The Ubuntu operating system must initiate session audits at system start-up.
An XCCDF Rule
Description
If auditing is enabled late in the start-up process, the actions of some start-up processes may not be audited. Some audit systems also maintain state information only available if auditing is enabled before a given process is created.
- ID
- SV-238299r991555_rule
- Version
- UBTU-20-010198
- Severity
- Medium
- References
- Updated
Remediation Templates
A Manual Procedure
Configure the Ubuntu operating system to produce audit records at system startup.
Edit the "/etc/default/grub" file and add "audit=1" to the "GRUB_CMDLINE_LINUX" option.
To update the grub config file, run:
$ sudo update-grub