AIX must produce audit records containing the full-text recording of privileged commands.

An XCCDF Rule

Details
Profiles

Description

Reconstruction of harmful events or forensic analysis is not possible if audit records do not contain enough information. At a minimum, the organization must audit the full-text recording of privileged commands. The organization must maintain audit trails in sufficient detail to reconstruct events to determine the cause and impact of compromise.

ID: SV-215240r958422_rule
Version: AIX7-00-002006
Severity: Medium
References: CCI-000135
Updated: 24 days ago

Remediation Templates

Reset the audit system with the following command:
# /usr/sbin/audit shutdown

Start the audit system with the following command:
# /usr/sbin/audit start

AIX must produce audit records containing the full-text recording of privileged commands.

Description

Remediation Templates

A Manual Procedure