[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244625

 
 

909

 
 

193379

 
 

277

Paid content will be excluded from the download.


Download | Alert*
CCE
view XML

CCE-90635-4

Platform: rhel7,centos7Date: (C)2017-06-29   (M)2022-10-10



Enable Auditing for Processes Which Start Prior to the Audit Daemon To ensure all processes can be audited, even those which start prior to the audit daemon, add the argument 'audit=1' to the kernel line in '/etc/grub.conf', in the manner below: 'kernel /vmlinuz-version ro vga=ext root=/dev/VolGroup00/LogVol00 rhgb quiet audit=1'


Parameter:


Technical Mechanism:

Each process on the system carries an "auditable" flag which indicates whether its activities can be audited. Although 'auditd' takes care of enabling this for all processes which launch after it does, adding the kernel argument ensures it is set for every process during boot. Fix: No Remediation Info

CCSS Severity:CCSS Metrics:
CCSS Score : Attack Vector:
Exploit Score: Attack Complexity:
Impact Score: Privileges Required:
Severity: User Interaction:
Vector: Scope:
 Confidentiality:
 Integrity:
 Availability:
  

References:
Resource IdReference
SCAP Repo OVAL Definitionoval:org.secpod.oval:def:30326
SCAP Repo OVAL Definitionoval:org.secpod.oval:def:31049


OVAL    2
oval:org.secpod.oval:def:30326
oval:org.secpod.oval:def:31049

© SecPod Technologies