If auditing is enabled late in the startup process, the actions of some startup processes may not be audited. Some audit systems also maintain state information only available if auditing is enabled before a given process is created.
Configure the Ubuntu operating system to produce audit records at system startup.
Edit /etc/default/grub file and add 'audit=1' to the GRUB_CMDLINE_LINUX option.
To update the grub config file run,
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: Audit and Accountability.This control applies to the following type of system Unix.