Enable auditd Service
The 'auditd' service is an essential userspace component of
the Linux Auditing System, as it is responsible for writing audit records to
disk.
The 'auditd' service can be enabled with the following command:
'$ sudo systemctl enable auditd'
Ensuring the 'auditd' service is active ensures
audit records generated by the kernel can be written to disk, or that appropriate
actions will be taken if other obstacles exist.
Fix:
#
# Enable auditd.service for all systemd targets
#
systemctl enable auditd.service
#
# Start auditd.service if not currently running
#
systemctl start auditd.service
oval:org.secpod.oval:def:31047
oval:org.secpod.oval:def:30324
SCAP Repo OVAL Definition
2015-11-13