AIX must start audit at boot.

An XCCDF Rule

Details
Profiles

Description

If auditing is enabled late in the start-up process, the actions of some start-up processes may not be audited. Some audit systems also maintain state information only available if auditing is enabled before a given process is created.

ID: SV-215247r991555_rule
Version: AIX7-00-002023
Severity: Medium
References: CCI-001464
Updated: 24 days ago

Remediation Templates

To start auditing at system startup, add the following line to the /etc/rc file, just prior to the line reading dspmsg rc.cat 5 'Multi-user initialization completed':
/usr/sbin/audit start

Symmetrically  add the '/usr/sbin/audit shutdown' command to /etc/rc.shutdown.

AIX must start audit at boot.

Description

Remediation Templates

A Manual Procedure