CCE-90635-4| Platform: rhel7,centos7 | Date: (C)2017-06-29 (M)2022-10-10 |
Enable Auditing for Processes Which Start Prior to the Audit Daemon
To ensure all processes can be audited, even
those which start prior to the audit daemon, add the argument
'audit=1' to the kernel line in '/etc/grub.conf', in the manner below:
'kernel /vmlinuz-version ro vga=ext root=/dev/VolGroup00/LogVol00 rhgb quiet audit=1'
Parameter:
Technical Mechanism:
Each process on the system carries an "auditable" flag which
indicates whether its activities can be audited. Although 'auditd'
takes care of enabling this for all processes which launch after it
does, adding the kernel argument ensures it is set for every
process during boot.
Fix:
No Remediation Info
| CCSS Severity: | CCSS Metrics: |
| CCSS Score : | Attack Vector: |
| Exploit Score: | Attack Complexity: |
| Impact Score: | Privileges Required: |
| Severity: | User Interaction: |
| Vector: | Scope: |
| | Confidentiality: |
| | Integrity: |
| | Availability: |
| | |
References: | Resource Id | Reference |
|---|
| SCAP Repo OVAL Definition | oval:org.secpod.oval:def:30326 |
| SCAP Repo OVAL Definition | oval:org.secpod.oval:def:31049 |
