Enable Process Accounting (psacct)

An XCCDF Rule

Description

The process accounting service, psacct, works with programs including acct and ac to allow system administrators to view user activity, such as commands issued by users of the system. The psacct service can be enabled with the following command:

$ sudo systemctl enable psacct.service

Rationale

The psacct service can provide administrators a convenient view into some user activities. However, it should be noted that the auditing system and its audit records provide more authoritative and comprehensive records.

ID: xccdf_org.ssgproject.content_rule_service_psacct_enabled
Severity: Low
References: 1 11 12 13 14 15 16 2 3 5 6 7 8 9

APO10.01 APO10.03 APO10.04 APO10.05 APO11.04 BAI03.05 BAI10.01 BAI10.02 BAI10.03 BAI10.05 DSS01.03 DSS03.05 DSS05.02 DSS05.04 DSS05.05 DSS05.07 DSS06.06 MEA01.01 MEA01.02 MEA01.03 MEA01.04 MEA01.05 MEA02.01

4.3.2.6.7 4.3.3.3.9 4.3.3.5.1 4.3.3.5.2 4.3.3.5.3 4.3.3.5.4 4.3.3.5.5 4.3.3.5.6 4.3.3.5.7 4.3.3.5.8 4.3.3.6.1 4.3.3.6.2 4.3.3.6.3 4.3.3.6.4 4.3.3.6.5 4.3.3.6.6 4.3.3.6.7 4.3.3.6.8 4.3.3.6.9 4.3.3.7.1 4.3.3.7.2 4.3.3.7.3 4.3.3.7.4 4.3.4.3.2 4.3.4.3.3 4.3.4.4.7 4.4.2.1 4.4.2.2 4.4.2.4

SR 1.1 SR 1.10 SR 1.11 SR 1.12 SR 1.13 SR 1.2 SR 1.3 SR 1.4 SR 1.5 SR 1.6 SR 1.7 SR 1.8 SR 1.9 SR 2.1 SR 2.10 SR 2.11 SR 2.12 SR 2.2 SR 2.3 SR 2.4 SR 2.5 SR 2.6 SR 2.7 SR 2.8 SR 2.9 SR 6.1 SR 6.2 SR 7.6

A.12.1.2 A.12.4.1 A.12.4.2 A.12.4.3 A.12.4.4 A.12.5.1 A.12.6.2 A.12.7.1 A.14.2.2 A.14.2.3 A.14.2.4 A.14.2.7 A.15.2.1 A.15.2.2 A.9.1.2

AU-12(a) CM-6(a)

DE.CM-1 DE.CM-3 DE.CM-7 ID.SC-4 PR.IP-1 PR.PT-1 PR.PT-3

CCE-82401-1
Updated: 5 days ago

include enable_psacct

class enable_psacct {
  service {'psacct':
    enable => true,
    ensure => 'running',  }
}

- name: Gather the package facts
  package_facts:
    manager: auto
  tags:
  - CCE-82401-1
  - NIST-800-53-AU-12(a)  - NIST-800-53-CM-6(a)
  - enable_strategy
  - low_complexity
  - low_disruption
  - low_severity
  - no_reboot_needed
  - service_psacct_enabled

- name: Enable Process Accounting (psacct) - Enable service psacct
  block:

  - name: Gather the package facts
    package_facts:
      manager: auto

  - name: Enable Process Accounting (psacct) - Enable Service psacct
    ansible.builtin.systemd:
      name: psacct
      enabled: true
      state: started
      masked: false
    when:
    - '"psacct" in ansible_facts.packages'
  when: '"kernel" in ansible_facts.packages'
  tags:
  - CCE-82401-1
  - NIST-800-53-AU-12(a)
  - NIST-800-53-CM-6(a)
  - enable_strategy
  - low_complexity
  - low_disruption
  - low_severity
  - no_reboot_needed
  - service_psacct_enabled


service enable psacct


[customizations.services]
enabled = ["psacct"]

# Remediation is applicable only in certain platforms
if rpm --quiet -q kernel; then

SYSTEMCTL_EXEC='/usr/bin/systemctl'
"$SYSTEMCTL_EXEC" unmask 'psacct.service'
"$SYSTEMCTL_EXEC" start 'psacct.service'"$SYSTEMCTL_EXEC" enable 'psacct.service'

else
    >&2 echo 'Remediation is not applicable, nothing was done'
fi

Enable Process Accounting (psacct)

Description

Rationale

Remediation - Puppet

Remediation - Ansible

Remediation - script:kickstart

Remediation - OS Build Blueprint

Remediation - Shell Script