The audit system must be configured to audit file deletions.
DISA Rule
SV-227727r603266_rule
Vulnerability Number
V-227727
Group Title
SRG-OS-000062
Rule Version
GEN002740
Severity
CAT II
CCI(s)
- CCI-000169 - The information system provides audit record generation capability for the auditable events defined in AU-2 a. at organization-defined information system components.
Weight
10
Fix Recommendation
Edit /etc/security/audit_control and add the fd to the flags list.
Load the new audit configuration.
# auditconfig -conf
Check Contents
# grep flags /etc/security/audit_control
Confirm flags fd or +fd and -fd are configured.
Vulnerability Number
V-227727
Documentable
False
Rule Version
GEN002740
Severity Override Guidance
# grep flags /etc/security/audit_control
Confirm flags fd or +fd and -fd are configured.
Check Content Reference
M
Target Key
4061
Comments