An error occurred:

Check: AZLX-23-001035

Amazon Linux 2023 STIG: AZLX-23-001035 (in version v1 r1)

Title

Amazon Linux 2023 audispd-plugins package must be installed. (Cat II impact)

Discussion

The "audispd-plugins" package provides plugins for the real-time interface to the audit subsystem, "audispd". These plugins can, for example, relay events to remote machines or analyze events for suspicious behavior.

Check Content

Verify Amazon Linux 2023 has the audispd-plugins package installed with the following command: $ sudo dnf list --installed audispd-plugins Installed Packages audispd-plugins.x86_64 3.0.6-1.amzn2023.0.2 @amazonlinux If the "audispd-plugins" package is not installed, this is a finding.

Fix Text

Configure Amazon Linux 2023 to have the audispd-plugins package installed. Install the audispd-plugins package with the following command: $ sudo dnf install -y audispd-plugins

Additional Identifiers

Rule ID: SV-274019r1120045_rule

Vulnerability ID: V-274019

Group Title: SRG-OS-000342-GPOS-00133

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
CCI-001851

Transfer audit logs per organization-defined frequency to a different system, system component, or media than the system or system component conducting the logging.

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
AU-4(1)

Transfer to Alternate Storage