Ensure the libaudit1 package as a part of audit Subsystem is Installed
An XCCDF Rule
Description
The libaudit1 package should be installed.
Rationale
The auditd service is an access monitoring and accounting daemon, watching system calls to audit any access, in comparison with potential local access control policy such as SELinux policy.
- ID
- xccdf_org.ssgproject.content_rule_package_audit-libs_installed
- Severity
- Medium
- References
-
SRG-OS-000037-GPOS-00015
SRG-OS-000038-GPOS-00016
SRG-OS-000039-GPOS-00017
SRG-OS-000040-GPOS-00018
SRG-OS-000041-GPOS-00019
SRG-OS-000042-GPOS-00021
SRG-OS-000051-GPOS-00024
SRG-OS-000054-GPOS-00025
SRG-OS-000062-GPOS-00031
SRG-OS-000122-GPOS-00063
SRG-OS-000254-GPOS-00095
SRG-OS-000255-GPOS-00096
SRG-OS-000337-GPOS-00129
SRG-OS-000348-GPOS-00136
SRG-OS-000349-GPOS-00137
SRG-OS-000350-GPOS-00138
SRG-OS-000351-GPOS-00139
SRG-OS-000352-GPOS-00140
SRG-OS-000353-GPOS-00141
SRG-OS-000354-GPOS-00142
SRG-OS-000358-GPOS-00145
SRG-OS-000365-GPOS-00152
SRG-OS-000392-GPOS-00172
SRG-OS-000475-GPOS-00220
- Updated
Remediation - Puppet
include install_libaudit1
class install_libaudit1 {
package { 'libaudit1':
ensure => 'installed',
}
Remediation - Shell Script
# Remediation is applicable only in certain platforms
if [ ! -f /.dockerenv ] && [ ! -f /run/.containerenv ]; then
zypper install -y "libaudit1"
else
Remediation - OS Build Blueprint
[[packages]]
name = "libaudit1"
version = "*"
Remediation - Ansible
- name: Ensure libaudit1 is installed
package:
name: libaudit1
state: present
when: ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
tags: