UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The audit system must be configured to audit modifications to the systems network configuration.


Overview

Finding ID Version Rule ID IA Controls Severity
RHEL-06-000182 RHEL-06-000182 RHEL-06-000182_rule Low
Description
The network environment should not be modified by anything other than administrator action. Any change to network parameters should be audited.
STIG Date
Red Hat Enterprise Linux 6 Security Technical Implementation Guide 2013-02-05

Details

Check Text ( C-RHEL-06-000182_chk )
To determine if the system is configured to audit changes to its network configuration, run the following command:

auditctl -l | egrep '(/etc/issue|/etc/issue.net|/etc/hosts|/etc/sysconfig/network)'

If the system is configured to watch for network configuration changes, a line should be returned for each file specified (and "perm=wa" should be indicated for each).
If the system is not configured to audit changes of the network configuration, this is a finding.
Fix Text (F-RHEL-06-000182_fix)
Add the following to "/etc/audit/audit.rules", setting ARCH to either b32 or b64 as appropriate for your system:

# audit_network_modifications
-a exit,always -F arch=ARCH -S sethostname -S setdomainname -k audit_network_modifications
-w /etc/issue -p wa -k audit_network_modifications
-w /etc/issue.net -p wa -k audit_network_modifications
-w /etc/hosts -p wa -k audit_network_modifications
-w /etc/sysconfig/network -p wa -k audit_network_modifications