{"description": "The audit-libs package should be installed.", "rationale": "The auditd service is an access monitoring and accounting daemon, watching system calls to audit any access, in comparison with potential local access control policy such as SELinux policy.", "severity": "medium", "references": {"nerc-cip": ["CIP-004-6 R3.3", "CIP-007-3 R6.5"], "nist": ["AC-7(a)", "AU-7(1)", "AU-7(2)", "AU-14", "AU-12(2)", "AU-2(a)", "CM-6(a)"], "pcidss": ["Req-10.2.1"], "srg": ["SRG-OS-000062-GPOS-00031", "SRG-OS-000037-GPOS-00015", "SRG-OS-000038-GPOS-00016", "SRG-OS-000039-GPOS-00017", "SRG-OS-000040-GPOS-00018", "SRG-OS-000041-GPOS-00019", "SRG-OS-000042-GPOS-00021", "SRG-OS-000051-GPOS-00024", "SRG-OS-000054-GPOS-00025", "SRG-OS-000122-GPOS-00063", "SRG-OS-000254-GPOS-00095", "SRG-OS-000255-GPOS-00096", "SRG-OS-000337-GPOS-00129", "SRG-OS-000348-GPOS-00136", "SRG-OS-000349-GPOS-00137", "SRG-OS-000350-GPOS-00138", "SRG-OS-000351-GPOS-00139", "SRG-OS-000352-GPOS-00140", "SRG-OS-000353-GPOS-00141", "SRG-OS-000354-GPOS-00142", "SRG-OS-000358-GPOS-00145", "SRG-OS-000365-GPOS-00152", "SRG-OS-000392-GPOS-00172", "SRG-OS-000475-GPOS-00220"]}, "control_references": {}, "components": [], "identifiers": {}, "ocil_clause": "the audit-libs package is not installed", "ocil": " Run the following command to determine if the <code>audit-libs</code> package is installed: <pre>$ dpkg -l  audit-libs</pre>", "oval_external_content": null, "fixtext": "Install the audit-libs package (if audit-libs package is not already installed) with the following command:\n\n\n$ apt-get install audit-libs", "checktext": "", "vuldiscussion": "", "srg_requirement": "", "warnings": [], "conflicts": [], "requires": [], "policy_specific_content": {}, "platform": null, "platforms": [], "sce_metadata": {}, "inherited_platforms": ["system_with_kernel"], "cpe_platform_names": [], "inherited_cpe_platform_names": ["system_with_kernel"], "bash_conditional": null, "fixes": {}, "title": "Ensure the audit-libs package as a part of audit Subsystem is Installed", "definition_location": "/aptdata/openscap/scap-security-guide/linux_os/guide/auditing/package_audit-libs_installed/rule.yml", "template": {"name": "package_installed", "vars": {"pkgname": "audit-libs"}, "backends": {}}}