An error occurred:

Check: SLEM-05-653070

SUSE Linux Enterprise Micro (SLEM) 5 STIG: SLEM-05-653070 (in versions v1 r2 through v1 r1)

Title

Audispd must offload audit records onto a different system or media from SLEM 5 being audited. (Cat II impact)

Discussion

Information stored in one location is vulnerable to accidental or incidental deletion or alteration. Offloading is a common process in information systems with limited audit storage capacity.

Check Content

Verify "audispd" offloads audit records onto a different system or media from SLEM 5 being audited with the following command: > sudo grep remote_server /etc/audisp/audisp-remote.conf remote_server = 240.9.19.81 If "remote_server" is not set to an external server or media, or is commented out, this is a finding.

Fix Text

Configure SLEM 5 to offload audit records onto a different system or media. Add or modify the following line in the "/etc/audisp/audisp-remote.conf" file: remote_server = <ip_address>

Additional Identifiers

Rule ID: SV-261422r996674_rule

Vulnerability ID: V-261422

Group Title: SRG-OS-000342-GPOS-00133

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
CCI-001851

Transfer audit logs per organization-defined frequency to a different system, system component, or media than the system or system component conducting the logging.

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
AU-4(1)

Transfer to Alternate Storage