AlmaLinux OS 9 must produce audit records containing information to establish the identity of any individual or process associated with the event.

An XCCDF Rule

Details
Profiles

Description

Without information that establishes the identity of the subjects (i.e., users or processes acting on behalf of users) associated with the events, security personnel cannot determine responsibility for the potentially harmful event.

ID: SV-269468r1050351_rule
Version: ALMA-09-046880
Severity: Medium
References: CCI-001487
Updated: about 2 months ago

Remediation Templates

Edit the /etc/audit/auditd.conf file and add or update the "log_format" option:

log_format = ENRICHED

The audit daemon must be restarted for changes to take effect.

AlmaLinux OS 9 must produce audit records containing information to establish the identity of any individual or process associated with the event.

Description

Remediation Templates

A Manual Procedure