The SLES for vRealize must initiate session audits at system start-up.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-239580 | VROM-SL-000870 | SV-239580r662191_rule | Medium |
| Description |
|---|
| If auditing is enabled late in the start-up process, the actions of some start-up processes may not be audited. Some audit systems also maintain state information only available if auditing is enabled before a given process is created. |
| STIG | Date |
|---|---|
| VMware vRealize Operations Manager 6.x SLES Security Technical Implementation Guide | 2021-07-01 |
Details
| Check Text ( C-42813r662189_chk ) |
|---|
| Check for the "audit=1" kernel parameter. # grep "audit=1" /proc/cmdline If no results are returned, this is a finding. |
| Fix Text (F-42772r662190_fix) |
|---|
| Edit the grub bootloader file "/boot/grub/menu.lst" by appending the "audit=1" parameter to the kernel boot line. Reboot the system for the change to take effect. |