Information
NOTE: Update the value of CIS_AUDIT_CLASS with the appropriate value for the local environment.
Solution
To enforce this setting, use the command:
# auditconfig -conf
# auditconfig -setflags lo,ad,ft,ex,cis
# auditconfig -setnaflags lo
# auditconfig -setpolicy cnt,argv,zonename
# auditconfig -setplugin audit_binfile active p_minfree=1
# audit -s
# rolemod -K audit_flags=lo,ad,ft,ex,cis:no root
# EDITOR=ed crontab -e root << END_CRON
$ a 0 * * * * /usr/sbin/audit -n .
w q
END_CRON
# chown root:root /var/audit
# chmod 750 /var/audit