Details
Enable and start the auditd daemon to record system events.
Rationale:
The capturing of system events provides system administrators with information to allow them to determine if unauthorized access to their system is occurring.
Solution
Run the following command to enable auditd :
# systemctl –now enable auditd
Notes:
Additional methods of enabling a service exist. Consult your distribution documentation for appropriate methods.
Supportive Information
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: Audit and Accountability.This control applies to the following type of system Unix.