UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Off-loading audit records to another system must be authenticated.


Overview

Finding ID Version Rule ID IA Controls Severity
V-75633 UBTU-16-020080 SV-90313r1_rule Medium
Description
Information stored in one location is vulnerable to accidental or incidental deletion or alteration. Off-loading is a common process in information systems with limited audit storage capacity.
STIG Date
Canonical Ubuntu 16.04 LTS Security Technical Implementation Guide 2018-07-18

Details

Check Text ( C-75337r1_chk )
Verify the audit system authenticates off-loading audit records to a different system.

Check that the off-loading of audit records to a different system is authenticated with the following command:

# sudo grep enable /etc/audisp/audisp-remote.conf

enable_krb5 = yes

If “enable_krb5” option is not set to "yes" or the line is commented out, this is a finding.
Fix Text (F-82261r1_fix)
Configure the audit system to authenticate off-loading audit records to a different system.

Uncomment the "enable_krb5" option in "/etc/audisp/audisp-remote.conf" and set it to "yes". See the example below.

enable_krb5 = yes