The Photon operating system must have the auditd service running.

DISA Rule

SV-239090r675078_rule

V-239090

SRG-OS-000062-GPOS-00031

PHTN-67-000018

CAT II

CCI-000135 - The information system generates audit records containing the organization-defined additional, more detailed information that is to be included in the audit records.
CCI-000169 - The information system provides audit record generation capability for the auditable events defined in AU-2 a. at organization-defined information system components.
CCI-000172 - The information system generates audit records for the events defined in AU-2 d. with the content defined in AU-3.
CCI-001487 - The information system generates audit records containing information that establishes the identity of any individuals or subjects associated with the event.
CCI-001744 - The information system implements organization-defined security responses automatically if baseline configurations are changed in an unauthorized manner.
CCI-001814 - The Information system supports auditing of the enforcement actions.
CCI-002696 - The information system verifies correct operation of organization-defined security functions.
CCI-002699 - The information system performs verification of the correct operation of organization-defined security functions: when the system is in an organization-defined transitional state; upon command by a user with appropriate privileges; and/or on an organization-defined frequency.

At the command line, execute the following command:

# systemctl enable auditd.service
# service auditd start

At the command line, execute the following command:

# service auditd status | grep running

If the service is not running, this is a finding.

V-239090

False

PHTN-67-000018

At the command line, execute the following command:

# service auditd status | grep running

If the service is not running, this is a finding.

5323