Ensure the audit Subsystem is Installed
An XCCDF Rule
Description
The audit package should be installed.
Rationale
The auditd service is an access monitoring and accounting daemon, watching system calls to audit any access, in comparison with potential local access control policy such as SELinux policy.
- ID
- xccdf_org.ssgproject.content_rule_package_audit_installed
- Severity
- Medium
- References
-
SRG-OS-000037-GPOS-00015
SRG-OS-000038-GPOS-00016
SRG-OS-000039-GPOS-00017
SRG-OS-000040-GPOS-00018
SRG-OS-000041-GPOS-00019
SRG-OS-000042-GPOS-00021
SRG-OS-000051-GPOS-00024
SRG-OS-000054-GPOS-00025
SRG-OS-000062-GPOS-00031
SRG-OS-000122-GPOS-00063
SRG-OS-000254-GPOS-00095
SRG-OS-000255-GPOS-00096
SRG-OS-000337-GPOS-00129
SRG-OS-000348-GPOS-00136
SRG-OS-000349-GPOS-00137
SRG-OS-000350-GPOS-00138
SRG-OS-000351-GPOS-00139
SRG-OS-000352-GPOS-00140
SRG-OS-000353-GPOS-00141
SRG-OS-000354-GPOS-00142
SRG-OS-000358-GPOS-00145
SRG-OS-000365-GPOS-00152
SRG-OS-000392-GPOS-00172
SRG-OS-000475-GPOS-00220
- Updated
Remediation - Puppet
include install_auditd
class install_auditd {
package { 'auditd':
ensure => 'installed',
}
Remediation - OS Build Blueprint
[[packages]]
name = "auditd"
version = "*"
Remediation - Ansible
- name: Ensure auditd is installed
package:
name: auditd
state: present
when: ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
tags:
Remediation - Shell Script
# Remediation is applicable only in certain platforms
if [ ! -f /.dockerenv ] && [ ! -f /run/.containerenv ]; then
DEBIAN_FRONTEND=noninteractive apt-get install -y "auditd"
else