Skip to content

6.2.1.2 Ensure auditd service is enabled and active

Audit#

Run the following command to verify auditd is enabled: 

# systemctl is-enabled auditd | grep '^enabled'
enabled
Verify result is "enabled".

Run the following command to verify auditd is active: 

# systemctl is-active auditd | grep '^active'
active
Verify result is active

Remediation#

Run the following commands to unmask, enable and start auditd: 

# systemctl unmask auditd
# systemctl enable auditd
# systemctl start auditd