The system must be configured to send audit records to a remote audit server.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-24357 | GEN002870 | SV-30025r1_rule | ECTB-1 | Low |
| Description |
|---|
| Audit records contain evidence that can be used in the investigation of compromised systems. To prevent this evidence from compromise, it must be sent to a separate system continuously. Methods for sending audit records include, but are not limited to, system audit tools used to send logs directly to another host or through the system's syslog service to another host. |
| STIG | Date |
|---|---|
| UNIX SRG | 2013-03-26 |
Details
| Check Text ( C-30814r1_chk ) |
|---|
| Consult vendor documentation to determine the settings required for the audit system for sending audit records to a remote system or via syslog. If the system is not configured to provide this function, this is a finding. |
| Fix Text (F-27394r1_fix) |
|---|
| Consult vendor documentation for the settings required to configure the system to send audit records to a remote system. Implement the configuration settings. |