Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
The audit system must be configured to audit modifications to the systems network configuration.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-38540 | RHEL-06-000182 | SV-50341r2_rule | Low |
| Description |
|---|
| The network environment should not be modified by anything other than administrator action. Any change to network parameters should be audited. |
| STIG | Date |
|---|---|
| Red Hat Enterprise Linux 6 Security Technical Implementation Guide | 2015-03-06 |
Details
| Check Text ( C-46098r1_chk ) |
|---|
| To determine if the system is configured to audit changes to its network configuration, run the following command: auditctl -l | egrep '(sethostname|setdomainname|/etc/issue|/etc/issue.net|/etc/hosts|/etc/sysconfig/network)' If the system is configured to watch for network configuration changes, a line should be returned for each file specified (and "perm=wa" should be indicated for each). If the system is not configured to audit changes of the network configuration, this is a finding. |
| Fix Text (F-43488r2_fix) |
|---|
| Add the following to "/etc/audit/audit.rules", setting ARCH to either b32 or b64 as appropriate for your system: # audit_network_modifications -a always,exit -F arch=ARCH -S sethostname -S setdomainname -k audit_network_modifications -w /etc/issue -p wa -k audit_network_modifications -w /etc/issue.net -p wa -k audit_network_modifications -w /etc/hosts -p wa -k audit_network_modifications -w /etc/sysconfig/network -p wa -k audit_network_modifications |