UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The Photon operating system must enable the auditd service.


Overview

Finding ID Version Rule ID IA Controls Severity
V-258808 PHTN-40-000016 SV-258808r933485_rule Medium
Description
Without the capability to generate audit records, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one. To that end, the auditd service must be configured to start automatically and be running at all times. Satisfies: SRG-OS-000039-GPOS-00017, SRG-OS-000040-GPOS-00018, SRG-OS-000041-GPOS-00019, SRG-OS-000042-GPOS-00021, SRG-OS-000062-GPOS-00031, SRG-OS-000255-GPOS-00096, SRG-OS-000363-GPOS-00150, SRG-OS-000365-GPOS-00152, SRG-OS-000446-GPOS-00200
STIG Date
VMware vSphere 8.0 vCenter Appliance Photon OS 4.0 Security Technical Implementation Guide 2023-10-29

Details

Check Text ( C-62548r933483_chk )
At the command line, run the following command to verify auditd is enabled and running:

# systemctl status auditd

If the service is not enabled and running, this is a finding.
Fix Text (F-62457r933484_fix)
At the command line, run the following commands:

# systemctl enable auditd
# systemctl start auditd