4.1.1.2 Ensure auditd service is enabled and running

Information

Turn on the auditd daemon to record system events.

Rationale:

The capturing of system events provides system administrators with information to allow them to determine if unauthorized access to their system is occurring.

Solution

Run the following command to enable and start auditd :

# systemctl --now enable auditd

See Also

https://workbench.cisecurity.org/files/3636

Item Details

Category: AUDIT AND ACCOUNTABILITY

References: 800-53|AU-2d., 800-53|AU-3, CCI|CCI-000126, CCI|CCI-000131, CSCv7|6.2, CSCv7|6.3, Rule-ID|SV-204503r603261_rule, STIG-ID|RHEL-07-030000

Plugin: Unix

Control ID: 652d6718c8ebe37e826e0431208ef631a79391dc29ce007ccd01b3d2ff40ad56