UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The system must forward audit records to the syslog service.


Overview

Finding ID Version Rule ID IA Controls Severity
V-38471 RHEL-06-000509 SV-50271r1_rule Low
Description
The auditd service does not include the ability to send audit records to a centralized server for management directly. It does, however, include an audit event multiplexor plugin (audispd) to pass audit records to the local syslog server.
STIG Date
Red Hat Enterprise Linux 6 Security Technical Implementation Guide 2018-03-01

Details

Check Text ( C-46026r1_chk )
Verify the audispd plugin is active:

# grep active /etc/audisp/plugins.d/syslog.conf

If the "active" setting is missing or set to "no", this is a finding.
Fix Text (F-43416r1_fix)
Set the "active" line in "/etc/audisp/plugins.d/syslog.conf" to "yes". Restart the auditd process.

# service auditd restart