Detections
Analytics

5.3.6 Enable Auditing for Processes That Start Prior to auditd 'kernel .* audit = 1'

Information

Configuration Level : Level-II

Solution

# ed /etc/grub.conf << END
g/audit=1/s///g
g/kernel/s/$/ audit=1/
w
q
END

See Also

https://workbench.cisecurity.org/files/214

Item Details

Category: AUDIT AND ACCOUNTABILITY, SYSTEM AND INFORMATION INTEGRITY

References: 800-53|AU-14(1), 800-53|SI-7(9), CCE|CCE-15026-8

Plugin: Unix

Control ID: 561faccf144e4150b543a466c7310f283f719e01f6e77ba24406b61bfb5d70ba