Details
Install and turn on the auditd daemon to record system events.
*Rationale*
The capturing of system events provides system administrators with information to allow
them to determine if unauthorized access to their system is occurring.
Solution
Install auditd-# apt-get install auditdIf needed create proper start links for auditd in /etc/rc*.d by running the following command
from each of the relevant directories-# ln -s ../init.d/auditd S37auditdStart links should be created for run levels 2, 3, 4, and 5.
Supportive Information
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: Audit and Accountability.This control applies to the following type of system Unix.