Skip to content

Accounting security controls

Control : ACCT-2754

Process accounting is a method to track system resources. It includes a way to monitor system resources and how these resources are used for the users on the system. On FreeBSD accounting can be enabled to track these resources.

Control : ACCT-9622

Process accounting is a method to track system resources. It includes a way to monitor system resources and how these resources are used for the users on the system. On Linux systems, process accounting can be enabled to track these resources.

Control : ACCT-9626

Sysstat collects system information

Control : ACCT-9628

For Linux systems the Linux audit daemon can audit files and processes. This control checks for the status of the audit daemon. Suspicious changes or activities will trigger an event to be logged by the audit daemon.

Control : ACCT-9630

This control checks for an empty ruleset of the Linux audit daemon.

Control : ACCT-9632

The Linux audit framework consists of an audit daemon (auditd), utilities, audit rules and a configuration file for the daemon. This file (auditd.conf) is generally located in the /etc/audit directory or similar. Lynis tries to determine where this file is located. If this control shows up, the location could not be discovered. This is unusual, as the binaries of the framework are present and the audit daemon is running.

Control : ACCT-9636

This control checks if the Snoopy library can be found, which is a wrapper around execve() and logger. By implementing Snoopy an audit trail can be created by logging all executed commands.