mediumauditverified ✓✓rollback-safe
Audit account modifications affecting /etc/security/opasswd (Ubuntu)
audit-usergroup-opasswd · UBUNTU ≥ 22 · 1 impl
Description
All account creation, modification, disabling, and termination events that affect /etc/security/opasswd must generate an audit record.
Rationale
/etc/security/opasswd stores password history; auditing changes to it allows detection of unauthorized tampering with password reuse controls.
Check → Remediate
Checkaudit_rule_exists
- rule:
- -w /etc/security/opasswd -p wa -k usergroup_modification
Remediateaudit_rule_set
- rule:
- -w /etc/security/opasswd -p wa -k usergroup_modification
- persist_file:
- /etc/audit/rules.d/50-usergroup-opasswd.rules
Framework references
STIG
V-270688 / UBTU-24-200320V-260630 / UBTU-22-654140
NIST 800-53
AU-2AU-12
Live verification
ubuntu22:checkubuntu24:checkubuntu24:remediate
#audit#auditd#accounts#usergroup