CCE-95796-9Platform: cpe:/o:ubuntu:ubuntu_linux:20.04 | Date: (C)2024-02-12 (M)2024-02-12 |
Without the capability to generate audit records, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one. Audit records can be generated from various components within the information system (e.g., module or policy filter). The kmod command is used to control Linux Kernel modules.
The list of audited events is the set of events for which audits are to be generated. This set of events is typically a subset of the list of all events for which the system is capable of generating audit records.
Fixtext:Configure the Ubuntu operating system to audit the execution of the module management program "kmod".
Add or update the following rules in the "/etc/audit/audit.rules" file:
-w /bin/kmod -p x -k modules
Parameter:
[Yes/No]
Technical Mechanism:
Add or update the following rules in the "/etc/audit/audit.rules" file:
-w /bin/kmod -p x -k modules
CCSS Severity: | CCSS Metrics: |
CCSS Score : 5.9 | Attack Vector: LOCAL |
Exploit Score: 2.5 | Attack Complexity: LOW |
Impact Score: 3.4 | Privileges Required: NONE |
Severity: MEDIUM | User Interaction: NONE |
Vector: AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L | Scope: UNCHANGED |
| Confidentiality: LOW |
| Integrity: LOW |
| Availability: LOW |
| |
References: Resource Id | Reference |
---|
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:97849 |