← Rules Catalog
highaudit
auditd-enabledEnable the auditd service
The audit daemon must be enabled at boot so that security-relevant events are captured from system start.
auditauditdservice
Frameworks satisfied
- DISA STIG
- rhel9: RHEL-09-653010 · V-258171 · CAT II
- NIST 800-53
- AU-2AU-3AU-12
- CIS Benchmark
- 4.1.1.1
- PCI-DSS
- 10.2
Platforms
rhel 8+rhel 9+ubuntu 20+
Check
systemd_unit_enabledauditd.service
Remediation
systemd_enablesystemctl enable --now auditd