Skip to content

Ensure the audit Subsystem is Installed

An XCCDF Rule

Description

The audit package should be installed.

Rationale

The auditd service is an access monitoring and accounting daemon, watching system calls to audit any access, in comparison with potential local access control policy such as SELinux policy.

ID
xccdf_org.ssgproject.content_rule_package_audit_installed
Severity
Medium
Updated



Remediation - Puppet

include install_auditd

class install_auditd {
  package { 'auditd':
    ensure => 'installed',
  }

Remediation - OS Build Blueprint


[[packages]]
name = "auditd"
version = "*"

Remediation - Ansible

- name: Ensure auditd is installed
  package:
    name: auditd
    state: present
  when: ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
  tags:

Remediation - Shell Script

# Remediation is applicable only in certain platforms
if [ ! -f /.dockerenv ] && [ ! -f /run/.containerenv ]; then

DEBIAN_FRONTEND=noninteractive apt-get install -y "auditd"

else