The Amazon Linux2 operating system must generate audit records for all uses of the sudo command.ID: oval:org.secpod.oval:def:87848 | Date: (C)2023-03-07 (M)2023-08-03 |
Class: COMPLIANCE | Family: unix |
Reconstruction of harmful events or forensic analysis is not possible if audit records do not contain enough information. At a minimum, the organization must audit the full-text recording of privileged commands. The organization must maintain audit trails in sufficient detail to reconstruct events to determine the cause and impact of compromise.