MEDIUM M16: Unsuccessful File Modification Audit P3

Verified Compare Branch

Overview

Audits failed file modification attempts, catching permission-denied errors for chmod, chown, open, truncate, rename, unlink, and extended attribute operations. Critical for detecting unauthorized access attempts.

Profile: NIST 800-53 Moderate (rhcos4-moderate)

Compliance Checks

Check	Description
`chmod`	Audit failed chmod operations
`chown`	Audit failed chown operations
`creat`	Audit failed creat operations
`fchmod`	Audit failed fchmod operations
`fchmodat`	Audit failed fchmodat operations
`fchown`	Audit failed fchown operations
`fchownat`	Audit failed fchownat operations
`fremovexattr`	Audit failed fremovexattr operations
`fsetxattr`	Audit failed fsetxattr operations
`ftruncate`	Audit failed ftruncate operations
`lchown`	Audit failed lchown operations
`lremovexattr`	Audit failed lremovexattr operations
`lsetxattr`	Audit failed lsetxattr operations
`open`	Audit failed open operations
`open-by-handle-at`	Audit failed open-by-handle-at operations
`open-by-handle-at-o-creat`	Audit failed open-by-handle-at-o-creat operations
`open-by-handle-at-o-trunc-write`	Audit failed open-by-handle-at-o-trunc-write operations
`open-o-creat`	Audit failed open-o-creat operations
`open-o-trunc-write`	Audit failed open-o-trunc-write operations
`openat`	Audit failed openat operations
`openat-o-creat`	Audit failed openat-o-creat operations
`openat-o-trunc-write`	Audit failed openat-o-trunc-write operations
`removexattr`	Audit failed removexattr operations
`rename`	Audit failed rename operations
`renameat`	Audit failed renameat operations
`setxattr`	Audit failed setxattr operations
`truncate`	Audit failed truncate operations
`unlink`	Audit failed unlink operations
`unlinkat`	Audit failed unlinkat operations

Verification

oc debug node/<node> -- chroot /host auditctl -l | grep -c EACCES

← M15 All Groups M17 →

MEDIUM M16: Unsuccessful File Modification Audit P3

Overview

Compliance Checks

Verification

Keyboard Shortcuts