4.1.1.1 Ensure auditd is installed
Audit#
Run the following command and verify auditd and audispd-plugins are installed:
# dpkg-query -W -f='${binary:Package}\t${Status}\t${db:Status-Status}\n' auditd audispd-plugins
audispd-plugins install ok installed installed
auditd install ok installed installed
Remediation#
Run the following command to Install auditd