An error occurred:

Check: SRG-OS-000042-GPOS-00020

General Purpose Operating System SRG: SRG-OS-000042-GPOS-00020 (in versions v2 r7 through v1 r4)

Title

The operating system must generate audit records containing the full-text recording of privileged commands. (Cat II impact)

Discussion

Reconstruction of harmful events or forensic analysis is not possible if audit records do not contain enough information. At a minimum, the organization must audit the full-text recording of privileged commands. The organization must maintain audit trails in sufficient detail to reconstruct events to determine the cause and impact of compromise.

Check Content

Verify the operating system generates audit records containing the full-text recording of privileged commands. If it does not, this is a finding.

Fix Text

Configure the operating system to generate audit records containing the full-text recording of privileged commands.

Additional Identifiers

Rule ID: SV-203609r557085_rule

Vulnerability ID: V-203609

Group Title: SRG-OS-000042

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
CCI-000135

The information system generates audit records containing the organization-defined additional, more detailed information that is to be included in the audit records.

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
AU-3 (1)

Additional Audit Information