← Back to VMware vSphere 8.0 vCenter Appliance Photon OS 4.0 Security Technical Implementation Guide

V-258808

CAT II (Medium)

The Photon operating system must enable the auditd service.

Rule ID

SV-258808r933485_rule

STIG

VMware vSphere 8.0 vCenter Appliance Photon OS 4.0 Security Technical Implementation Guide

Version

V1R1

CCIs

CCI-000132 CCI-000133 CCI-000134 CCI-000135 CCI-000169 CCI-001487 CCI-001744 CCI-001814 CCI-002699

Discussion

Without the capability to generate audit records, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one. To that end, the auditd service must be configured to start automatically and be running at all times. Satisfies: SRG-OS-000039-GPOS-00017, SRG-OS-000040-GPOS-00018, SRG-OS-000041-GPOS-00019, SRG-OS-000042-GPOS-00021, SRG-OS-000062-GPOS-00031, SRG-OS-000255-GPOS-00096, SRG-OS-000363-GPOS-00150, SRG-OS-000365-GPOS-00152, SRG-OS-000446-GPOS-00200

Check Content

At the command line, run the following command to verify auditd is enabled and running:

# systemctl status auditd

If the service is not enabled and running, this is a finding.

Fix Text

At the command line, run the following commands:

# systemctl enable auditd
# systemctl start auditd