The Photon operating system must enable the auditd service.

An XCCDF Rule

Details
Profiles

Description

Without the capability to generate audit records, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one. To that end, the auditd service must be configured to start automatically and be running at all times. Satisfies: SRG-OS-000039-GPOS-00017, SRG-OS-000040-GPOS-00018, SRG-OS-000041-GPOS-00019, SRG-OS-000042-GPOS-00021, SRG-OS-000062-GPOS-00031, SRG-OS-000255-GPOS-00096, SRG-OS-000363-GPOS-00150, SRG-OS-000365-GPOS-00152, SRG-OS-000446-GPOS-00200

ID: SV-258808r1003628_rule
Version: PHTN-40-000016
Severity: Medium
References: CCI-000132 CCI-000133 CCI-000134 CCI-000135 CCI-000169 CCI-001487 CCI-001744 CCI-002699 CCI-003938
Updated: about 2 months ago

Remediation Templates

At the command line, run the following commands:

# systemctl enable auditd
# systemctl start auditd

The Photon operating system must enable the auditd service.

Description

Remediation Templates

A Manual Procedure