UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The SUSE operating system audit event multiplexor must be configured to use Kerberos.


Overview

Finding ID Version Rule ID IA Controls Severity
V-77303 SLES-12-020080 SV-91999r2_rule Low
Description
Information stored in one location is vulnerable to accidental or incidental deletion or alteration. Allowing devices and users to connect to or from the system without first authenticating them allows untrusted access and can lead to a compromise or attack. Audit events may include sensitive data must be encrypted prior to transmission. Kerberos provides a mechanism to provide both authentication and encryption for audit event records.
STIG Date
SLES 12 Security Technical Implementation Guide 2020-01-07

Details

Check Text ( C-76859r1_chk )
Determine if the SUSE operating system audit event multiplexor is configured to use Kerberos by running the following command:

# sudo cat /etc/audisp/audisp-remote.conf | grep enable_krb5
enable_krb5 = yes

If "enable-krb5" is not set to "yes", this is a finding.
Fix Text (F-83945r2_fix)
Configure the SUSE operating system audit event multiplexor to use Kerberos by editing the "/etc/audisp/audisp-remote.conf" file.

Edit or add the following line to match the text below:

enable_krb5 = yes