Skip to content
ATO Pathways
Log In
Overview
Search
Catalogs
SCAP
OSCAL
Catalogs
Profiles
Documents
References
Knowledge Base
Platform Documentation
Compliance Dictionary
Platform Changelog
About
Catalogs
XCCDF
Guide to the Secure Configuration of SUSE Linux Enterprise 15
System Settings
System Accounting with auditd
Configure auditd Rules for Comprehensive Auditing
Remove Default Configuration to Disable Syscall Auditing
Remove Default Configuration to Disable Syscall Auditing
An XCCDF Rule
Details
Profiles
Prose
Remove Default Configuration to Disable Syscall Auditing
Medium Severity
By default, SUSE Linux Enterprise 15 ships an audit rule to disable syscall auditing for performance reasons. To make sure that syscall auditing works, this line must be removed from
/etc/audit/rules.d/audit.rules
and
/etc/audit/audit.rules
:
-a task,never