{"description": "The process accounting service, psacct, works with programs\nincluding acct and ac to allow system administrators to view\nuser activity, such as commands issued by users of the system.\n\nThe psacct service can be enabled with the following command:\n
$ sudo systemctl enable psacct.service
", "rationale": "The psacct service can provide administrators a convenient\nview into some user activities. However, it should be noted that the auditing\nsystem and its audit records provide more authoritative and comprehensive\nrecords.", "severity": "low", "references": {"cis-csc": ["1", "11", "12", "13", "14", "15", "16", "2", "3", "5", "6", "7", "8", "9"], "cobit5": ["APO10.01", "APO10.03", "APO10.04", "APO10.05", "APO11.04", "BAI03.05", "BAI10.01", "BAI10.02", "BAI10.03", "BAI10.05", "DSS01.03", "DSS03.05", "DSS05.02", "DSS05.04", "DSS05.05", "DSS05.07", "DSS06.06", "MEA01.01", "MEA01.02", "MEA01.03", "MEA01.04", "MEA01.05", "MEA02.01"], "isa-62443-2009": ["4.3.2.6.7", "4.3.3.3.9", "4.3.3.5.1", "4.3.3.5.2", "4.3.3.5.3", "4.3.3.5.4", "4.3.3.5.5", "4.3.3.5.6", "4.3.3.5.7", "4.3.3.5.8", "4.3.3.6.1", "4.3.3.6.2", "4.3.3.6.3", "4.3.3.6.4", "4.3.3.6.5", "4.3.3.6.6", "4.3.3.6.7", "4.3.3.6.8", "4.3.3.6.9", "4.3.3.7.1", "4.3.3.7.2", "4.3.3.7.3", "4.3.3.7.4", "4.3.4.3.2", "4.3.4.3.3", "4.3.4.4.7", "4.4.2.1", "4.4.2.2", "4.4.2.4"], "isa-62443-2013": ["SR 1.1", "SR 1.10", "SR 1.11", "SR 1.12", "SR 1.13", "SR 1.2", "SR 1.3", "SR 1.4", "SR 1.5", "SR 1.6", "SR 1.7", "SR 1.8", "SR 1.9", "SR 2.1", "SR 2.10", "SR 2.11", "SR 2.12", "SR 2.2", "SR 2.3", "SR 2.4", "SR 2.5", "SR 2.6", "SR 2.7", "SR 2.8", "SR 2.9", "SR 6.1", "SR 6.2", "SR 7.6"], "iso27001-2013": ["A.12.1.2", "A.12.4.1", "A.12.4.2", "A.12.4.3", "A.12.4.4", "A.12.5.1", "A.12.6.2", "A.12.7.1", "A.14.2.2", "A.14.2.3", "A.14.2.4", "A.14.2.7", "A.15.2.1", "A.15.2.2", "A.9.1.2"], "nist": ["AU-12(a)", "CM-6(a)"], "nist-csf": ["DE.CM-1", "DE.CM-3", "DE.CM-7", "ID.SC-4", "PR.IP-1", "PR.PT-1", "PR.PT-3"]}, "control_references": {}, "components": [], "identifiers": {}, "ocil_clause": "the \"psacct\" is loaded and not masked", "ocil": "To check that the psacct service is disabled in system boot configuration,\nrun the following command:\n
$ sudo systemctl is-enabled psacct
\nOutput should indicate the psacct service has either not been installed,\nor has been disabled at all runlevels, as shown in the example below:\n
$ sudo systemctl is-enabled psacct
 disabled
\n\nRun the following command to verify psacct is not active (i.e. not running) through current runtime configuration:\n
$ sudo systemctl is-active psacct
\n\nIf the service is not running the command will return the following output:\n
inactive
\n\nThe service will also be masked, to check that the psacct is masked, run the following command:\n
$ sudo systemctl show psacct | grep \"LoadState\\|UnitFileState\"
\n\nIf the service is masked the command will return the following outputs:\n\n
LoadState=masked
\n\n
UnitFileState=masked
", "oval_external_content": null, "fixtext": "", "checktext": "", "vuldiscussion": "", "srg_requirement": "", "warnings": [], "conflicts": [], "requires": [], "policy_specific_content": {}, "platform": "system_with_kernel", "platforms": ["system_with_kernel"], "sce_metadata": {"check-import": "stdout", "platform": ["multi_platform_all"], "environment": "any", "filename": "service_psacct_enabled.sh", "relative_path": "ubuntu2204/checks/sce/service_psacct_enabled.sh"}, "inherited_platforms": [], "cpe_platform_names": ["system_with_kernel"], "inherited_cpe_platform_names": [], "bash_conditional": null, "fixes": {}, "title": "Enable Process Accounting (psacct)", "definition_location": "/aptdata/openscap/scap-security-guide/linux_os/guide/services/base/service_psacct_enabled/rule.yml", "template": {"name": "service_enabled", "vars": {"servicename": "psacct"}, "backends": {}}}