Ensure auditd Collects Information on the Use of Privileged Commands
At a minimum the audit system should collect the execution of
privileged commands for all users and root. To find the relevant setuid /
setgid programs, run the following command for each local partition
Privileged programs are subject to escalation-of-privilege attacks,
which attempt to subvert their normal role of providing some necessary but
limited capability. As such, motivation exists to monitor these programs for
unusual activity.
Fix:
No Remediation Info
oval:org.secpod.oval:def:48294
SCAP Repo OVAL Definition
2018-10-27