Ensure the audit-libs package as a part of audit Subsystem is Installed

An XCCDF Rule

Description

The audit-libs package should be installed.

Rationale

The auditd service is an access monitoring and accounting daemon, watching system calls to audit any access, in comparison with potential local access control policy such as SELinux policy.

ID: xccdf_org.ssgproject.content_rule_package_audit-libs_installed
Severity: Medium
References: CCI-000130 CCI-000131 CCI-000132 CCI-000133 CCI-000134 CCI-000135 CCI-000154 CCI-000158 CCI-000169 CCI-000172 CCI-001464 CCI-001487 CCI-001814 CCI-001875 CCI-001876 CCI-001877 CCI-001878 CCI-001879 CCI-001880 CCI-001881 CCI-001882 CCI-001889 CCI-001914 CCI-002884

CIP-004-6 R3.3 CIP-007-3 R6.5

AC-7(a) AU-12(2) AU-14 AU-2(a) AU-7(1) AU-7(2) CM-6(a)

FAU_GEN.1

Req-10.2.1

SRG-OS-000037-GPOS-00015 SRG-OS-000038-GPOS-00016 SRG-OS-000039-GPOS-00017 SRG-OS-000040-GPOS-00018 SRG-OS-000041-GPOS-00019 SRG-OS-000042-GPOS-00021 SRG-OS-000051-GPOS-00024 SRG-OS-000054-GPOS-00025 SRG-OS-000062-GPOS-00031 SRG-OS-000122-GPOS-00063 SRG-OS-000254-GPOS-00095 SRG-OS-000255-GPOS-00096 SRG-OS-000337-GPOS-00129 SRG-OS-000348-GPOS-00136 SRG-OS-000349-GPOS-00137 SRG-OS-000350-GPOS-00138 SRG-OS-000351-GPOS-00139 SRG-OS-000352-GPOS-00140 SRG-OS-000353-GPOS-00141 SRG-OS-000354-GPOS-00142 SRG-OS-000358-GPOS-00145 SRG-OS-000365-GPOS-00152 SRG-OS-000392-GPOS-00172 SRG-OS-000475-GPOS-00220

6.3.1.1
Updated: about 1 month ago

Remediation Templates

package install audit-libs

- name: Ensure audit-libs is installed
  package:
    name: audit-libs
    state: present
  when: ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
  tags:  - NIST-800-53-AC-7(a)
  - NIST-800-53-AU-12(2)
  - NIST-800-53-AU-14
  - NIST-800-53-AU-2(a)
  - NIST-800-53-AU-7(1)
  - NIST-800-53-AU-7(2)
  - NIST-800-53-CM-6(a)
  - PCI-DSS-Req-10.2.1
  - enable_strategy
  - low_complexity
  - low_disruption
  - medium_severity
  - no_reboot_needed
  - package_audit-libs_installed

package --add=audit-libs

include install_audit-libs
class install_audit-libs {
  package { 'audit-libs':
    ensure => 'installed',
  }
}

[[packages]]
name = "audit-libs"
version = "*"

# Remediation is applicable only in certain platforms
if [ ! -f /.dockerenv ] && [ ! -f /run/.containerenv ]; then
if ! rpm -q --quiet "audit-libs" ; then
    dnf install -y "audit-libs"
fi
else
    >&2 echo 'Remediation is not applicable, nothing was done'
fi

Ensure the audit-libs package as a part of audit Subsystem is Installed

Description

Rationale

Remediation Templates

script:kickstart

An Ansible Snippet

Anaconda Pre-Install Instructions

A Puppet Snippet

OS Build Blueprint

A Shell Script