STIGQter STIGQter: STIG Summary: SLES 12 Security Technical Implementation Guide Version: 2 Release: 3 Benchmark Date: 23 Apr 2021:

SUSE operating system audit records must contain information to establish what type of events occurred, the source of events, where events occurred, and the outcome of events.

DISA Rule

SV-217191r603262_rule

Vulnerability Number

V-217191

Group Title

SRG-OS-000037-GPOS-00015

Rule Version

SLES-12-020010

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Enable the SUSE operating system auditd service by performing the following commands:

# sudo systemctl enable auditd.service
# sudo systemctl start auditd.service

Check Contents

Verify the SUSE operating system produces audit records.

Check that the SUSE operating system produces audit records by running the following command to determine the current status of the auditd service:

# systemctl status auditd.service

If the service is enabled, the returned message must contain the following text:

Active: active (running)

If the service is not running, this is a finding.

Vulnerability Number

V-217191

Documentable

False

Rule Version

SLES-12-020010

Severity Override Guidance

Verify the SUSE operating system produces audit records.

Check that the SUSE operating system produces audit records by running the following command to determine the current status of the auditd service:

# systemctl status auditd.service

If the service is enabled, the returned message must contain the following text:

Active: active (running)

If the service is not running, this is a finding.

Check Content Reference

M

Target Key

4033

Comments