The Ubuntu operating system must initiate session audits at system startup.

An XCCDF Rule

Description

<VulnDiscussion>If auditing is enabled late in the startup process, the actions of some startup processes may not be audited. Some audit systems also maintain state information only available if auditing is enabled before a given process is created.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID: SV-219149r610963_rule
Severity: Medium
References: CCI-001464
Updated: 9 months ago

Configure the Ubuntu operating system to produce audit records at system startup. 

Edit /etc/default/grub file and add "audit=1" to the GRUB_CMDLINE_LINUX option.

To update the grub config file run,
sudo update-grub

The Ubuntu operating system must initiate session audits at system startup.

Description

Remediation - Manual Procedure