Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-73163 | RHEL-07-030321 | SV-87815r2_rule | Medium |
Description |
---|
Taking appropriate action when there is an error sending audit records to a remote system will minimize the possibility of losing audit records. |
STIG | Date |
---|---|
Red Hat Enterprise Linux 7 Security Technical Implementation Guide | 2017-07-08 |
Check Text ( C-73287r3_chk ) |
---|
Verify the action the operating system takes if there is an error sending audit records to a remote system. Check the action that takes place if there is an error sending audit records to a remote system with the following command: # grep -i network_failure_action /etc/audisp/audisp-remote.conf network_failure_action = stop If the value of the "network_failure_action" option is not "syslog", "single", or "halt", or the line is commented out, this is a finding. |
Fix Text (F-79609r1_fix) |
---|
Configure the action the operating system takes if there is an error sending audit records to a remote system. Uncomment the "network_failure_action" option in "/etc/audisp/audisp-remote.conf" and set it to "syslog", "single", or "halt". network_failure_action = single |