{"description": "At a minimum, the audit system should collect the execution of\nprivileged commands for all users and root.", "warnings": [], "requires": [], "conflicts": [], "values": {}, "groups": {}, "rules": ["audit_privileged_commands_init", "audit_privileged_commands_poweroff", "audit_privileged_commands_reboot", "audit_privileged_commands_shutdown", "audit_rules_privileged_commands", "audit_rules_privileged_commands_apparmor_parser", "audit_rules_privileged_commands_at", "audit_rules_privileged_commands_chage", "audit_rules_privileged_commands_chfn", "audit_rules_privileged_commands_chsh", "audit_rules_privileged_commands_crontab", "audit_rules_privileged_commands_dbus_daemon_launch_helper", "audit_rules_privileged_commands_fdisk", "audit_rules_privileged_commands_fusermount", "audit_rules_privileged_commands_fusermount3", "audit_rules_privileged_commands_gpasswd", "audit_rules_privileged_commands_grub2_set_bootflag", "audit_rules_privileged_commands_insmod", "audit_rules_privileged_commands_kmod", "audit_rules_privileged_commands_modprobe", "audit_rules_privileged_commands_mount", "audit_rules_privileged_commands_mount_nfs", "audit_rules_privileged_commands_newgidmap", "audit_rules_privileged_commands_newgrp", "audit_rules_privileged_commands_newuidmap", "audit_rules_privileged_commands_pam_timestamp_check", "audit_rules_privileged_commands_passmass", "audit_rules_privileged_commands_passwd", "audit_rules_privileged_commands_pkexec", "audit_rules_privileged_commands_polkit_helper", "audit_rules_privileged_commands_postdrop", "audit_rules_privileged_commands_postqueue", "audit_rules_privileged_commands_pt_chown", "audit_rules_privileged_commands_rmmod", "audit_rules_privileged_commands_ssh_agent", "audit_rules_privileged_commands_ssh_keysign", "audit_rules_privileged_commands_sssd_krb5_child", "audit_rules_privileged_commands_sssd_ldap_child", "audit_rules_privileged_commands_sssd_proxy_child", "audit_rules_privileged_commands_sssd_selinux_child", "audit_rules_privileged_commands_su", "audit_rules_privileged_commands_sudo", "audit_rules_privileged_commands_sudoedit", "audit_rules_privileged_commands_umount", "audit_rules_privileged_commands_unix2_chkpwd", "audit_rules_privileged_commands_unix_chkpwd", "audit_rules_privileged_commands_unix_update", "audit_rules_privileged_commands_userhelper", "audit_rules_privileged_commands_usermod", "audit_rules_privileged_commands_usernetctl", "audit_rules_privileged_commands_utempter", "audit_rules_privileged_commands_write"], "platform": "", "platforms": [], "inherited_platforms": ["package[audit]", "system_with_kernel"], "cpe_platform_names": [], "title": "Record Information on the Use of Privileged Commands", "definition_location": "/aptdata/openscap/scap-security-guide/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/group.yml"}