STIGQter: STIG Summary: Red Hat Enterprise Linux 8 Security Technical Implementation Guide Version: 1 Release: 2 Benchmark Date: 23 Apr 2021:

RHEL 8 must have the packages required for offloading audit logs installed.

DISA Rule

SV-230477r627750_rule

Vulnerability Number

V-230477

Group Title

SRG-OS-000480-GPOS-00227

Rule Version

RHEL-08-030670

Severity

CAT II

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

Configure the operating system to offload audit logs by installing the required packages with the following command:

$ sudo yum install rsyslog

Check Contents

Verify the operating system has the packages required for offloading audit logs installed with the following commands:

$ sudo yum list installed rsyslog

rsyslog.x86_64 8.1911.0-3.el8 @AppStream

If the "rsyslog" package is not installed, ask the administrator to indicate how audit logs are being offloaded and what packages are installed to support it. If there is no evidence of audit logs being offloaded, this is a finding.

Vulnerability Number

V-230477

Documentable

False

Rule Version

RHEL-08-030670

Severity Override Guidance

Verify the operating system has the packages required for offloading audit logs installed with the following commands:

$ sudo yum list installed rsyslog

rsyslog.x86_64 8.1911.0-3.el8 @AppStream

If the "rsyslog" package is not installed, ask the administrator to indicate how audit logs are being offloaded and what packages are installed to support it. If there is no evidence of audit logs being offloaded, this is a finding.

Check Content Reference

M

Target Key

2921

Comments