STIGQter: STIG Summary: Oracle Linux 7 Security Technical Implementation Guide Version: 2 Release: 3 Benchmark Date: 23 Apr 2021: STIGQter: STIG Summary: Oracle Linux 7 Security Technical Implementation Guide Version: 2 Release: 3 Benchmark Date: 23 Apr 2021:SV-221767r603260_rule
V-221767
SRG-OS-000342-GPOS-00133
OL07-00-030201
CAT II
10
Edit the /etc/audisp/plugins.d/au-remote.conf file and add or update the following values:
direction = out
path = /sbin/audisp-remote
type = always
The audit daemon must be restarted for changes to take effect:
# service auditd restart
Verify the "au-remote" plugin is configured to always off-load audit logs using the audisp-remote daemon:
# cat /etc/audisp/plugins.d/au-remote.conf | grep -v "^#"
active = yes
direction = out
path = /sbin/audisp-remote
type = always
format = string
If "active" is not set to "yes", "direction" is not set to "out", "path" is not set to "/sbin/audisp-remote", "type is not set to "always", or any of the lines are commented out, ask the System Administrator to indicate how the audit logs are off-loaded to a different system or storage media.
If there is no evidence that the system is configured to off-load audit logs to a different system or storage media, this is a finding.
V-221767
False
OL07-00-030201
Verify the "au-remote" plugin is configured to always off-load audit logs using the audisp-remote daemon:
# cat /etc/audisp/plugins.d/au-remote.conf | grep -v "^#"
active = yes
direction = out
path = /sbin/audisp-remote
type = always
format = string
If "active" is not set to "yes", "direction" is not set to "out", "path" is not set to "/sbin/audisp-remote", "type is not set to "always", or any of the lines are commented out, ask the System Administrator to indicate how the audit logs are off-loaded to a different system or storage media.
If there is no evidence that the system is configured to off-load audit logs to a different system or storage media, this is a finding.
M
4089