SV-99043r1_rule
V-88393
SRG-OS-000062-GPOS-00031
VROM-SL-000175
CAT II
10
Add the following lines to the "audit.rules" file to enable auditing of administrative, privileged, and security actions:
echo '-w /etc/audit/auditd.conf' >> /etc/audit/audit.rules
Or run the following command to implement all logging requirements:
# /etc/dodscript.sh
Check the auditing configuration of the system:
# cat /etc/audit/audit.rules | grep -i "auditd.conf"
If no results are returned, or the line does not start with "-w", this is a finding.
Expected Result:
-w /etc/audit/auditd.conf
V-88393
False
VROM-SL-000175
Check the auditing configuration of the system:
# cat /etc/audit/audit.rules | grep -i "auditd.conf"
If no results are returned, or the line does not start with "-w", this is a finding.
Expected Result:
-w /etc/audit/auditd.conf
M
3461