MEDIUM M15: File Deletion Audit P3

Verified Compare Branch

Overview

Audits file deletion operations to track when files are removed from the system. Covers rename, renameat, rmdir, unlink, and unlinkat syscalls.

Profile: NIST 800-53 Moderate (rhcos4-moderate)

Compliance Checks

Check Description
file-deletion-events-rename Audit file rename operations
file-deletion-events-renameat Audit file renameat operations
file-deletion-events-rmdir Audit directory removal
file-deletion-events-unlink Audit file unlink (delete)
file-deletion-events-unlinkat Audit file unlinkat operations

Verification

oc debug node/<node> -- chroot /host auditctl -l | grep -E 'rename|rmdir|unlink'
← M14 All Groups M16 →
Legend
Status
🔵 In Progress
🟡 Pending
⚪ On Hold
🟢 Complete
Severity
HIGH
MEDIUM
LOW
MANUAL

Keyboard Shortcuts

Navigation
j / Next row
k / Previous row
Enter Open selected / Expand details
Esc Clear selection / Close modal
Actions
/ Focus search
d Toggle dark mode
? Show this help
g h Go to home
Filters
1 Show all
2 Pending only
3 In Progress only
4 Complete only