OL6-00-000145 - The operating system must produce audit records containing sufficient information to establish the identity of any user/subject associated with the event - PROCESS_CHECK

Information

Ensuring the 'auditd' service is active ensures audit records generated by the kernel can be written to disk, or that appropriate actions will be taken if other obstacles exist.

Solution

The 'auditd' service is an essential userspace component of the Linux Auditing System, as it is responsible for writing audit records to disk. The 'auditd' service can be enabled with the following commands:

# chkconfig auditd on
# service auditd start

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_Oracle_Linux_6_V2R7_STIG.zip

Item Details

Category: AUDIT AND ACCOUNTABILITY

References: 800-53|AU-3, CAT|II, CCI|CCI-001487, Rule-ID|SV-208875r793660_rule, STIG-ID|OL6-00-000145, STIG-Legacy|SV-65233, STIG-Legacy|V-51027, Vuln-ID|V-208875

Plugin: Unix

Control ID: f871372cb820cb6a1cc5592b8df3ec70301217b2dc6e34eac0bedd750a2efa8a