MEDIUM M19: Usergroup Modification Audit P3

Verified Compare Branch

Overview

Monitors individual identity files for modifications. Extends M7’s general usergroup monitoring with per-file watch rules for /etc/group, /etc/gshadow, /etc/opasswd, /etc/passwd, and /etc/shadow.

Profile: NIST 800-53 Moderate (rhcos4-moderate)

Compliance Checks

Check Description
usergroup-modification-group Watch /etc/group for changes
usergroup-modification-gshadow Watch /etc/gshadow for changes
usergroup-modification-opasswd Watch /etc/opasswd for changes
usergroup-modification-passwd Watch /etc/passwd for changes
usergroup-modification-shadow Watch /etc/shadow for changes

Verification

oc debug node/<node> -- chroot /host auditctl -l | grep -E 'group|gshadow|opasswd|passwd|shadow'
← M18 All Groups M20 →
Legend
Status
🔵 In Progress
🟡 Pending
On Hold
🟢 Complete
Severity
HIGH
MEDIUM
LOW
MANUAL

Keyboard Shortcuts

Navigation
j / Next row
k / Previous row
Enter Open selected / Expand details
Esc Clear selection / Close modal
Actions
/ Focus search
d Toggle dark mode
? Show this help
g h Go to home
Filters
1 Show all
2 Pending only
3 In Progress only
4 Complete only