From Red Hat Enterprise Linux 6 Security Technical Implementation Guide
Part of SRG-OS-000064
Associated with: CCI-000172
The actions taken by system administrators should be audited to keep a record of what was executed on the system, as well as, for accountability purposes.
To verify that auditing is configured for system administrator actions, run the following command: $ sudo grep -w "/etc/sudoers" /etc/audit/audit.rules If the system is configured to watch for changes to its sudoers configuration, a line should be returned (including "-p wa" indicating permissions that are watched). If there is no output, this is a finding.
At a minimum, the audit system should collect administrator actions for all users and root. Add the following to "/etc/audit/audit.rules": -w /etc/sudoers -p wa -k actions
Lavender hyperlinks in small type off to the right (of CSS
class id, if you view the page source) point to
globally unique URIs for each document and item. Copy the
link location and paste anywhere you need to talk
unambiguously about these things.
You can obtain data about documents and items in other
formats. Simply provide an HTTP header Accept:
text/turtle or
Accept: application/rdf+xml.
Powered by sagemincer