Details
Auditing is the capture and maintenance of information about security-related events.
Rationale:
Maintaining an audit trail of system activity logs can help identify configuration errors, troubleshoot service disruptions, and analyze compromises or attacks that have occurred, have begun, or are about to begin. Audit logs are necessary to provide a trail of evidence in case the system or network is compromised.
Solution
Perform the following to implement the prescribed state:
Open a terminal session and edit the /etc/security/audit_control file
Find the line beginning with ‘flags’
Add the following flags: lo, ad, fd, fm, -all.
Save the file.
Supportive Information
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: Audit and Accountability.This control applies to the following type of system Unix.