The Photon operating system must ensure audit events are flushed to disk at proper intervals.

An XCCDF Rule

Description

<VulnDiscussion>Without the capability to generate audit records, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one. To that end, the auditd service must be configured to start automatically and be running at all times.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID: SV-258855r933626_rule
Severity: Medium
References: CCI-000366
Updated: 8 months ago

Navigate to and open:

/etc/audit/auditd.conf

Add or update the following lines:
flush = INCREMENTAL_ASYNC
freq = 50

At the command line, run the following command:

# pkill -SIGHUP auditd

The Photon operating system must ensure audit events are flushed to disk at proper intervals.

Description

Remediation - Manual Procedure