Back

Configure the "audit processes that start prior to auditd" setting to organizational standards.


CONTROL ID
09947
CONTROL TYPE
Configuration
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS



This Control directly supports the implied Control(s):
  • Configure Red Hat Enterprise Linux to Organizational Standards., CC ID: 08713

There are no implementation support Controls.


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH



  • Ensure auditing for processes that start prior to auditd is enabled Description: Configure `grub` so that processes that are capable of being audited can be audited even if they start up prior to `auditd` startup. Rationale: Audit events need to be captured on processes that start up prior to `audit… (4.1.1.3, CIS Amazon Linux 2 Benchmark, v.2.0.0, Level 2)
  • Title: Enable Auditing for Processes That Start Prior to auditd Description: Configure grub so that processes that are capable of being audited can be audited even if they start up prior to auditd startup. Rationale: Audit events need to be captured on processes that start up prior to auditd, so… (Rule: xccdf_org.cisecurity.benchmarks_rule_4.2.3_Enable_Auditing_for_Processes_That_Start_Prior_to_auditd Artifact Expression: xccdf_org.cisecurity.benchmarks_ae_4.2.3.1_grubconf.kernel.audit, The Center for Internet Security CentOS 6 Level 2 Benchmark, 1.0.0)
  • Title: Enable Auditing for Processes That Start Prior to auditd Description: Configure grub so that processes that are capable of being audited can be audited even if they start up prior to auditd startup. Rationale: Audit events need to be captured on processes that start up prior to auditd, … (Rule:xccdf_org.cisecurity.benchmarks_rule_5.2.3_Enable_Auditing_for_Processes_That_Start_Prior_to_auditd Artifact Expression:xccdf_org.cisecurity.benchmarks_ae_5.2.3.1_grubconf.kernel.audit, The Center for Internet Security Red Hat Enterprise Linux 6 Level 2 Benchmark, 1.2.0)
  • Title: Enable Auditing for Processes That Start Prior to auditd Description: Configure grub or lilo so that processes that are capable of being audited can be audited even if they start up prior to auditd startup. Rationale: Audit events need to be captured on processes that start up pri… (Rule: xccdf_org.cisecurity.benchmarks_rule_8.1.3_Enable_Auditing_for_Processes_That_Start_Prior_to_auditd Artifact Expression: xccdf_org.cisecurity.benchmarks_ae_8.1.3.1_grubconf.kernel.audit, The Center for Internet Security Ubuntu 12.04 LTS Level 2 Benchmark, v1.0.0)
  • Ensure auditing for processes that start prior to auditd is enabled Description: Configure `grub2` so that processes that are capable of being audited can be audited even if they start up prior to `auditd` startup. Rationale: Audit events need to be captured on processes that start up prior to `audi… (4.1.1.3, CIS Oracle Linux 8 Benchmark, Server Level 2, v1.0.1)