{"description": "The <tt>auditd</tt> program can perform comprehensive\nmonitoring of system activity. This section makes use of recommended\nconfiguration settings for specific policies or use cases.\nThe rules in this section make use of rules defined in <tt>/usr/share/doc/audit-VERSION/rules</tt>.", "warnings": [], "requires": [], "conflicts": [], "values": {}, "groups": {}, "rules": ["audit_access_failed", "audit_access_failed_aarch64", "audit_access_failed_ppc64le", "audit_access_success", "audit_access_success_aarch64", "audit_access_success_ppc64le", "audit_basic_configuration", "audit_create_failed", "audit_create_failed_aarch64", "audit_create_failed_ppc64le", "audit_create_success", "audit_create_success_aarch64", "audit_create_success_ppc64le", "audit_delete_failed", "audit_delete_failed_aarch64", "audit_delete_failed_ppc64le", "audit_delete_success", "audit_delete_success_aarch64", "audit_delete_success_ppc64le", "audit_immutable_login_uids", "audit_modify_failed", "audit_modify_failed_aarch64", "audit_modify_failed_ppc64le", "audit_modify_success", "audit_modify_success_aarch64", "audit_modify_success_ppc64le", "audit_module_load", "audit_module_load_ppc64le", "audit_ospp_general", "audit_ospp_general_aarch64", "audit_ospp_general_ppc64le", "audit_owner_change_failed", "audit_owner_change_failed_aarch64", "audit_owner_change_failed_ppc64le", "audit_owner_change_success", "audit_owner_change_success_aarch64", "audit_owner_change_success_ppc64le", "audit_perm_change_failed", "audit_perm_change_failed_aarch64", "audit_perm_change_failed_ppc64le", "audit_perm_change_success", "audit_perm_change_success_aarch64", "audit_perm_change_success_ppc64le", "audit_rules_for_ospp"], "platform": "", "platforms": [], "inherited_platforms": ["system_with_kernel"], "cpe_platform_names": [], "title": "System Accounting with auditd", "definition_location": "/aptdata/openscap/scap-security-guide/linux_os/guide/auditing/policy_rules/group.yml"}