GEN000000-LNX00720 - Auditing must be enabled at boot by setting a kernel parameter.

Information

If auditing is enabled late in the boot process, the actions of startup scripts may not be audited. Some audit systems also maintain state information only available if auditing is enabled before a given process is created.

Solution

Edit the grub bootloader file /boot/grub/grub.conf or /boot/grub/menu.lst by appending the 'audit=1' parameter to the kernel boot line.
Reboot the system for the change to take effect.

See Also

http://iasecontent.disa.mil/stigs/zip/U_RedHat_5_V1R18_STIG.zip

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-6b., CAT|III, CCE|CCE-15026-8, CCI|CCI-000366, Group-ID|V-22598, Rule-ID|SV-27001r1_rule, STIG-ID|GEN000000-LNX00720, Vuln-ID|V-22598

Plugin: Unix

Control ID: 09b2a3e16b57d6e821bf790b84dd4dcf287fb3f080bcf0489f29c7d9dff1f823