Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-38471 | RHEL-06-000509 | SV-50271r1_rule | Low |
Description |
---|
The auditd service does not include the ability to send audit records to a centralized server for management directly. It does, however, include an audit event multiplexor plugin (audispd) to pass audit records to the local syslog server. |
STIG | Date |
---|---|
Red Hat Enterprise Linux 6 Security Technical Implementation Guide | 2018-03-01 |
Check Text ( C-46026r1_chk ) |
---|
Verify the audispd plugin is active: # grep active /etc/audisp/plugins.d/syslog.conf If the "active" setting is missing or set to "no", this is a finding. |
Fix Text (F-43416r1_fix) |
---|
Set the "active" line in "/etc/audisp/plugins.d/syslog.conf" to "yes". Restart the auditd process. # service auditd restart |