The Ubuntu operating system must initiate session audits at system start-up.

An XCCDF Rule

Description

<VulnDiscussion>If auditing is enabled late in the start-up process, the actions of some start-up processes may not be audited. Some audit systems also maintain state information only available if auditing is enabled before a given process is created.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID: SV-238299r654072_rule
Severity: Medium
References: CCI-001464
Updated: 8 months ago

Configure the Ubuntu operating system to produce audit records at system startup.  
 
Edit the "/etc/default/grub" file and add "audit=1" to the "GRUB_CMDLINE_LINUX" option. 
 
To update the grub config file, run: 
 $ sudo update-grub

The Ubuntu operating system must initiate session audits at system start-up.

Description

Remediation - Manual Procedure