Detections
Analytics
UBTU-20-010198 - The Ubuntu operating system must initiate session audits at system start-up.
Information
If auditing is enabled late in the start-up process, the actions of some start-up processes may not be audited. Some audit systems also maintain state information only available if auditing is enabled before a given process is created.Solution
Configure the Ubuntu operating system to produce audit records at system startup.Edit the "/etc/default/grub" file and add "audit=1" to the "GRUB_CMDLINE_LINUX" option and to the "GRUB_CMDLINE_LINUX_DEFAULT" option.
GRUB_CMDLINE_LINUX_DEFAULT="audit=1"
GRUB_CMDLINE_LINUX="audit=1"
To update the grub config file, run:
$ sudo update-grub
See Also
https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_CAN_Ubuntu_20-04_LTS_V2R4_STIG.zip
Item Details
Audit Name: DISA Canonical Ubuntu 20.04 LTS STIG v2r4
Category: AUDIT AND ACCOUNTABILITY
References: 800-53|AU-14(1), CAT|II, CCI|CCI-001464, Rule-ID|SV-238299r1069095_rule, STIG-ID|UBTU-20-010198, Vuln-ID|V-238299
Plugin: Unix
Control ID: 9f359f738220911418b9260bd48bad873265b49205ae897e0d7324eb19638b86