UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

AIX must start audit at boot.


Overview

Finding ID Version Rule ID IA Controls Severity
V-215247 AIX7-00-002023 SV-215247r508663_rule Medium
Description
If auditing is enabled late in the start-up process, the actions of some start-up processes may not be audited. Some audit systems also maintain state information only available if auditing is enabled before a given process is created.
STIG Date
IBM AIX 7.x Security Technical Implementation Guide 2021-03-10

Details

Check Text ( C-16445r294192_chk )
Check if /etc/rc contains the following line:
/usr/sbin/audit start

# grep "audit start" /etc/rc
/usr/sbin/audit start

If a result is not returned, this is a finding.
Fix Text (F-16443r294193_fix)
To start auditing at system startup, add the following line to the /etc/rc file, just prior to the line reading dspmsg rc.cat 5 'Multi-user initialization completed':
/usr/sbin/audit start

Symmetrically add the '/usr/sbin/audit shutdown' command to /etc/rc.shutdown.