{"description": "Configure the operating system to audit the execution of the partition\nmanagement program \"fdisk\".", "rationale": "Without generating audit records that are specific to the security\nand mission needs of the organization, it would be difficult to\nestablish, correlate, and investigate the events relating to an\nincident or identify those responsible for one.\nAudit records can be generated from various components within the\ninformation system (e.g., module or policy filter).", "severity": "medium", "references": {"srg": ["SRG-OS-000477-GPOS-00222"], "stigid": ["UBTU-22-654045"], "stigref": ["SV-260611r991586_rule"]}, "control_references": {"stigid": ["UBTU-22-654045"]}, "components": [], "identifiers": {}, "ocil_clause": "the command does not return a line, or the line is commented out", "ocil": "To verify that auditing of privileged command use is configured, run the\nfollowing command:\n\n<pre>$ sudo auditctl -l | grep fdisk\n-w /sbin/fdisk -p x -k fdisk </pre>\n\nIf the command does not return a line, or the line is commented out, this\nis a finding.", "oval_external_content": null, "fixtext": "", "checktext": "", "vuldiscussion": "", "srg_requirement": "", "warnings": [], "conflicts": [], "requires": [], "policy_specific_content": {}, "platform": null, "platforms": [], "sce_metadata": {}, "inherited_platforms": ["package[audit]", "system_with_kernel"], "cpe_platform_names": [], "inherited_cpe_platform_names": ["system_with_kernel", "package_audit"], "bash_conditional": null, "fixes": {}, "title": "Ensure auditd Collects Information on the Use of Privileged Commands - fdisk", "definition_location": "/aptdata/openscap/scap-security-guide/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_fdisk/rule.yml", "template": null}