Ensure auditd Collects Information on the Use of Privileged Commands At a minimum the audit system should collect the execution of privileged commands for all users and root. To find the relevant setuid / setgid programs, run the following command for each local partition Privileged programs are subject to escalation-of-privilege attacks, which attempt to subvert their normal role of providing some necessary but limited capability. As such, motivation exists to monitor these programs for unusual activity. Fix: No Remediation Info oval:org.secpod.oval:def:48294 SCAP Repo OVAL Definition 2018-10-27