STIGQter: STIG Summary: Oracle Linux 6 Security Technical Implementation Guide Version: 2 Release: 3 Benchmark Date: 23 Apr 2021:

Auditing must be enabled at boot by setting a kernel parameter.

DISA Rule

SV-209068r603263_rule

Vulnerability Number

V-209068

Group Title

SRG-OS-000062

Rule Version

OL6-00-000525

Severity

CAT III

CCI(s)

• CCI-000169 - The information system provides audit record generation capability for the auditable events defined in AU-2 a. at organization-defined information system components.

Weight

10

Fix Recommendation

To ensure all processes can be audited, even those which start prior to the audit daemon, add the argument "audit=1" to the kernel line in "/boot/grub/grub.conf", in the manner below:

kernel /vmlinuz-version ro vga=ext root=/dev/VolGroup00/LogVol00 rhgb quiet audit=1

UEFI systems may prepend "/boot" to the "/vmlinuz-version" argument.

Check Contents

Inspect the kernel boot arguments (which follow the word "kernel") in "/etc/grub.conf". If they include "audit=1", then auditing is enabled at boot time.
If auditing is not enabled at boot time, this is a finding.

Vulnerability Number

V-209068

Documentable

False

Rule Version

OL6-00-000525

Severity Override Guidance

Inspect the kernel boot arguments (which follow the word "kernel") in "/etc/grub.conf". If they include "audit=1", then auditing is enabled at boot time.
If auditing is not enabled at boot time, this is a finding.

Check Content Reference

M

Target Key

2928

Comments