Description: Turn on the auditd daemon to record system events. Rationale: The capturing of system events provides system administrators with information to allow them to determine if unauthorized access to their system is occurring. Audit: Run the following command to verify auditd is enabled: # systemctl is-enabled auditd enabled Verify result is "enabled" Remediation: Run the following command to enable auditd: # systemctl --now enable auditd Notes: Additional methods of enabling a service exist. Consult your distribution documentation for appropriate methods.

[yes/no]

Run the following command to enable auditd: # systemctl --now enable auditd