Skip to content

Ensure the audit Subsystem is Installed

An XCCDF Rule

Description

The audit package should be installed.

Rationale

The auditd service is an access monitoring and accounting daemon, watching system calls to audit any access, in comparison with potential local access control policy such as SELinux policy.

ID
xccdf_org.ssgproject.content_rule_package_audit_installed
Severity
Medium
References
Updated



Remediation - Anaconda Pre-Install Instructions


package --add=audit

Remediation - OS Build Blueprint


[[packages]]
name = "audit"
version = "*"

Remediation - Ansible

- name: Ensure audit is installed
  package:
    name: audit
    state: present
  when: ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
  tags:

Remediation - Puppet

include install_audit

class install_audit {
  package { 'audit':
    ensure => 'installed',
  }

Remediation - Shell Script

# Remediation is applicable only in certain platforms
if [ ! -f /.dockerenv ] && [ ! -f /run/.containerenv ]; then

if ! rpm -q --quiet "audit" ; then
    dnf install -y "audit"
fi