The SUSE operating system must generate audit records for all uses of the sudo command.ID: oval:org.secpod.oval:def:84347 | Date: (C)2022-09-26 (M)2023-05-09 |
Class: COMPLIANCE | Family: unix |
Reconstruction of harmful events or forensic analysis is not possible if audit records do not contain enough information. At a minimum, the organization must audit the full-text recording of privileged commands. The organization must maintain audit trails in sufficient detail to reconstruct events to determine the cause and impact of compromise.
Platform: |
SUSE Linux Enterprise Server 15 |