Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
RHEL-06-000509 | RHEL-06-000509 | RHEL-06-000509_rule | Low |
Description |
---|
The auditd service does not include the ability to send audit records to a centralized server for management directly. It does, however, include an audit event multiplexor plugin (audispd) to pass audit records to the local syslog server. |
STIG | Date |
---|---|
Red Hat Enterprise Linux 6 Security Technical Implementation Guide | 2013-02-05 |
Check Text ( C-RHEL-06-000509_chk ) |
---|
Verify the audispd plugin is active: # grep active /etc/audisp/plugins.d/syslog.conf If the "active" setting is missing or set to "no", this is a finding. |
Fix Text (F-RHEL-06-000509_fix) |
---|
Set the "active" line in "/etc/audisp/plugins.d/syslog.conf" to "yes". Restart the auditd process. # service auditd restart |