Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-51093 | OL6-00-000182 | SV-65301r2_rule | Low |
Description |
---|
The network environment should not be modified by anything other than administrator action. Any change to network parameters should be audited. |
STIG | Date |
---|---|
Oracle Linux 6 Security Technical Implementation Guide | 2015-06-09 |
Check Text ( C-53513r1_chk ) |
---|
To determine if the system is configured to audit changes to its network configuration, run the following command: auditctl -l | egrep '(sethostname|setdomainname|/etc/issue|/etc/issue.net|/etc/hosts|/etc/sysconfig/network)' If the system is configured to watch for network configuration changes, a line should be returned for each file specified (and "perm=wa" should be indicated for each). If the system is not configured to audit changes of the network configuration, this is a finding. |
Fix Text (F-55903r2_fix) |
---|
Add the following to "/etc/audit/audit.rules", setting ARCH to either b32 or b64 as appropriate for your system: # audit_network_modifications -a always,exit -F arch=ARCH -S sethostname -S setdomainname -k audit_network_modifications -w /etc/issue -p wa -k audit_network_modifications -w /etc/issue.net -p wa -k audit_network_modifications -w /etc/hosts -p wa -k audit_network_modifications -w /etc/sysconfig/network -p wa -k audit_network_modifications |