Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
The system must forward audit records to the syslog service.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| RHEL-06-000509 | RHEL-06-000509 | RHEL-06-000509_rule | Low |
| Description |
|---|
| The auditd service does not include the ability to send audit records to a centralized server for management directly. It does, however, include an audit event multiplexor plugin (audispd) to pass audit records to the local syslog server. |
| STIG | Date |
|---|---|
| Red Hat Enterprise Linux 6 Security Technical Implementation Guide | 2013-02-05 |
Details
| Check Text ( C-RHEL-06-000509_chk ) |
|---|
| Verify the audispd plugin is active: # grep active /etc/audisp/plugins.d/syslog.conf If the "active" setting is missing or set to "no", this is a finding. |
| Fix Text (F-RHEL-06-000509_fix) |
|---|
| Set the "active" line in "/etc/audisp/plugins.d/syslog.conf" to "yes". Restart the auditd process. # service auditd restart |