4.9 Enable Kernel Level Auditing - Check audit policies is set to arge,argv,cnt

Information

Kernel-level auditing provides information on commands and system calls that are executed on the local system. The audit trail may be reviewed with the praudit command. Note that enabling kernel-level auditing on Solaris disables the automatic mounting of external devices via the Solaris volume manager daemon (vold).

Solution

Please refer to the CIS document, page 74 for the remediation steps for this check

See Also

https://workbench.cisecurity.org/files/614

Item Details

Category: AUDIT AND ACCOUNTABILITY

References: 800-53|AU-12c.

Plugin: Unix

Control ID: 10d2244db1b6b0c3acec2de9b50dfeec433d91f1fb5d92a653c4ad2064fdb2d6