4.1.2 Ensure auditd service is enabled (Scored)

Level 2 - Server
Level 2 - Workstation 

Turn on the auditd daemon to record system events.

The capturing of system events provides system administrators with information to allow them to determine if unauthorized access to their system is occurring.

Run the following command to verify auditd is enabled:

# systemctl is-enabled auditd 
enabled

Verify result is “enabled”.

Run the following command to enable auditd:

# systemctl enable auditd