The Photon operating system must enable the auditd service.
Severity | Group ID | Group Title | Version | Rule ID | Date | STIG Version |
|---|---|---|---|---|---|---|
| medium | V-258808 | SRG-OS-000039-GPOS-00017 | PHTN-40-000016 | SV-258808r1003628_rule | 2024-07-11 | 2 |
Description
Without the capability to generate audit records, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one. To that end, the auditd service must be configured to start automatically and be running at all times.
Satisfies: SRG-OS-000039-GPOS-00017, SRG-OS-000040-GPOS-00018, SRG-OS-000041-GPOS-00019, SRG-OS-000042-GPOS-00021, SRG-OS-000062-GPOS-00031, SRG-OS-000255-GPOS-00096, SRG-OS-000363-GPOS-00150, SRG-OS-000365-GPOS-00152, SRG-OS-000446-GPOS-00200
ℹ️ Check
At the command line, run the following command to verify auditd is enabled and running:
# systemctl status auditd
If the service is not enabled and running, this is a finding.
✔️ Fix
At the command line, run the following commands:
# systemctl enable auditd
# systemctl start auditd