GEN000000-SOL00040 - The /etc/security/audit_user file must not define a different auditing level for specific users.

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version

Information

The audit_user file may be used to selectively audit more, or fewer, auditing features for specific individuals. If used this way it could subject the activity to a lawsuit and could cause the loss of valuable auditing data in the case of a system compromise. If an item is audited for one individual (other than for root and administrative users - who have more auditing features) it must be audited for all.

NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.

Solution

Edit the audit_user file and remove specific user configurations differing from the global audit settings.

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_SOL_10_SPARC_V2R2_STIG.zip

Item Details

Category: AUDIT AND ACCOUNTABILITY

References: 800-53|AU-3(1), CAT|II, CCI|CCI-000172, CSCv6|6.2, Rule-ID|SV-226406r603265_rule, STIG-ID|GEN000000-SOL00040, STIG-Legacy|SV-4353, STIG-Legacy|V-4353, Vuln-ID|V-226406

Plugin: Unix

Control ID: 0519b4f3932f5ef81b19a9d29b2a908eef372f5f81281b16657bdc22059a82d2