UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Auditing must be enabled at boot by setting a kernel parameter.


Overview

Finding ID Version Rule ID IA Controls Severity
V-22598 GEN000000-LNX00720 SV-27001r1_rule ECSC-1 Low
Description
If auditing is enabled late in the boot process, the actions of startup scripts may not be audited. Some audit systems also maintain state information only available if auditing is enabled before a given process is created.
STIG Date
Red Hat Enterprise Linux 5 Security Technical Implementation Guide 2013-01-17

Details

Check Text ( C-36032r1_chk )
Check for the audit=1 kernel parameter.
# grep 'audit=1' /proc/cmdline
If no results are returned, this is a finding.
Fix Text (F-31278r1_fix)
Edit the grub bootloader file /boot/grub/grub.conf or /boot/grub/menu.lst by appending the "audit=1" parameter to the kernel boot line.
Reboot the system for the change to take effect.