STIGQter STIGQter: STIG Summary: VMware vRealize Automation 7.x SLES Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 28 Sep 2018:

The SLES for vRealize audit system must be configured to audit the loading and unloading of dynamic kernel modules.

DISA Rule

SV-100487r1_rule

Vulnerability Number

V-89837

Group Title

SRG-OS-000471-GPOS-00216

Rule Version

VRAU-SL-001415

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Add the following to "/etc/audit/audit.rules" in order to capture kernel module loading and unloading events:

-w /sbin/insmod -p x

OR

# /etc/dodscript.sh

Check Contents

Determine if "/sbin/insmod" is audited:

# cat /etc/audit/audit.rules | grep "/sbin/insmod"

If the result does not start with "-w" and contain "-p x", this is a finding.

Vulnerability Number

V-89837

Documentable

False

Rule Version

VRAU-SL-001415

Severity Override Guidance

Determine if "/sbin/insmod" is audited:

# cat /etc/audit/audit.rules | grep "/sbin/insmod"

If the result does not start with "-w" and contain "-p x", this is a finding.

Check Content Reference

M

Target Key

3459

Comments