Ensure the audit-libs package as a part of audit Subsystem is Installed

An XCCDF Rule

Description

The audit-libs package should be installed.

Rationale

The auditd service is an access monitoring and accounting daemon, watching system calls to audit any access, in comparison with potential local access control policy such as SELinux policy.

ID: xccdf_org.ssgproject.content_rule_package_audit-libs_installed
Severity: Medium
References: CCI-000130 CCI-000131 CCI-000132 CCI-000133 CCI-000134 CCI-000135 CCI-000154 CCI-000158 CCI-000169 CCI-000172 CCI-001464 CCI-001487 CCI-001875 CCI-001876 CCI-001877 CCI-001878 CCI-001879 CCI-001880 CCI-001881 CCI-001882 CCI-001889 CCI-001914 CCI-002884 CCI-003938

CIP-004-6 R3.3 CIP-007-3 R6.5

AC-7(a) AU-12(2) AU-14 AU-2(a) AU-7(1) AU-7(2) CM-6(a)

Req-10.2.1

SRG-OS-000037-GPOS-00015 SRG-OS-000038-GPOS-00016 SRG-OS-000039-GPOS-00017 SRG-OS-000040-GPOS-00018 SRG-OS-000041-GPOS-00019 SRG-OS-000042-GPOS-00021 SRG-OS-000051-GPOS-00024 SRG-OS-000054-GPOS-00025 SRG-OS-000062-GPOS-00031 SRG-OS-000122-GPOS-00063 SRG-OS-000254-GPOS-00095 SRG-OS-000255-GPOS-00096 SRG-OS-000337-GPOS-00129 SRG-OS-000348-GPOS-00136 SRG-OS-000349-GPOS-00137 SRG-OS-000350-GPOS-00138 SRG-OS-000351-GPOS-00139 SRG-OS-000352-GPOS-00140 SRG-OS-000353-GPOS-00141 SRG-OS-000354-GPOS-00142 SRG-OS-000358-GPOS-00145 SRG-OS-000365-GPOS-00152 SRG-OS-000392-GPOS-00172 SRG-OS-000475-GPOS-00220

6.3.1.1
Updated: about 1 month ago

Remediation Templates

include install_audit-libs
class install_audit-libs {
  package { 'audit-libs':
    ensure => 'installed',
  }
}

- name: Gather the package facts
  package_facts:
    manager: auto
  tags:
  - NIST-800-53-AC-7(a)
  - NIST-800-53-AU-12(2)  - NIST-800-53-AU-14
  - NIST-800-53-AU-2(a)
  - NIST-800-53-AU-7(1)
  - NIST-800-53-AU-7(2)
  - NIST-800-53-CM-6(a)
  - PCI-DSS-Req-10.2.1
  - enable_strategy
  - low_complexity
  - low_disruption
  - medium_severity
  - no_reboot_needed
  - package_audit-libs_installed
- name: Ensure audit-libs is installed
  package:
    name: audit-libs
    state: present
  when: '"kernel" in ansible_facts.packages'
  tags:
  - NIST-800-53-AC-7(a)
  - NIST-800-53-AU-12(2)
  - NIST-800-53-AU-14
  - NIST-800-53-AU-2(a)
  - NIST-800-53-AU-7(1)
  - NIST-800-53-AU-7(2)
  - NIST-800-53-CM-6(a)
  - PCI-DSS-Req-10.2.1
  - enable_strategy
  - low_complexity
  - low_disruption
  - medium_severity
  - no_reboot_needed
  - package_audit-libs_installed

package install audit-libs

[[packages]]
name = "audit-libs"
version = "*"

dnf install audit-libs

package --add=audit-libs

# Remediation is applicable only in certain platforms
if rpm --quiet -q kernel; then
if ! rpm -q --quiet "audit-libs" ; then
    dnf install -y "audit-libs"
fi
else
    >&2 echo 'Remediation is not applicable, nothing was done'
fi

Ensure the audit-libs package as a part of audit Subsystem is Installed

Description

Rationale

Remediation Templates

A Puppet Snippet

An Ansible Snippet

script:kickstart

OS Build Blueprint

script:bootc

Anaconda Pre-Install Instructions

A Shell Script