4.4 Enable Auditing of Process and Privilege Events - AUE_SETEGID : cis

Information

NOTE: Update the value of CIS_AUDIT_CLASS with the appropriate value for the local environment.

Solution

To enforce this setting, edit the /etc/security/audit_event file and add the cis audit class to the following audit events:
AUE_CHROOT
AUE_SETREUID
AUE_SETREGID
AUE_FCHROOT
AUE_PFEXEC
AUE_SETUID
AUE_NICE
AUE_SETGID
AUE_PRIOCNTLSYS
AUE_SETEGID
AUE_SETEUID
AUE_SETPPRIV
AUE_SETSID
AUE_SETPGID

See Also

https://workbench.cisecurity.org/files/611

Item Details

Category: AUDIT AND ACCOUNTABILITY

References: 800-53|AU-12c.

Plugin: Unix

Control ID: 0292ba6a6ed5be31af610c4f7087411bb7db80bd7de5a4282781e221e614a817