/etc/lsb-release exists</span>Â 
        <span class="label label-default">oval:ssg-test_lsb:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="check /etc/lsb-release file">oval:ssg-obj_lsb:obj:1</abbr></strong> of type
                <strong>file_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th></tr></thead><tbody><tr><td>/etc/lsb-release</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu</span>Â 
        <span class="label label-default">oval:ssg-test_ubuntu:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu">oval:ssg-obj_ubuntu:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_ID=Ubuntu$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu</span>Â 
        <span class="label label-default">oval:ssg-test_ubuntu:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu">oval:ssg-obj_ubuntu:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_ID=Ubuntu$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu version</span>Â 
        <span class="label label-default">oval:ssg-test_ubuntu_focal:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu version">oval:ssg-obj_ubuntu_focal:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_CODENAME=focal$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu version</span>Â 
        <span class="label label-default">oval:ssg-test_ubuntu_focal:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu version">oval:ssg-obj_ubuntu_focal:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_CODENAME=focal$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_unix_family:obj:1</abbr></strong> of type
                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_unix_family:obj:1</abbr></strong> of type
                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">/etc/lsb-release exists</span>Â 
        <span class="label label-default">oval:ssg-test_lsb:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="check /etc/lsb-release file">oval:ssg-obj_lsb:obj:1</abbr></strong> of type
                <strong>file_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th></tr></thead><tbody><tr><td>/etc/lsb-release</td></tr></tbody></table><h4><span class="label label-primary">/etc/lsb-release exists</span>Â 
        <span class="label label-default">oval:ssg-test_lsb:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="check /etc/lsb-release file">oval:ssg-obj_lsb:obj:1</abbr></strong> of type
                <strong>file_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th></tr></thead><tbody><tr><td>/etc/lsb-release</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu</span>Â 
        <span class="label label-default">oval:ssg-test_ubuntu:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu">oval:ssg-obj_ubuntu:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_ID=Ubuntu$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu</span>Â 
        <span class="label label-default">oval:ssg-test_ubuntu:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu">oval:ssg-obj_ubuntu:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_ID=Ubuntu$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_unix_family:obj:1</abbr></strong> of type
                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Family</th></tr></thead><tbody><tr><td>unix</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span>Â 
        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_unix_family:obj:1</abbr></strong> of type
                <strong>family_object</strong></h5><table class="table table-striped table-bordered"><thead><tr></tr></thead><tbody><tr></tr></tbody></table><h4><span class="label label-primary">/etc/lsb-release exists</span>Â 
        <span class="label label-default">oval:ssg-test_lsb:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="check /etc/lsb-release file">oval:ssg-obj_lsb:obj:1</abbr></strong> of type
                <strong>file_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th></tr></thead><tbody><tr><td>/etc/lsb-release</td></tr></tbody></table><h4><span class="label label-primary">/etc/lsb-release exists</span>Â 
        <span class="label label-default">oval:ssg-test_lsb:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="check /etc/lsb-release file">oval:ssg-obj_lsb:obj:1</abbr></strong> of type
                <strong>file_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th></tr></thead><tbody><tr><td>/etc/lsb-release</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu</span>Â 
        <span class="label label-default">oval:ssg-test_ubuntu:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu">oval:ssg-obj_ubuntu:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_ID=Ubuntu$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu</span>Â 
        <span class="label label-default">oval:ssg-test_ubuntu:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu">oval:ssg-obj_ubuntu:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_ID=Ubuntu$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu version</span>Â 
        <span class="label label-default">oval:ssg-test_ubuntu_focal:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu version">oval:ssg-obj_ubuntu_focal:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_CODENAME=focal$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Check Ubuntu version</span>Â 
        <span class="label label-default">oval:ssg-test_ubuntu_focal:tst:1</span>Â 
        <span class="label label-danger">not evaluated</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check Ubuntu version">oval:ssg-obj_ubuntu_focal:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/lsb-release</td><td>^DISTRIB_CODENAME=focal$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Verify if Profile set Value sshd_required as not required</span>Â 
        <span class="label label-default">oval:ssg-test_sshd_not_required:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Var ref</th><th>Value</th></tr></thead><tbody><tr><td>oval:ssg-sshd_required:var:1</td><td>0</td></tr></tbody></table><h4><span class="label label-primary">Verify if Value of sshd_required is the default</span>Â 
        <span class="label label-default">oval:ssg-test_sshd_requirement_unset:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Var ref</th><th>Value</th></tr></thead><tbody><tr><td>oval:ssg-sshd_required:var:1</td><td>0</td></tr></tbody></table><h4><span class="label label-primary">package openssh-server is removed</span>Â 
        <span class="label label-default">oval:ssg-test_package_openssh-server_removed:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th><th>Arch</th><th>Epoch</th><th>Release</th><th>Version</th><th>Evr</th><th>Signature keyid</th><th>Extended name</th></tr></thead><tbody><tr><td>openssh-server</td><td>x86_64</td><td>(none)</td><td>150300.3.22.1</td><td>8.4p1</td><td>0:8.4p1-150300.3.22.1</td><td>70af9e8139db7c82</td><td>openssh-server-0:8.4p1-150300.3.22.1.x86_64</td></tr></tbody></table><h4><span class="label label-primary">Verify if Profile set Value sshd_required as required</span>Â 
        <span class="label label-default">oval:ssg-test_sshd_required:tst:1</span>Â 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Var ref</th><th>Value</th></tr></thead><tbody><tr><td>oval:ssg-sshd_required:var:1</td><td>0</td></tr></tbody></table><h4><span class="label label-primary">Verify if Value of sshd_required is the default</span>Â 
        <span class="label label-default">oval:ssg-test_sshd_requirement_unset:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Var ref</th><th>Value</th></tr></thead><tbody><tr><td>oval:ssg-sshd_required:var:1</td><td>0</td></tr></tbody></table><h4><span class="label label-primary">package openssh-server is installed</span>Â 
        <span class="label label-default">oval:ssg-test_package_openssh-server_installed:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th><th>Arch</th><th>Epoch</th><th>Release</th><th>Version</th><th>Evr</th><th>Signature keyid</th><th>Extended name</th></tr></thead><tbody><tr><td>openssh-server</td><td>x86_64</td><td>(none)</td><td>150300.3.22.1</td><td>8.4p1</td><td>0:8.4p1-150300.3.22.1</td><td>70af9e8139db7c82</td><td>openssh-server-0:8.4p1-150300.3.22.1.x86_64</td></tr></tbody></table><h4><span class="label label-primary">tests the value of MACs setting in the /etc/ssh/sshd_config file</span>Â 
        <span class="label label-default">oval:ssg-test_sshd_use_approved_macs_ordered_stig:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Content</th></tr></thead><tbody><tr><td>/etc/ssh/sshd_config</td><td>MACs hmac-sha2-512,hmac-sha2-256
</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_file_permissions_sshd_config" id="rule-detail-id34452"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Verify Permissions on SSH Server config filexccdf_org.ssgproject.content_rule_file_permissions_sshd_config mediumCCE-91306-1 </div><div class="panel-heading"><h3 class="panel-title">Verify Permissions on SSH Server config file</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_file_permissions_sshd_config</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-file_permissions_sshd_config:def:1</td></tr><tr><td>Time</td><td>2023-10-10T09:45:07+00:00</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â 
            <abbr title="https://ncp.nist.gov/cce: CCE-91306-1">CCE-91306-1</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â 
            <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">18</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.isaca.org/resources/cobit">APO01.06</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.02</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.iso.org/standard/54534.html">A.10.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.6.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.5</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-003-8 R5.1.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-003-8 R5.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-004-6 R2.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R2.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R2.2</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R2.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.1.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.1.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-17(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(1)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.DS-5</a>, <a href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">2.2.6</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a>, <a href="https://www.cisecurity.org/benchmark/suse_linux/">5.2.1</a></p></td></tr><tr><td>Description</td><td><div class="description">
To properly set the permissions of <code>/etc/ssh/sshd_config</code>, run the command:
<pre>$ sudo chmod 0600 /etc/ssh/sshd_config</pre></div></td></tr><tr><td>Rationale</td><td><div class="rationale">Service configuration files enable or disable features of their respective
services that if configured incorrectly can lead to insecure and vulnerable
configurations. Therefore, service configuration files should be owned by the
correct group to prevent unauthorized changes.</div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">Testing mode of /etc/ssh/sshd_config</span>Â 
        <span class="label label-default">oval:ssg-test_file_permissions_sshd_config_0:tst:1</span>Â 
        <span class="label label-success">true</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="/etc/ssh/sshd_config">oval:ssg-object_file_permissions_sshd_config_0:obj:1</abbr></strong> of type
                <strong>file_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Filter</th><th>Filter</th></tr></thead><tbody><tr><td>/etc/ssh/sshd_config</td><td>oval:ssg-exclude_symlinks__sshd_config:ste:1</td><td>oval:ssg-state_file_permissions_sshd_config_0_mode_0600or_stricter_:ste:1</td></tr></tbody></table></div></div></div></div></div><a href="#result-details" class="btn btn-info noprint">Scroll back to the first rule</a></div><div id="rear-matter"><div class="row top-spacer-10"><div class="col-md-12 well well-lg"><div class="rear-matter">Red Hat and Red Hat Enterprise Linux are either registered
trademarks or trademarks of Red Hat, Inc. in the United States and other
countries. All other names are registered trademarks or trademarks of their
respective companies.</div></div></div></div></div></div><footer id="footer"><div class="container"><p class="muted credit">
                Generated using <a href="http://open-scap.org">OpenSCAP</a> 1.3.6</p></div></footer></body></html>

Actions: View

Attachments on bug 1216088: 870036