Title

The container platform must initiate session auditing upon startup. (Cat II impact)

Discussion

When the container platform is started, container platform components and user services can also be started. It is important that the container platform begin auditing on startup in order to handle container platform startup events along with events for container platform components and services that begin on startup.

Check Content

Review the container platform configuration for session audits. Ensure audit policy for session logging at startup is enabled. Verify events are written to the log. Validate system documentation is current. If the container platform is not configured to meet this requirement, this is a finding.

Fix Text

Configure the container platform to generate audit logs for session logging at startup. Revise all applicable system documentation.

Additional Identifiers

Rule ID: SV-233041r879562_rule

Vulnerability ID: V-233041

Group Title: SRG-APP-000092

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.