Back

Enable the auditd service as necessary.


CONTROL ID
04950
CONTROL TYPE
Configuration
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS



This Control directly supports the implied Control(s):
  • Disable all unnecessary services unless otherwise noted in a policy exception., CC ID: 00880

There are no implementation support Controls.


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH



  • Ensure auditd is installed Description: auditd is the userspace component to the Linux Auditing System. It's responsible for writing audit records to the disk Rationale: The capturing of system events provides system administrators with information to allow them to determine if unauthorized access t… (4.1.1.1, CIS Amazon Linux 2 Benchmark, v.2.0.0, Level 2)
  • Ensure auditd service is enabled and running Description: Turn on the `auditd` daemon to record system events. Rationale: The capturing of system events provides system administrators with information to allow them to determine if unauthorized access to their system is occurring. Remediation Procedu… (4.1.1.2, CIS Amazon Linux 2 Benchmark, v.2.0.0, Level 2)
  • Title: Enable auditd Service Description: Turn on the auditd daemon to record system events. Rationale: The capturing of system events provides system administrators with information to allow them to determine if unauthorized access to their system is occurring. Fix Text: # chkconfig auditd on … (Rule: xccdf_org.cisecurity.benchmarks_rule_4.2.2_Enable_auditd_Service Artifact Expression: xccdf_org.cisecurity.benchmarks_ae_4.2.2.1_service.auditd, The Center for Internet Security CentOS 6 Level 2 Benchmark, 1.0.0)
  • Ensure auditing is configured for the Docker daemon Description: Audit all Docker daemon activities. Rationale: As well as auditing the normal Linux file system and system calls, you should also audit the Docker daemon. Because this daemon runs with `root` privileges. It is very important to audit i… (1.2.3, The Center for Internet Security Docker Level 1 Linux Host OS Benchmark, v 1.2.0)
  • Ensure auditing is configured for the Docker daemon Description: Audit all Docker daemon activities. Rationale: As well as auditing the normal Linux file system and system calls, you should also audit the Docker daemon. Because this daemon runs with `root` privileges. It is very important to audit i… (1.2.3, The Center for Internet Security Docker Level 2 Linux Host OS Benchmark, v 1.2.0)
  • Title: Enable auditd Service Description: Turn on the auditd daemon to record system events. Rationale: The capturing of system events provides system administrators with information to allow them to determine if unauthorized access to their system is occurring. Fix Text: # chkconfig auditd … (Rule:xccdf_org.cisecurity.benchmarks_rule_5.2.2_Enable_auditd_Service Artifact Expression:xccdf_org.cisecurity.benchmarks_ae_5.2.2.1_service.auditd, The Center for Internet Security Red Hat Enterprise Linux 6 Level 2 Benchmark, 1.2.0)
  • Title: Install and Enable auditd Service Description: Install and turn on the auditd daemon to record system events. Rationale: The capturing of system events provides system administrators with information to allow them to determine if unauthorized access to their system is occurring. … (Rule: xccdf_org.cisecurity.benchmarks_rule_8.1.2_Install_and_Enable_auditd_Service Artifact Expression: xccdf_org.cisecurity.benchmarks_ae_8.1.2.1_, The Center for Internet Security Ubuntu 12.04 LTS Level 2 Benchmark, v1.0.0)
  • Title: Install and Enable auditd Service Description: Install and turn on the auditd daemon to record system events. Rationale: The capturing of system events provides system administrators with information to allow them to determine if unauthorized access to their system is occurring. … (Rule: xccdf_org.cisecurity.benchmarks_rule_8.1.2_Install_and_Enable_auditd_Service Artifact Expression: xccdf_org.cisecurity.benchmarks_ae_8.1.2.2_service.auditd, The Center for Internet Security Ubuntu 12.04 LTS Level 2 Benchmark, v1.0.0)
  • Ensure auditd service is enabled Description: Turn on the `auditd` daemon to record system events. Rationale: The capturing of system events provides system administrators with information to allow them to determine if unauthorized access to their system is occurring. Remediation Procedure: Run the … (4.1.1.2, CIS Oracle Linux 8 Benchmark, Server Level 2, v1.0.1)
  • Ensure auditd is installed Description: auditd is the userspace component to the Linux Auditing System. It's responsible for writing audit records to the disk Rationale: The capturing of system events provides system administrators with information to allow them to determine if unauthorized access t… (4.1.1.1, CIS Oracle Linux 8 Benchmark, Server Level 2, v1.0.1)
  • The auditd service should be enabled or disabled as appropriate. Technical Mechanisms: via chkconfig Parameters: enabled / disabled References: Section: 2.6.2.1, Value: enabled CCE-U-203 (CCE-4292-9, Common Configuration Enumeration List, Combined XML: Red Hat Enterprise Linux 5, 5.20130214)