Check: UBTU-20-010198
Canonical Ubuntu 20.04 LTS STIG:
UBTU-20-010198
(in versions v1 r12 through v1 r1)
Title
The Ubuntu operating system must initiate session audits at system start-up. (Cat II impact)
Discussion
If auditing is enabled late in the start-up process, the actions of some start-up processes may not be audited. Some audit systems also maintain state information only available if auditing is enabled before a given process is created.
Check Content
Verify that the Ubuntu operating system enables auditing at system startup. Verify that the auditing is enabled in grub with the following command: $ sudo grep "^\s*linux" /boot/grub/grub.cfg linux /boot/vmlinuz-5.4.0-31-generic root=UUID=74d13bcd-6ebd-4493-b5d2-3ebc37d01702 ro audit=1 linux /boot/vmlinuz-5.4.0-31-generic root=UUID=74d13bcd-6ebd-4493-b5d2-3ebc37d01702 ro recovery nomodeset audit=1 If any linux lines do not contain "audit=1", this is a finding.
Fix Text
Configure the Ubuntu operating system to produce audit records at system startup. Edit the "/etc/default/grub" file and add "audit=1" to the "GRUB_CMDLINE_LINUX" option. To update the grub config file, run: $ sudo update-grub
Additional Identifiers
Rule ID: SV-238299r654072_rule
Vulnerability ID: V-238299
Group Title: SRG-OS-000254-GPOS-00095
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-001464 |
The information system initiates session audits at system start-up. |
Controls
Number | Title |
---|---|
AU-14 (1) |
System Start-Up |