Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
The Oracle Linux operating system must encrypt the transfer of audit records off-loaded onto a different system or media from the system being audited.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-221771 | OL07-00-030310 | SV-221771r877390_rule | Medium |
| Description |
|---|
| Information stored in one location is vulnerable to accidental or incidental deletion or alteration. Off-loading is a common process in information systems with limited audit storage capacity. Satisfies: SRG-OS-000342-GPOS-00133, SRG-OS-000479-GPOS-00224 |
| STIG | Date |
|---|---|
| Oracle Linux 7 Security Technical Implementation Guide | 2023-03-06 |
Details
| Check Text ( C-23486r419385_chk ) |
|---|
| Verify the operating system encrypts audit records off-loaded onto a different system or media from the system being audited. To determine if the transfer is encrypted, use the following command: # grep -i enable_krb5 /etc/audisp/audisp-remote.conf enable_krb5 = yes If the value of the "enable_krb5" option is not set to "yes" or the line is commented out, ask the System Administrator to indicate how the audit logs are off-loaded to a different system or media. If there is no evidence that the transfer of the audit logs being off-loaded to another system or media is encrypted, this is a finding. |
| Fix Text (F-23475r419386_fix) |
|---|
| Configure the operating system to encrypt the transfer of off-loaded audit records onto a different system or media from the system being audited. Uncomment the "enable_krb5" option in "/etc/audisp/audisp-remote.conf" and set it with the following line: enable_krb5 = yes |