STIGQter: STIG Summary: Red Hat Enterprise Linux 8 Security Technical Implementation Guide Version: 1 Release: 2 Benchmark Date: 23 Apr 2021: STIGQter: STIG Summary: Red Hat Enterprise Linux 8 Security Technical Implementation Guide Version: 1 Release: 2 Benchmark Date: 23 Apr 2021:SV-230479r627750_rule
V-230479
SRG-OS-000342-GPOS-00133
RHEL-08-030690
CAT II
10
Configure the operating system to off-load audit records onto a different system or media from the system being audited by specifying the remote logging server in "/etc/rsyslog.conf" or "/etc/rsyslog.d/[customfile].conf" with the name or IP address of the log aggregation server.
*.* @@[remoteloggingserver]:[port]
Verify the audit system off-loads audit records onto a different system or media from the system being audited with the following command:
$ sudo grep @@ /etc/rsyslog.conf /etc/rsyslog.d/*.conf
/etc/rsyslog.conf:*.* @@[remoteloggingserver]:[port]
If a remote server is not configured, or the line is commented out, ask the System Administrator to indicate how the audit logs are off-loaded to a different system or media.
If there is no evidence that the audit logs are being off-loaded to another system or media, this is a finding.
V-230479
False
RHEL-08-030690
Verify the audit system off-loads audit records onto a different system or media from the system being audited with the following command:
$ sudo grep @@ /etc/rsyslog.conf /etc/rsyslog.d/*.conf
/etc/rsyslog.conf:*.* @@[remoteloggingserver]:[port]
If a remote server is not configured, or the line is commented out, ask the System Administrator to indicate how the audit logs are off-loaded to a different system or media.
If there is no evidence that the audit logs are being off-loaded to another system or media, this is a finding.
M
2921