Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-22598 | GEN000000-LNX00720 | SV-27001r1_rule | ECSC-1 | Low |
Description |
---|
If auditing is enabled late in the boot process, the actions of startup scripts may not be audited. Some audit systems also maintain state information only available if auditing is enabled before a given process is created. |
STIG | Date |
---|---|
Red Hat Enterprise Linux 5 Security Technical Implementation Guide | 2015-03-12 |
Check Text ( C-36032r1_chk ) |
---|
Check for the audit=1 kernel parameter. # grep 'audit=1' /proc/cmdline If no results are returned, this is a finding. |
Fix Text (F-31278r1_fix) |
---|
Edit the grub bootloader file /boot/grub/grub.conf or /boot/grub/menu.lst by appending the "audit=1" parameter to the kernel boot line. Reboot the system for the change to take effect. |