UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Auditing must be enabled at boot by setting a kernel parameter.


Overview

Finding ID Version Rule ID IA Controls Severity
V-22598 GEN000000-LNX00720 SV-44759r1_rule ECSC-1 Low
Description
If auditing is enabled late in the boot process, the actions of startup scripts may not be audited. Some audit systems also maintain state information only available if auditing is enabled before a given process is created.
STIG Date
SUSE Linux Enterprise Server v11 for System z 2012-12-13

Details

Check Text ( C-42264r1_chk )
Check for the audit=1 kernel parameter.
# grep 'audit=1' /proc/cmdline
If no results are returned, this is a finding.
Fix Text (F-38209r1_fix)
Edit the zipl boot loader configuration file /etc/zipl.conf and include "audit=1" in the kernel parameters list.
Run zipl to update the boot loader configuration:
# zipl
Reboot the system for the change to take effect.