Skip to content

Log USBGuard daemon audit events using Linux Audit

An XCCDF Rule

Description

To configure USBGuard daemon to log via Linux Audit (as opposed directly to a file), AuditBackend option in /etc/usbguard/usbguard-daemon.conf needs to be set to LinuxAudit.

Rationale

Using the Linux Audit logging allows for centralized trace of events.

ID
xccdf_org.ssgproject.content_rule_configure_usbguard_auditbackend
Severity
Low
References
Updated



Remediation - Kubernetes Patch

---
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
metadata:
  annotations:
    complianceascode.io/depends-on: xccdf_org.ssgproject.content_rule_package_usbguard_installed