diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_rules_networkconfig_modification/bash/shared.sh b/linux_os/guide/auditing/auditd_configure_rules/audit_rules_networkconfig_modification/bash/shared.sh
index c0fe0755138..373841ddb17 100644
--- a/linux_os/guide/auditing/auditd_configure_rules/audit_rules_networkconfig_modification/bash/shared.sh
+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_rules_networkconfig_modification/bash/shared.sh
@@ -33,6 +33,11 @@ done
{{{ bash_fix_audit_watch_rule("augenrules", "/etc/network/", "wa", "audit_rules_networkconfig_modification") }}}
{{{ bash_fix_audit_watch_rule("auditctl", "/etc/netplan/", "wa", "audit_rules_networkconfig_modification") }}}
{{{ bash_fix_audit_watch_rule("augenrules", "/etc/netplan/", "wa", "audit_rules_networkconfig_modification") }}}
+{{% elif 'debian' in product -%}}
+{{{ bash_fix_audit_watch_rule("auditctl", "/etc/networks", "wa", "audit_rules_networkconfig_modification") }}}
+{{{ bash_fix_audit_watch_rule("augenrules", "/etc/networks", "wa", "audit_rules_networkconfig_modification") }}}
+{{{ bash_fix_audit_watch_rule("auditctl", "/etc/network/", "wa", "audit_rules_networkconfig_modification") }}}
+{{{ bash_fix_audit_watch_rule("augenrules", "/etc/network/", "wa", "audit_rules_networkconfig_modification") }}}
{{% else -%}}
{{{ bash_fix_audit_watch_rule("auditctl", "/etc/sysconfig/network", "wa", "audit_rules_networkconfig_modification") }}}
{{{ bash_fix_audit_watch_rule("augenrules", "/etc/sysconfig/network", "wa", "audit_rules_networkconfig_modification") }}}
diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_rules_networkconfig_modification/oval/debian.xml b/linux_os/guide/auditing/auditd_configure_rules/audit_rules_networkconfig_modification/oval/debian.xml
new file mode 120000
index 00000000000..70f08ba8db1
--- /dev/null
+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_rules_networkconfig_modification/oval/debian.xml
@@ -0,0 +1 @@
+ubuntu.xml
\ No newline at end of file
diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_rules_networkconfig_modification/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_rules_networkconfig_modification/rule.yml
index 69b1eae5a84..4626ec550ce 100644
--- a/linux_os/guide/auditing/auditd_configure_rules/audit_rules_networkconfig_modification/rule.yml
+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_rules_networkconfig_modification/rule.yml
@@ -16,7 +16,7 @@ description: |-
{{% if product in ['ubuntu2404'] %}}
-w /etc/netplan/ -p wa -k audit_rules_networkconfig_modification
{{% endif %}}
- {{% if 'ubuntu' in product -%}}
+ {{% if 'ubuntu' in product or 'debian' in product -%}}
-w /etc/networks -p wa -k audit_rules_networkconfig_modification
-w /etc/network/ -p wa -k audit_rules_networkconfig_modification
{{% else -%}}
@@ -31,7 +31,7 @@ description: |-
-w /etc/issue -p wa -k audit_rules_networkconfig_modification
-w /etc/issue.net -p wa -k audit_rules_networkconfig_modification
-w /etc/hosts -p wa -k audit_rules_networkconfig_modification
- {{% if 'ubuntu' in product -%}}
+ {{% if 'ubuntu' in product or 'debian' in product -%}}
-w /etc/networks -p wa -k audit_rules_networkconfig_modification
-w /etc/network/ -p wa -k audit_rules_networkconfig_modification
{{% else -%}}
@@ -76,7 +76,7 @@ ocil: |-
run the following command:
{{% if product in ['ubuntu2404'] -%}}
auditctl -l | grep -E '(/etc/issue|/etc/issue.net|/etc/hosts|/etc/networks|/etc/network/|/etc/netplan/)'
- {{% elif 'ubuntu' in product -%}}
+ {{% elif 'ubuntu' in product or 'debian' in product -%}}
auditctl -l | grep -E '(/etc/issue|/etc/issue.net|/etc/hosts|/etc/networks|/etc/network/)'
{{% else -%}}
auditctl -l | grep -E '(/etc/issue|/etc/issue.net|/etc/hosts|/etc/sysconfig/network)'
diff --git a/products/debian12/product.yml b/products/debian12/product.yml
index 3a6589be46b..f98d5a52706 100644
--- a/products/debian12/product.yml
+++ b/products/debian12/product.yml
@@ -39,6 +39,7 @@ platform_package_overrides:
pam: libpam-runtime
shadow: login
sssd: sssd-common
+ audit: auditd
reference_uris:
cis: 'https://www.cisecurity.org/benchmark/debian_linux/'
diff --git a/products/debian13/product.yml b/products/debian13/product.yml
index 91ae2cbee93..379b4d89eb0 100644
--- a/products/debian13/product.yml
+++ b/products/debian13/product.yml
@@ -39,3 +39,5 @@ platform_package_overrides:
pam: libpam-runtime
shadow: login
sssd: sssd-common
+ audit: auditd
+
diff --git a/tests/data/product_stability/debian12.yml b/tests/data/product_stability/debian12.yml
index 8fe0afe738a..580306bac01 100644
--- a/tests/data/product_stability/debian12.yml
+++ b/tests/data/product_stability/debian12.yml
@@ -4,13 +4,13 @@ aide_bin_path: /usr/sbin/aide
aide_conf_path: /etc/aide/aide.conf
audisp_conf_path: /etc/audit
audit_binaries:
- - /sbin/auditctl
- - /sbin/aureport
- - /sbin/ausearch
- - /sbin/autrace
- - /sbin/auditd
- - /sbin/audispd
- - /sbin/augenrules
+- /sbin/auditctl
+- /sbin/aureport
+- /sbin/ausearch
+- /sbin/autrace
+- /sbin/auditd
+- /sbin/audispd
+- /sbin/augenrules
audit_watches_style: legacy
auid: 1000
basic_properties_derived: true
@@ -48,6 +48,7 @@ pkg_manager: apt_get
pkg_system: dpkg
platform_package_overrides:
aarch64_arch: null
+ audit: auditd
gdm: gdm3
grub2: grub2-common
login_defs: login
diff --git a/tests/data/product_stability/debian13.yml b/tests/data/product_stability/debian13.yml
index 75a041831bf..39e3a96a052 100644
--- a/tests/data/product_stability/debian13.yml
+++ b/tests/data/product_stability/debian13.yml
@@ -4,13 +4,13 @@ aide_bin_path: /usr/sbin/aide
aide_conf_path: /etc/aide/aide.conf
audisp_conf_path: /etc/audit
audit_binaries:
- - /sbin/auditctl
- - /sbin/aureport
- - /sbin/ausearch
- - /sbin/autrace
- - /sbin/auditd
- - /sbin/audispd
- - /sbin/augenrules
+- /sbin/auditctl
+- /sbin/aureport
+- /sbin/ausearch
+- /sbin/autrace
+- /sbin/auditd
+- /sbin/audispd
+- /sbin/augenrules
audit_watches_style: legacy
auid: 1000
basic_properties_derived: true
@@ -49,6 +49,7 @@ pkg_manager: apt_get
pkg_system: dpkg
platform_package_overrides:
aarch64_arch: null
+ audit: auditd
gdm: gdm3
grub2: grub2-common
login_defs: login