The Photon operating system must configure auditd to use the correct log format.

An XCCDF Rule

Details
Profiles
Prose

Description

<VulnDiscussion>To compile an accurate risk assessment and provide forensic analysis, it is essential for security personnel to know exact, unfiltered details of the event in question.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID: SV-256488r887138_rule
Severity: Medium
References: CCI-000131
Updated: 9 months ago

Navigate to and open:

/etc/audit/auditd.conf

Ensure the "log_format" line is uncommented and set to the following:
log_format = RAW

At the command line, run the following command:

# killproc auditd -TERM
# systemctl start auditd

The Photon operating system must configure auditd to use the correct log format.

Description

Remediation - Manual Procedure