The Photon operating system must configure auditd to use the correct log format.

An XCCDF Rule

Details
Profiles

Description

To compile an accurate risk assessment and provide forensic analysis, it is essential for security personnel to know exact, unfiltered details of the event in question.

ID: SV-256488r958414_rule
Version: PHTN-30-000011
Severity: Medium
References: CCI-000131
Updated: about 2 months ago

Remediation Templates

Navigate to and open:

/etc/audit/auditd.conf

Ensure the "log_format" line is uncommented and set to the following:
log_format = RAW

At the command line, run the following command:

# killproc auditd -TERM
# systemctl start auditd

The Photon operating system must configure auditd to use the correct log format.

Description

Remediation Templates

A Manual Procedure