The SLES for vRealize must initiate session audits at system start-up.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-240487 | VRAU-SL-000895 | SV-240487r671202_rule | Medium |
| Description |
|---|
| If auditing is enabled late in the start-up process, the actions of some start-up processes may not be audited. Some audit systems also maintain state information only available if auditing is enabled before a given process is created. |
| STIG | Date |
|---|---|
| VMware vRealize Automation 7.x SLES Security Technical Implementation Guide | 2021-06-24 |
Details
| Check Text ( C-43720r671200_chk ) |
|---|
| Check for the "audit=1" kernel parameter. # grep "audit=1" /proc/cmdline If no results are returned, this is a finding. |
| Fix Text (F-43679r671201_fix) |
|---|
| Edit the grub bootloader file /boot/grub/menu.lst by appending the "audit=1" parameter to the kernel boot line. Reboot the system for the change to take effect. |