STIGQter: STIG Summary: Canonical Ubuntu 18.04 LTS Security Technical Implementation Guide Version: 2 Release: 3 Benchmark Date: 23 Apr 2021: STIGQter: STIG Summary: Canonical Ubuntu 18.04 LTS Security Technical Implementation Guide Version: 2 Release: 3 Benchmark Date: 23 Apr 2021:SV-219226r610963_rule
V-219226
SRG-OS-000046-GPOS-00022
UBTU-18-010300
CAT II
10
Configure "auditd" service to notify the System Administrator (SA) and Information System Security Officer (ISSO) in the event of an audit processing failure.
Edit the following line in "/etc/audit/auditd.conf" to ensure that administrators are notified via email for those situations:
action_mail_acct = root
Restart the auditd service so the changes take effect:
# sudo systemctl restart auditd.service
Verify that the System Administrator (SA) and Information System Security Officer (ISSO) (at a minimum) are notified in the event of an audit processing failure.
Check that the Ubuntu operating system notifies the SA and ISSO (at a minimum) win the event of an audit processing failure with the following command:
# sudo grep action_mail_acct = root /etc/audit/auditd.conf
action_mail_acct = root
If the value of the "action_mail_acct" keyword is not set to "root" and/or other accounts for security personnel, the "action_mail_acct" keyword is missing, or the returned line is commented out, this is a finding.
V-219226
False
UBTU-18-010300
Verify that the System Administrator (SA) and Information System Security Officer (ISSO) (at a minimum) are notified in the event of an audit processing failure.
Check that the Ubuntu operating system notifies the SA and ISSO (at a minimum) win the event of an audit processing failure with the following command:
# sudo grep action_mail_acct = root /etc/audit/auditd.conf
action_mail_acct = root
If the value of the "action_mail_acct" keyword is not set to "root" and/or other accounts for security personnel, the "action_mail_acct" keyword is missing, or the returned line is commented out, this is a finding.
M
4055