Enable auditd Service The 'auditd' service is an essential userspace component of the Linux Auditing System, as it is responsible for writing audit records to disk. The 'auditd' service can be enabled with the following command: '$ sudo systemctl enable auditd' Ensuring the 'auditd' service is active ensures audit records generated by the kernel can be written to disk, or that appropriate actions will be taken if other obstacles exist. Fix: # # Enable auditd.service for all systemd targets # systemctl enable auditd.service # # Start auditd.service if not currently running # systemctl start auditd.service oval:org.secpod.oval:def:31047 oval:org.secpod.oval:def:30324 SCAP Repo OVAL Definition 2015-11-13