STIGQter: STIG Summary: SUSE Linux Enterprise Server 15 Security Technical Implementation Guide Version: 1 Release: 2 Benchmark Date: 23 Apr 2021:

The SUSE operating system must have the auditing package installed.

DISA Rule

SV-234964r622137_rule

Vulnerability Number

V-234964

Group Title

SRG-OS-000337-GPOS-00129

Rule Version

SLES-15-030650

Severity

CAT II

CCI(s)

• CCI-000172 - The information system generates audit records for the events defined in AU-2 d. with the content defined in AU-3.
• CCI-001914 - The information system provides the capability for organization-defined individuals or roles to change the auditing to be performed on organization-defined information system components based on organization-defined selectable event criteria within organization-defined time thresholds.
• CCI-001814 - The Information system supports auditing of the enforcement actions.
• CCI-001889 - The information system records time stamps for audit records that meet organization-defined granularity of time measurement.
• CCI-001875 - The information system provides an audit reduction capability that supports on-demand audit review and analysis.
• CCI-001881 - The information system provides an audit reduction capability that does not alter original content or time ordering of audit records.
• CCI-001882 - The information system provides a report generation capability that does not alter original content or time ordering of audit records.
• CCI-001879 - The information system provides a report generation capability that supports on-demand reporting requirements.
• CCI-001880 - The information system provides a report generation capability that supports after-the-fact investigations of security incidents.
• CCI-001877 - The information system provides an audit reduction capability that supports after-the-fact investigations of security incidents.
• CCI-001878 - The information system provides a report generation capability that supports on-demand audit review and analysis.

Weight

10

Fix Recommendation

The SUSE operating system auditd package must be installed on the system. If it is not installed, use the following command to install it:

> sudo zypper in audit

Check Contents

Verify the SUSE operating system auditing package is installed.

Check that the "audit" package is installed by performing the following command:

> zypper info audit | grep Installed

i | audit | User Space Tools for 2.6 Kernel Auditing

If the package "audit" is not installed on the system, then this is a finding.

Vulnerability Number

V-234964

Documentable

False

Rule Version

SLES-15-030650

Severity Override Guidance

Verify the SUSE operating system auditing package is installed.

Check that the "audit" package is installed by performing the following command:

> zypper info audit | grep Installed

i | audit | User Space Tools for 2.6 Kernel Auditing

If the package "audit" is not installed on the system, then this is a finding.

Check Content Reference

M

Target Key

5274

Comments