STIGhubSTIGhub
STIGsRMF ControlsCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • RMF Controls
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 5 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to Canonical Ubuntu 20.04 LTS Security Technical Implementation Guide

V-238299

CAT II (Medium)

The Ubuntu operating system must initiate session audits at system start-up.

Rule ID

SV-238299r1069095_rule

STIG

Canonical Ubuntu 20.04 LTS Security Technical Implementation Guide

Version

V2R4

CCIs

CCI-001464

Discussion

If auditing is enabled late in the start-up process, the actions of some start-up processes may not be audited. Some audit systems also maintain state information only available if auditing is enabled before a given process is created.

Check Content

Verify the Ubuntu operating system enables auditing at system startup.  
 
Verify the auditing is enabled in grub with the following command: 
 
$ sudo grep "^\s*linux" /boot/grub/grub.cfg 
 
linux        /boot/vmlinuz-5.4.0-31-generic root=UUID=74d13bcd-6ebd-4493-b5d2-3ebc37d01702 ro  audit=1 
linux      /boot/vmlinuz-5.4.0-31-generic root=UUID=74d13bcd-6ebd-4493-b5d2-3ebc37d01702 ro recovery nomodeset audit=1 
 
If any linux lines do not contain "audit=1", this is a finding.

Note: Output may vary by system.

Fix Text

Configure the Ubuntu operating system to produce audit records at system startup.  
 
Edit the "/etc/default/grub" file and add "audit=1" to the "GRUB_CMDLINE_LINUX" option and to the "GRUB_CMDLINE_LINUX_DEFAULT" option. 

GRUB_CMDLINE_LINUX_DEFAULT="audit=1"
GRUB_CMDLINE_LINUX="audit=1"
 
To update the grub config file, run: 
 
$ sudo update-grub