Title

The operating system must employ automated mechanisms to facilitate the monitoring and control of remote access methods. (Cat II impact)

Discussion

Ensuring the "auditd" service is active ensures audit records generated by the kernel can be written to disk, or that appropriate actions will be taken if other obstacles exist.

Check Content

Run the following command to determine the current status of the "auditd" service: # service auditd status If the service is enabled, it should return the following: auditd is running... If the service is not running, this is a finding.

Fix Text

The "auditd" service is an essential userspace component of the Linux Auditing System, as it is responsible for writing audit records to disk. The "auditd" service can be enabled with the following commands: # chkconfig auditd on # service auditd start

Additional Identifiers

Rule ID: SV-217945r603264_rule

Vulnerability ID: V-217945

Group Title: SRG-OS-000032

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.