AIX7-00-002023 - AIX must start audit at boot.

Information

If auditing is enabled late in the start-up process, the actions of some start-up processes may not be audited. Some audit systems also maintain state information only available if auditing is enabled before a given process is created.

Solution

To start auditing at system startup, add the following line to the /etc/rc file, just prior to the line reading dspmsg rc.cat 5 'Multi-user initialization completed':
/usr/sbin/audit start

Symmetrically add the '/usr/sbin/audit shutdown' command to /etc/rc.shutdown.

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_IBM_AIX_7-x_V2R5_STIG.zip

Item Details

Category: AUDIT AND ACCOUNTABILITY

References: 800-53|AU-14(1), CAT|II, CCI|CCI-001464, Rule-ID|SV-215247r508663_rule, STIG-ID|AIX7-00-002023, STIG-Legacy|SV-101561, STIG-Legacy|V-91463, Vuln-ID|V-215247

Plugin: Unix

Control ID: dc1fbc9dd897320243b0830faa119f8d60fbc35f3526798de1865b8e060510c3