SUSE operating system audit records must contain information to establish what type of events occurred, the source of events, where events occurred, and the outcome of events.
DISA Rule
SV-234904r622137_rule
Vulnerability Number
V-234904
Group Title
SRG-OS-000037-GPOS-00015
Rule Version
SLES-15-030050
Severity
CAT II
CCI(s)
- CCI-000154 - The information system provides the capability to centrally review and analyze audit records from multiple components within the system.
- CCI-000158 - The information system provides the capability to process audit records for events of interest based on organization-defined audit fields within audit records.
- CCI-000131 - The information system generates audit records containing information that establishes when an event occurred.
- CCI-000132 - The information system generates audit records containing information that establishes where the event occurred.
- CCI-000133 - The information system generates audit records containing information that establishes the source of the event.
- CCI-000134 - The information system generates audit records containing information that establishes the outcome of the event.
- CCI-000135 - The information system generates audit records containing the organization-defined additional, more detailed information that is to be included in the audit records.
- CCI-000130 - The information system generates audit records containing information that establishes what type of event occurred.
- CCI-001876 - The information system provides an audit reduction capability that supports on-demand reporting requirements.
- CCI-001464 - The information system initiates session audits at system start-up.
- CCI-001487 - The information system generates audit records containing information that establishes the identity of any individuals or subjects associated with the event.
- CCI-002884 - The organization audits nonlocal maintenance and diagnostic sessions^ organization-defined audit events.
Weight
10
Fix Recommendation
Enable the SUSE operating system auditd service by performing the following commands:
> sudo systemctl enable auditd.service
> sudo systemctl start auditd.service
Check Contents
Verify the SUSE operating system produces audit records.
Check that the SUSE operating system produces audit records by running the following command to determine the current status of the auditd service:
> systemctl is-active auditd.service
active
> systemctl is-enabled auditd.service
enabled
If the service is not active or not enabled, this is a finding.
Vulnerability Number
V-234904
Documentable
False
Rule Version
SLES-15-030050
Severity Override Guidance
Verify the SUSE operating system produces audit records.
Check that the SUSE operating system produces audit records by running the following command to determine the current status of the auditd service:
> systemctl is-active auditd.service
active
> systemctl is-enabled auditd.service
enabled
If the service is not active or not enabled, this is a finding.
Check Content Reference
M
Target Key
5274
Comments
STIGQter: STIG Summary: SUSE Linux Enterprise Server 15 Security Technical Implementation Guide Version: 1 Release: 2 Benchmark Date: 23 Apr 2021: