[Ubuntu 24.04] Add stigid@ubuntu2404 references: Auditing Rules

linux_os/guide/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_chmod/rule.yml

@@ -59,6 +59,7 @@ references:
     stigid@ol8: OL08-00-030490
     stigid@sle12: SLES-12-020460
     stigid@sle15: SLES-15-030290
+    stigid@ubuntu2404: UBTU-24-900150
 
 ocil_clause: 'the system is not configured to audit permission changes'
 

linux_os/guide/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_chown/rule.yml

@@ -59,6 +59,7 @@ references:
     stigid@ol8: OL08-00-030480
     stigid@sle12: SLES-12-020420
     stigid@sle15: SLES-15-030250
+    stigid@ubuntu2404: UBTU-24-900140
 
 {{{ complete_ocil_entry_audit_syscall(syscall="chown") }}}
 

linux_os/guide/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchmod/rule.yml

@@ -57,6 +57,7 @@ references:
     stigid@ol8: OL08-00-030490
     stigid@sle12: SLES-12-020460
     stigid@sle15: SLES-15-030290
+    stigid@ubuntu2404: UBTU-24-900150
 
 {{{ complete_ocil_entry_audit_syscall(syscall="fchmod") }}}
 

linux_os/guide/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchmodat/rule.yml

@@ -56,6 +56,7 @@ references:
     stigid@ol8: OL08-00-030490
     stigid@sle12: SLES-12-020460
     stigid@sle15: SLES-15-030290
+    stigid@ubuntu2404: UBTU-24-900150
 
 {{{ complete_ocil_entry_audit_syscall(syscall="fchmodat") }}}
 

linux_os/guide/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchown/rule.yml

@@ -59,6 +59,7 @@ references:
     stigid@ol8: OL08-00-030480
     stigid@sle12: SLES-12-020420
     stigid@sle15: SLES-15-030250
+    stigid@ubuntu2404: UBTU-24-900140
 
 {{{ complete_ocil_entry_audit_syscall(syscall="fchown") }}}
 

linux_os/guide/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchownat/rule.yml

@@ -56,6 +56,7 @@ references:
     stigid@ol8: OL08-00-030480
     stigid@sle12: SLES-12-020420
     stigid@sle15: SLES-15-030250
+    stigid@ubuntu2404: UBTU-24-900140
 
 {{{ complete_ocil_entry_audit_syscall(syscall="fchownat") }}}
 

linux_os/guide/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fremovexattr/rule.yml

@@ -74,6 +74,7 @@ references:
     stigid@ol8: OL08-00-030200
     stigid@sle12: SLES-12-020370
     stigid@sle15: SLES-15-030190
+    stigid@ubuntu2404: UBTU-24-900130
 
 {{{ complete_ocil_entry_audit_syscall(syscall="fremovexattr") }}}
 

linux_os/guide/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fsetxattr/rule.yml

@@ -68,6 +68,7 @@ references:
     stigid@ol8: OL08-00-030200
     stigid@sle12: SLES-12-020370
     stigid@sle15: SLES-15-030190
+    stigid@ubuntu2404: UBTU-24-900130
 
 {{{ complete_ocil_entry_audit_syscall(syscall="fsetxattr") }}}
 

linux_os/guide/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lchown/rule.yml

@@ -60,6 +60,7 @@ references:
     stigid@ol8: OL08-00-030480
     stigid@sle12: SLES-12-020420
     stigid@sle15: SLES-15-030250
+    stigid@ubuntu2404: UBTU-24-900140
 
 {{{ complete_ocil_entry_audit_syscall(syscall="lchown") }}}
 

linux_os/guide/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lremovexattr/rule.yml

@@ -73,6 +73,7 @@ references:
     stigid@ol8: OL08-00-030200
     stigid@sle12: SLES-12-020370
     stigid@sle15: SLES-15-030190
+    stigid@ubuntu2404: UBTU-24-900130
 
 {{{ complete_ocil_entry_audit_syscall(syscall="lremovexattr") }}}
 

linux_os/guide/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lsetxattr/rule.yml

@@ -68,6 +68,7 @@ references:
     stigid@ol8: OL08-00-030200
     stigid@sle12: SLES-12-020370
     stigid@sle15: SLES-15-030190
+    stigid@ubuntu2404: UBTU-24-900130
 
 {{{ complete_ocil_entry_audit_syscall(syscall="lsetxattr") }}}
 

linux_os/guide/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_removexattr/rule.yml

@@ -72,6 +72,7 @@ references:
     stigid@ol8: OL08-00-030200
     stigid@sle12: SLES-12-020370
     stigid@sle15: SLES-15-030190
+    stigid@ubuntu2404: UBTU-24-900130
 
 {{{ complete_ocil_entry_audit_syscall(syscall="removexattr") }}}
 

linux_os/guide/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_setxattr/rule.yml

@@ -68,6 +68,7 @@ references:
     stigid@ol8: OL08-00-030200
     stigid@sle12: SLES-12-020370
     stigid@sle15: SLES-15-030190
+    stigid@ubuntu2404: UBTU-24-900130
 
 {{{ complete_ocil_entry_audit_syscall(syscall="setxattr") }}}
 

linux_os/guide/auditing/auditd_configure_rules/audit_execution_acl_commands/audit_rules_execution_chacl/rule.yml

@@ -31,6 +31,7 @@ references:
     stigid@ol8: OL08-00-030570
     stigid@sle12: SLES-12-020620
     stigid@sle15: SLES-15-030440
+    stigid@ubuntu2404: UBTU-24-900240
 
 {{{ ocil_fix_srg_privileged_command("chacl", "/usr/bin/", "perm_mod") }}}
 

linux_os/guide/auditing/auditd_configure_rules/audit_execution_acl_commands/audit_rules_execution_setfacl/rule.yml

@@ -30,6 +30,7 @@ references:
     stigid@ol8: OL08-00-030330
     stigid@sle12: SLES-12-020610
     stigid@sle15: SLES-15-030430
+    stigid@ubuntu2404: UBTU-24-900230
 
 {{{ ocil_fix_srg_privileged_command("setfacl", "/usr/bin/", "perm_mod") }}}
 

linux_os/guide/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_chcon/rule.yml

@@ -47,6 +47,7 @@ references:
     stigid@ol8: OL08-00-030260
     stigid@sle12: SLES-12-020630
     stigid@sle15: SLES-15-030450
+    stigid@ubuntu2404: UBTU-24-900210
 
 {{{ ocil_fix_srg_privileged_command("chcon", "/usr/bin/", "perm_mod") }}}
 

linux_os/guide/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_rename/rule.yml

@@ -52,6 +52,7 @@ references:
     srg: SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000471-GPOS-00215,SRG-OS-000466-GPOS-00210,SRG-OS-000467-GPOS-00211,SRG-OS-000468-GPOS-00212,SRG-APP-000495-CTR-001235,SRG-APP-000499-CTR-001255,SRG-APP-000501-CTR-001265,SRG-APP-000502-CTR-001270
     stigid@ol7: OL07-00-030910
     stigid@ol8: OL08-00-030361
+    stigid@ubuntu2404: UBTU-24-900540
 
 {{{ complete_ocil_entry_audit_syscall(syscall="rename") }}}
 

linux_os/guide/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_renameat/rule.yml

@@ -49,6 +49,7 @@ references:
     srg: SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000471-GPOS-00215,SRG-OS-000466-GPOS-00210,SRG-OS-000467-GPOS-00211,SRG-OS-000468-GPOS-00212,SRG-APP-000495-CTR-001235,SRG-APP-000499-CTR-001255,SRG-APP-000501-CTR-001265,SRG-APP-000502-CTR-001270
     stigid@ol7: OL07-00-030910
     stigid@ol8: OL08-00-030361
+    stigid@ubuntu2404: UBTU-24-900540
 
 {{{ complete_ocil_entry_audit_syscall(syscall="renameat") }}}
 

linux_os/guide/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_rmdir/rule.yml

@@ -49,6 +49,7 @@ references:
     srg: SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000471-GPOS-00215,SRG-OS-000466-GPOS-00210,SRG-OS-000467-GPOS-00211,SRG-OS-000468-GPOS-00212,SRG-APP-000495-CTR-001235,SRG-APP-000499-CTR-001255,SRG-APP-000501-CTR-001265,SRG-APP-000502-CTR-001270
     stigid@ol7: OL07-00-030910
     stigid@ol8: OL08-00-030361
+    stigid@ubuntu2404: UBTU-24-900540
 
 {{{ complete_ocil_entry_audit_syscall(syscall="rmdir") }}}
 

linux_os/guide/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_unlink/rule.yml

@@ -52,6 +52,7 @@ references:
     srg: SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000471-GPOS-00215,SRG-OS-000466-GPOS-00210,SRG-OS-000467-GPOS-00211,SRG-OS-000468-GPOS-00212,SRG-APP-000495-CTR-001235,SRG-APP-000499-CTR-001255,SRG-APP-000501-CTR-001265,SRG-APP-000502-CTR-001270
     stigid@ol7: OL07-00-030910
     stigid@ol8: OL08-00-030361
+    stigid@ubuntu2404: UBTU-24-900540
 
 {{{ complete_ocil_entry_audit_syscall(syscall="unlink") }}}
 

linux_os/guide/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_unlinkat/rule.yml

@@ -49,6 +49,7 @@ references:
     srg: SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000471-GPOS-00215,SRG-OS-000466-GPOS-00210,SRG-OS-000467-GPOS-00211,SRG-OS-000468-GPOS-00212,SRG-APP-000495-CTR-001235,SRG-APP-000499-CTR-001255,SRG-APP-000501-CTR-001265,SRG-APP-000502-CTR-001270
     stigid@ol7: OL07-00-030910
     stigid@ol8: OL08-00-030361
+    stigid@ubuntu2404: UBTU-24-900540
 
 {{{ complete_ocil_entry_audit_syscall(syscall="unlinkat") }}}
 

linux_os/guide/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_creat/rule.yml

@@ -63,6 +63,7 @@ references:
     stigid@ol8: OL08-00-030420
     stigid@sle12: SLES-12-020490
     stigid@sle15: SLES-15-030150
+    stigid@ubuntu2404: UBTU-24-900160
 
 ocil: |-
     {{{ ocil_audit_rules_unsuccessful_file_modification("creat", "access") | indent(4) }}}

linux_os/guide/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_ftruncate/rule.yml

@@ -63,6 +63,7 @@ references:
     stigid@ol8: OL08-00-030420
     stigid@sle12: SLES-12-020490
     stigid@sle15: SLES-15-030150
+    stigid@ubuntu2404: UBTU-24-900160
 
 ocil: |-
     {{{ ocil_audit_rules_unsuccessful_file_modification("ftruncate", "access") | indent(4) }}}

linux_os/guide/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open/rule.yml

@@ -67,6 +67,7 @@ references:
     stigid@ol8: OL08-00-030420
     stigid@sle12: SLES-12-020490
     stigid@sle15: SLES-15-030150
+    stigid@ubuntu2404: UBTU-24-900160
 
 ocil: |-
     {{{ ocil_audit_rules_unsuccessful_file_modification("open", "access") | indent(4) }}}

linux_os/guide/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at/rule.yml

@@ -57,6 +57,7 @@ references:
     stigid@ol8: OL08-00-030420
     stigid@sle12: SLES-12-020490
     stigid@sle15: SLES-15-030150
+    stigid@ubuntu2404: UBTU-24-900160
 
 ocil: |-
     {{{ ocil_audit_rules_unsuccessful_file_modification("open_by_handle_at", "access") | indent(4) }}}

linux_os/guide/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat/rule.yml

@@ -63,6 +63,7 @@ references:
     stigid@ol8: OL08-00-030420
     stigid@sle12: SLES-12-020490
     stigid@sle15: SLES-15-030150
+    stigid@ubuntu2404: UBTU-24-900160
 
 ocil: |-
     {{{ ocil_audit_rules_unsuccessful_file_modification("openat", "access") | indent(4) }}}

linux_os/guide/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_truncate/rule.yml

@@ -62,6 +62,7 @@ references:
     stigid@ol8: OL08-00-030420
     stigid@sle12: SLES-12-020490
     stigid@sle15: SLES-15-030150
+    stigid@ubuntu2404: UBTU-24-900160
 
 ocil: |-
     {{{ ocil_audit_rules_unsuccessful_file_modification("truncate", "access") | indent(4) }}}

linux_os/guide/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_delete/rule.yml

@@ -43,6 +43,7 @@ references:
     stigid@ol8: OL08-00-030390
     stigid@sle12: SLES-12-020730
     stigid@sle15: SLES-15-030520
+    stigid@ubuntu2404: UBTU-24-900350
 
 {{{ complete_ocil_entry_audit_syscall(syscall="delete_module") }}}
 

linux_os/guide/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_finit/rule.yml

@@ -41,6 +41,7 @@ references:
     stigid@ol8: OL08-00-030360
     stigid@sle12: SLES-12-020740
     stigid@sle15: SLES-15-030530
+    stigid@ubuntu2404: UBTU-24-900340
 
 {{{ complete_ocil_entry_audit_syscall(syscall="finit_module") }}}
 

linux_os/guide/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_init/rule.yml

@@ -42,6 +42,7 @@ references:
     stigid@ol8: OL08-00-030360
     stigid@sle12: SLES-12-020740
     stigid@sle15: SLES-15-030530
+    stigid@ubuntu2404: UBTU-24-900340
 
 {{{ complete_ocil_entry_audit_syscall(syscall="init_module") }}}
 

linux_os/guide/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillog/rule.yml

@@ -25,6 +25,7 @@ references:
     nist@sle12: AU-3,AU-12(a),AU-12(c),MA-4(1)(a)
     srg: SRG-OS-000037-GPOS-00015
     stigid@sle12: SLES-12-020760
+    stigid@ubuntu2404: UBTU-24-900250
 
 ocil_clause: 'there is no output'
 

linux_os/guide/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_lastlog/rule.yml

@@ -43,6 +43,7 @@ references:
     stigid@ol8: OL08-00-030600
     stigid@sle12: SLES-12-020660
     stigid@sle15: SLES-15-030480
+    stigid@ubuntu2404: UBTU-24-900260
 
 ocil_clause: 'the command does not return a line, or the line is commented out'
 

linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_apparmor_parser/rule.yml

@@ -18,6 +18,7 @@ severity: medium
 
 references:
     srg: SRG-OS-000064-GPOS-00033
+    stigid@ubuntu2404: UBTU-24-900220
 
 ocil: |-
     To verify that execution of the command is being audited, run the following command:

linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_chage/rule.yml

@@ -46,6 +46,7 @@ references:
     stigid@ol8: OL08-00-030250
     stigid@sle12: SLES-12-020690
     stigid@sle15: SLES-15-030120
+    stigid@ubuntu2404: UBTU-24-900300
 
 {{{ ocil_fix_srg_privileged_command("chage") }}}
 

linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_chfn/rule.yml

@@ -27,6 +27,7 @@ references:
     nist: AU-3,AU-12(a),AU-12(c),MA-4(1)(a)
     stigid@sle12: SLES-12-020280
     stigid@sle15: SLES-15-030340
+    stigid@ubuntu2404: UBTU-24-900080
 
 ocil_clause: '{{{ ocil_clause_audit() }}}'
 

linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_chsh/rule.yml

@@ -46,6 +46,7 @@ references:
     stigid@ol8: OL08-00-030410
     stigid@sle12: SLES-12-020580
     stigid@sle15: SLES-15-030100
+    stigid@ubuntu2404: UBTU-24-900190
 
 {{{ ocil_fix_srg_privileged_command("chsh") }}}
 

linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_crontab/rule.yml

@@ -44,6 +44,7 @@ references:
     stigid@ol8: OL08-00-030400
     stigid@sle12: SLES-12-020710
     stigid@sle15: SLES-15-030130
+    stigid@ubuntu2404: UBTU-24-900320
 
 {{{ ocil_fix_srg_privileged_command("crontab") }}}
 

linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_fdisk/rule.yml

@@ -19,6 +19,7 @@ severity: medium
 
 references:
     srg: SRG-OS-000477-GPOS-00222
+    stigid@ubuntu2404: UBTU-24-900750
 
 ocil_clause: '{{{ ocil_clause_audit() }}}'
 

linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_gpasswd/rule.yml

@@ -46,6 +46,7 @@ references:
     stigid@ol8: OL08-00-030370
     stigid@sle12: SLES-12-020560
     stigid@sle15: SLES-15-030080
+    stigid@ubuntu2404: UBTU-24-900290
 
 {{{ ocil_fix_srg_privileged_command("gpasswd") }}}
 

linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_kmod/rule.yml

@@ -33,6 +33,7 @@ references:
     stigid@ol8: OL08-00-030580
     stigid@sle12: SLES-12-020360
     stigid@sle15: SLES-15-030410
+    stigid@ubuntu2404: UBTU-24-900740
 
 {{{ ocil_fix_srg_privileged_command("kmod") }}}
 

linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_modprobe/rule.yml

@@ -44,6 +44,7 @@ references:
     nist: AU-12(a),AU-12.1(ii),AU-3,AU-3.1,AU-12(c),AU-12.1(iv),MA-4(1)(a)
     srg: SRG-OS-000037-GPOS-00015,SRG-OS-000062-GPOS-00031,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000471-GPOS-00215
     stigid@sle15: SLES-15-030400
+    stigid@ubuntu2404: UBTU-24-900730
 
 ocil_clause: '{{{ ocil_clause_audit() }}}'
 

linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_mount/rule.yml

@@ -32,6 +32,7 @@ references:
     stigid@ol7: OL07-00-030740
     stigid@ol8: OL08-00-030300
     stigid@sle12: SLES-12-020290
+    stigid@ubuntu2404: UBTU-24-900090
 
 {{{ ocil_fix_srg_privileged_command("mount") }}}
 

linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_newgrp/rule.yml

@@ -46,6 +46,7 @@ references:
     stigid@ol8: OL08-00-030350
     stigid@sle12: SLES-12-020570
     stigid@sle15: SLES-15-030090
+    stigid@ubuntu2404: UBTU-24-900200
 
 {{{ ocil_fix_srg_privileged_command("newgrp") }}}
 

linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_pam_timestamp_check/rule.yml

@@ -51,6 +51,7 @@ references:
     stigid@ol8: OL08-00-030340
     stigid@sle12: SLES-12-020720
     stigid@sle15: SLES-15-030510
+    stigid@ubuntu2404: UBTU-24-900330
 
 {{% if product not in ["sle12", "sle15", "slmicro5", "slmicro6"] %}}
 {{{ ocil_fix_srg_privileged_command("pam_timestamp_check", "/usr/sbin/") }}}

linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_passwd/rule.yml

@@ -46,6 +46,7 @@ references:
     stigid@ol8: OL08-00-030290
     stigid@sle12: SLES-12-020550
     stigid@sle15: SLES-15-030070
+    stigid@ubuntu2404: UBTU-24-900270
 
 {{{ ocil_fix_srg_privileged_command("passwd") }}}
 

linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_ssh_agent/rule.yml

@@ -32,6 +32,7 @@ references:
     stigid@ol8: OL08-00-030280
     stigid@sle12: SLES-12-020310
     stigid@sle15: SLES-15-030370
+    stigid@ubuntu2404: UBTU-24-900110
 
 {{{ ocil_fix_srg_privileged_command("ssh-agent") }}}
 

linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_ssh_keysign/rule.yml

@@ -56,6 +56,7 @@ references:
     stigid@ol8: OL08-00-030320
     stigid@sle12: SLES-12-020320
     stigid@sle15: SLES-15-030060
+    stigid@ubuntu2404: UBTU-24-900120
 
 {{{ ocil_fix_srg_privileged_command("ssh-keysign", ssh_keysign_path) }}}
 

linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_su/rule.yml

@@ -45,6 +45,7 @@ references:
     stigid@ol8: OL08-00-030190
     stigid@sle12: SLES-12-020250
     stigid@sle15: SLES-15-030550
+    stigid@ubuntu2404: UBTU-24-900070
 
 {{{ ocil_fix_srg_privileged_command("su") }}}
 

linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sudo/rule.yml

@@ -45,6 +45,7 @@ references:
     stigid@ol8: OL08-00-030550
     stigid@sle12: SLES-12-020260
     stigid@sle15: SLES-15-030560
+    stigid@ubuntu2404: UBTU-24-900170
 
 {{{ ocil_fix_srg_privileged_command("sudo") }}}
 template:

linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sudoedit/rule.yml

@@ -42,6 +42,7 @@ references:
     nist@sle15: AU-3,AU-3.1,AU-12(a),AU-12.1(ii),AU-12.1(iv)
     srg: SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000471-GPOS-00215,SRG-APP-000495-CTR-001235,SRG-OS-000755-GPOS-00220
     stigid@sle15: SLES-15-030330
+    stigid@ubuntu2404: UBTU-24-900180
 
 {{{ ocil_fix_srg_privileged_command("sudoedit") }}}