V-38628: The operating system must produce audit records containing sufficient information to establish the identity of any user/subject associated with the event.
-------------------------------------------------------------------------------------------------------------------------------------------------------------------

Ensuring the "auditd" service is active ensures audit records generated by the
kernel can be written to disk, or that appropriate actions will be taken if
other obstacles exist.

Details: `V-38628 in STIG Viewer`_.

.. _V-38628 in STIG Viewer: https://www.stigviewer.com/stig/red_hat_enterprise_linux_6/2015-05-26/finding/V-38628

Notes for deployers
~~~~~~~~~~~~~~~~~~~

.. include:: developer-notes/V-38628.rst