AIX7-00-002006 - AIX must produce audit records containing the full-text recording of privileged commands.

Information

Reconstruction of harmful events or forensic analysis is not possible if audit records do not contain enough information.

At a minimum, the organization must audit the full-text recording of privileged commands. The organization must maintain audit trails in sufficient detail to reconstruct events to determine the cause and impact of compromise.

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

Reset the audit system with the following command:
# /usr/sbin/audit shutdown

Start the audit system with the following command:
# /usr/sbin/audit start

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_IBM_AIX_7-x_V2R9_STIG.zip

Item Details

Category: AUDIT AND ACCOUNTABILITY

References: 800-53|AU-3(1), CAT|II, CCI|CCI-000135, Rule-ID|SV-215240r508663_rule, STIG-ID|AIX7-00-002006, STIG-Legacy|SV-101355, STIG-Legacy|V-91255, Vuln-ID|V-215240

Plugin: Unix

Control ID: 20b7ada2ec940809ddd8b4d25fff753a813f5918a5cf227233816dc9a3372464