UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The audit system must take appropriate action when there is an error sending audit records to a remote system.


Overview

Finding ID Version Rule ID IA Controls Severity
V-73163 RHEL-07-030321 SV-87815r2_rule Medium
Description
Taking appropriate action when there is an error sending audit records to a remote system will minimize the possibility of losing audit records.
STIG Date
Red Hat Enterprise Linux 7 Security Technical Implementation Guide 2017-12-14

Details

Check Text ( C-73287r3_chk )
Verify the action the operating system takes if there is an error sending audit records to a remote system.

Check the action that takes place if there is an error sending audit records to a remote system with the following command:

# grep -i network_failure_action /etc/audisp/audisp-remote.conf
network_failure_action = stop

If the value of the "network_failure_action" option is not "syslog", "single", or "halt", or the line is commented out, this is a finding.
Fix Text (F-79609r1_fix)
Configure the action the operating system takes if there is an error sending audit records to a remote system.

Uncomment the "network_failure_action" option in "/etc/audisp/audisp-remote.conf" and set it to "syslog", "single", or "halt".

network_failure_action = single