Details
Audit events need to be captured on processes that start up prior to auditd, so that
potential malicious activity cannot go undetected.
Solution
Edit /boot/grub/menu.lst to include audit=1 on all kernel lines.Notes-This recommendation is designed around the grub bootloader, if LILO or another
bootloader is in use in your environment enact equivalent settings.
Supportive Information
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: Audit and Accountability.This control applies to the following type of system Unix.