4.4 Enable Auditing of Process and Privilege Events - AUE_SETPPRIV : cis

Information

NOTE: Update the value of CIS_AUDIT_CLASS with the appropriate value for the local environment.

Solution

To enforce this setting, edit the /etc/security/audit_event file and add the cis audit class to the following audit events:
AUE_CHROOT
AUE_SETREUID
AUE_SETREGID
AUE_FCHROOT
AUE_PFEXEC
AUE_SETUID
AUE_NICE
AUE_SETGID
AUE_PRIOCNTLSYS
AUE_SETEGID
AUE_SETEUID
AUE_SETPPRIV
AUE_SETSID
AUE_SETPGID

See Also

https://workbench.cisecurity.org/files/612

Item Details

Category: AUDIT AND ACCOUNTABILITY

References: 800-53|AU-12c.

Plugin: Unix

Control ID: 25f4792ceb8d6c0d00452f7b7f52a946b6c7912e6e611d5d48136dfbe3fa02f7