Detections
Analytics

1.269 OL08-00-030603

Information

OL 8 must enable Linux audit logging for the USBGuard daemon.

GROUP ID: V-248805
RULE ID: SV-248805r991579

Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.

Audit records can be generated from various components within the information system (e.g., module or policy filter).

Solution

Configure OL 8 to enable Linux audit logging of the USBGuard daemon by adding or modifying the following line in "/etc/usbguard/usbguard-daemon.conf":

AuditBackend=LinuxAudit

See Also

https://workbench.cisecurity.org/benchmarks/23791

Item Details

Category: AUDIT AND ACCOUNTABILITY

References: 800-53|AU-12c., CAT|II, CCI|CCI-000172, Rule-ID|SV-248805r991579_rule, STIG-ID|OL08-00-030603, Vuln-ID|V-248805

Plugin: Unix

Control ID: 9248ab8f9204ee402946ba990cfae7167ea9c08efbaeed182a1f8c43b4ac34d1