Ensure the audit Subsystem is Installed

An XCCDF Rule

Description

The audit package should be installed.

Rationale

The auditd service is an access monitoring and accounting daemon, watching system calls to audit any access, in comparison with potential local access control policy such as SELinux policy.

ID: xccdf_org.ssgproject.content_rule_package_audit_installed
Severity: Medium
References: CCI-000130 CCI-000131 CCI-000132 CCI-000133 CCI-000134 CCI-000135 CCI-000154 CCI-000158 CCI-000159 CCI-000169 CCI-000172 CCI-001464 CCI-001487 CCI-001875 CCI-001876 CCI-001877 CCI-001878 CCI-001879 CCI-001880 CCI-001881 CCI-001882 CCI-001889 CCI-001914 CCI-002884 CCI-003938

164.308(a)(1)(ii)(D) 164.308(a)(5)(ii)(C) 164.310(a)(2)(iv) 164.310(d)(2)(iii) 164.312(b)

CIP-004-6 R3.3 CIP-007-3 R6.5

AC-7(a) AU-12(2) AU-14 AU-2(a) AU-7(1) AU-7(2) CM-6(a)

FAU_GEN.1

Req-10.1

SRG-OS-000037-GPOS-00015 SRG-OS-000038-GPOS-00016 SRG-OS-000039-GPOS-00017 SRG-OS-000040-GPOS-00018 SRG-OS-000041-GPOS-00019 SRG-OS-000042-GPOS-00021 SRG-OS-000051-GPOS-00024 SRG-OS-000054-GPOS-00025 SRG-OS-000062-GPOS-00031 SRG-OS-000122-GPOS-00063 SRG-OS-000254-GPOS-00095 SRG-OS-000255-GPOS-00096 SRG-OS-000337-GPOS-00129 SRG-OS-000348-GPOS-00136 SRG-OS-000349-GPOS-00137 SRG-OS-000350-GPOS-00138 SRG-OS-000351-GPOS-00139 SRG-OS-000352-GPOS-00140 SRG-OS-000353-GPOS-00141 SRG-OS-000354-GPOS-00142 SRG-OS-000358-GPOS-00145 SRG-OS-000365-GPOS-00152 SRG-OS-000392-GPOS-00172 SRG-OS-000475-GPOS-00220

R33 R73

10.2 10.2.1

SLEM-05-653010

SV-261410r996645_rule

CCE-93756-5
Updated: about 1 month ago

Remediation Templates

- name: Gather the package facts
  package_facts:
    manager: auto
  tags:
  - CCE-93756-5
  - DISA-STIG-SLEM-05-653010  - NIST-800-53-AC-7(a)
  - NIST-800-53-AU-12(2)
  - NIST-800-53-AU-14
  - NIST-800-53-AU-2(a)
  - NIST-800-53-AU-7(1)
  - NIST-800-53-AU-7(2)
  - NIST-800-53-CM-6(a)
  - PCI-DSS-Req-10.1
  - PCI-DSSv4-10.2
  - PCI-DSSv4-10.2.1
  - enable_strategy
  - low_complexity
  - low_disruption
  - medium_severity
  - no_reboot_needed
  - package_audit_installed
- name: Ensure audit is installed
  package:
    name: audit
    state: present
  when: '"kernel-default" in ansible_facts.packages'
  tags:
  - CCE-93756-5
  - DISA-STIG-SLEM-05-653010
  - NIST-800-53-AC-7(a)
  - NIST-800-53-AU-12(2)
  - NIST-800-53-AU-14
  - NIST-800-53-AU-2(a)
  - NIST-800-53-AU-7(1)
  - NIST-800-53-AU-7(2)
  - NIST-800-53-CM-6(a)
  - PCI-DSS-Req-10.1
  - PCI-DSSv4-10.2
  - PCI-DSSv4-10.2.1
  - enable_strategy
  - low_complexity
  - low_disruption
  - medium_severity
  - no_reboot_needed
  - package_audit_installed

include install_audit
class install_audit {
  package { 'audit':
    ensure => 'installed',
  }
}

[[packages]]
name = "audit"
version = "*"

# Remediation is applicable only in certain platforms
if rpm --quiet -q kernel-default; then
zypper install -y "audit"

else
    >&2 echo 'Remediation is not applicable, nothing was done'
fi

Ensure the audit Subsystem is Installed

Description

Rationale

Remediation Templates

An Ansible Snippet

A Puppet Snippet

OS Build Blueprint

A Shell Script