Information
Maintaining an audit trail of system activity logs can help identify configuration errors, troubleshoot service disruptions, and analyze compromises or attacks that have occurred, has begun, or is about to begin. Audit logs are necessary to provide a trail of evidence in case the system or network is compromised.
Solution
Perform the following to implement the prescribed state:
Open a terminal session and edit the /etc/security/audit_control file
Find the line beginning with 'flags'
Add the following flags: lo,ad,fd,fm,-all.
Save the file.