STIGQter: STIG Summary: SLES 12 Security Technical Implementation Guide Version: 2 Release: 3 Benchmark Date: 23 Apr 2021: STIGQter: STIG Summary: SLES 12 Security Technical Implementation Guide Version: 2 Release: 3 Benchmark Date: 23 Apr 2021:SV-217195r646740_rule
V-217195
SRG-OS-000046-GPOS-00022
SLES-12-020050
CAT II
10
Configure the auditd service to notify the administrators in the event of a SUSE operating system audit processing failure.
Configure an alias value for the postmaster with the following command:
> sudo sh -c 'echo "postmaster: root" >> /etc/aliases'
Configure an alias for root that forwards to a monitored email address with the following command:
> sudo sh -c 'echo "root: box@server.mil" >> /etc/aliases'
The following command must be run to implement changes to the /etc/aliases file:
> sudo newaliases
Verify the administrators are notified in the event of a SUSE operating system audit processing failure by checking that "/etc/aliases" has a defined value for root.
> grep -i "^postmaster:" /etc/aliases
postmaster: root
If the above command does not return a value of "root", this is a finding
Verify the alias for root forwards to a monitored e-mail account:
> grep -i "^root:" /etc/aliases
root: person@server.mil
If the alias for root does not forward to a monitored e-mail account, this is a finding.
V-217195
False
SLES-12-020050
Verify the administrators are notified in the event of a SUSE operating system audit processing failure by checking that "/etc/aliases" has a defined value for root.
> grep -i "^postmaster:" /etc/aliases
postmaster: root
If the above command does not return a value of "root", this is a finding
Verify the alias for root forwards to a monitored e-mail account:
> grep -i "^root:" /etc/aliases
root: person@server.mil
If the alias for root does not forward to a monitored e-mail account, this is a finding.
M
4033