MEDIUM M18: Session & MAC Audit P3

Verified Compare Branch

Overview

Audits session lifecycle events, Mandatory Access Control (MAC) policy modifications, media export operations, and makes audit rules immutable after loading to prevent tampering.

Profile: NIST 800-53 Moderate (rhcos4-moderate)

Compliance Checks

Check Description
session-events Audit user session open/close events
mac-modification Audit SELinux/MAC policy changes
media-export Audit removable media mount operations
immutable Make audit rules immutable (requires reboot to change)

Verification

oc debug node/<node> -- chroot /host auditctl -l | grep -E 'session|MAC|mount|immutable'
← M17 All Groups M19 →
Legend
Status
🔵 In Progress
🟡 Pending
⚪ On Hold
🟢 Complete
Severity
HIGH
MEDIUM
LOW
MANUAL

Keyboard Shortcuts

Navigation
j / Next row
k / Previous row
Enter Open selected / Expand details
Esc Clear selection / Close modal
Actions
/ Focus search
d Toggle dark mode
? Show this help
g h Go to home
Filters
1 Show all
2 Pending only
3 In Progress only
4 Complete only