Check: SRG-OS-000042-GPOS-00020
General Purpose Operating System SRG:
SRG-OS-000042-GPOS-00020
(in versions v3 r1 through v1 r6)
Title
The operating system must generate audit records containing the full-text recording of privileged commands. (Cat II impact)
Discussion
Reconstruction of harmful events or forensic analysis is not possible if audit records do not contain enough information. At a minimum, the organization must audit the full-text recording of privileged commands. The organization must maintain audit trails in sufficient detail to reconstruct events to determine the cause and impact of compromise.
Check Content
Verify the operating system generates audit records containing the full-text recording of privileged commands. If it does not, this is a finding.
Fix Text
Configure the operating system to generate audit records containing the full-text recording of privileged commands.
Additional Identifiers
Rule ID: SV-203609r958422_rule
Vulnerability ID: V-203609
Group Title: SRG-OS-000042
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000135 |
Generate audit records containing the organization-defined additional information that is to be included in the audit records. |
Controls
Number | Title |
---|---|
AU-3(1) |
Additional Audit Information |