Skip to content
Log In

CloudLinux AlmaLinux OS 9 Security Technical Implementation Guide

Rules, Groups, and Values defined within the XCCDF Benchmark

  • SRG-OS-000341-GPOS-00132

    Group
    Show

  • SRG-OS-000341-GPOS-00132

    Group
    Show

  • AlmaLinux OS 9 must use a separate file system for the system audit data path.

    Placing "/var/log/audit" in its own partition enables better separation between audit files and other system files, and helps ensure that auditing cannot be halted due to the partition running out ...
    Rule Low Severity
    Show

  • SRG-OS-000341-GPOS-00132

    Group
    Show

  • AlmaLinux OS 9 must allocate audit record storage capacity to store at least one week's worth of audit records.

    To ensure AlmaLinux OS 9 systems have a sufficient storage capacity in which to write the audit logs, AlmaLinux OS 9 needs to be able to allocate audit record storage capacity. The task of allocat...
    Rule Medium Severity
    Show

  • SRG-OS-000479-GPOS-00224

    Group
    Show

  • SRG-OS-000479-GPOS-00224

    Group
    Show

  • AlmaLinux OS 9 must label all offloaded audit logs before sending them to the central log server.

    When audit logs are not labelled before they are sent to a central log server, the audit data will not be able to be analyzed and tied back to the correct system.
    Rule Medium Severity
    Show

  • SRG-OS-000479-GPOS-00224

    Group
    Show

  • AlmaLinux OS 9 must take appropriate action when the internal event queue is full.

    The audit system should have an action setup in the event the internal event queue becomes full so that no data is lost.
    Rule Medium Severity
    Show

  • SRG-OS-000479-GPOS-00224

    Group
    Show

  • AlmaLinux OS 9 must be configured to offload audit records onto a different system from the system being audited via syslog.

    The auditd service does not include the ability to send audit records to a centralized server for management directly. However, it can use a plug-in for audit event multiplexor (audispd) to pass ...
    Rule Medium Severity
    Show

  • SRG-OS-000479-GPOS-00224

    Group
    Show

  • AlmaLinux OS 9 must authenticate the remote logging server for offloading audit logs via rsyslog.

    Information stored in one location is vulnerable to accidental or incidental deletion or alteration. Off-loading is a common process in information systems with limited audit storage capacity.
    Rule Medium Severity
    Show

  • SRG-OS-000479-GPOS-00224

    Group
    Show

  • AlmaLinux OS 9 must encrypt the transfer of audit records offloaded onto a different system or media from the system being audited via rsyslog.

    Information stored in one location is vulnerable to accidental or incidental deletion or alteration. Off-loading is a common process in information systems with limited audit storage capacity.
    Rule Medium Severity
    Show

  • SRG-OS-000479-GPOS-00224

    Group
    Show

  • AlmaLinux OS 9 must encrypt, via the gtls driver, the transfer of audit records offloaded onto a different system or media from the system being audited via rsyslog.

    Information stored in one location is vulnerable to accidental or incidental deletion or alteration. Off-loading is a common process in information systems with limited audit storage capacity.
    Rule Medium Severity
    Show

  • SRG-OS-000342-GPOS-00133

    Group
    Show

  • SRG-OS-000342-GPOS-00133

    Group
    Show

  • AlmaLinux OS 9 must be configured to forward audit records via TCP to a different system or media from the system being audited via rsyslog.

    Information stored in one location is vulnerable to accidental or incidental deletion or alteration. Off-loading is a common process in information systems with limited audit storage capacity.
    Rule Low Severity
    Show

  • SRG-OS-000342-GPOS-00133

    Group
    Show

  • The rsyslog service on AlmaLinux OS 9 must be active.

    The "rsyslog" service must be running to provide logging services, which are essential to system administration.
    Rule Medium Severity
    Show

  • SRG-OS-000343-GPOS-00134

    Group
    Show

  • SRG-OS-000343-GPOS-00134

    Group
    Show

  • SRG-OS-000343-GPOS-00134

    Group
    Show

  • AlmaLinux OS 9 must take action when allocated audit record storage volume reaches 75 percent of the repository maximum audit record storage capacity.

    If security personnel are not notified immediately when storage volume reaches 75 percent usage, they are unable to plan for audit record storage capacity expansion.
    Rule Medium Severity
    Show

  • SRG-OS-000343-GPOS-00134

    Group
    Show

  • SRG-OS-000046-GPOS-00022

    Group
    Show

  • SRG-OS-000046-GPOS-00022

    Group
    Show

  • SRG-OS-000047-GPOS-00023

    Group
    Show

  • AlmaLinux OS 9 audit system must take appropriate action when an error writing to the audit storage volume occurs.

    It is critical that when the operating system is at risk of failing to process audit logs as required, it takes action to mitigate the failure. Audit processing failures include software/hardware e...
    Rule Medium Severity
    Show

  • SRG-OS-000047-GPOS-00023

    Group
    Show

  • SRG-OS-000047-GPOS-00023

    Group
    Show

  • AlmaLinux OS 9 must take appropriate action when a critical audit processing failure occurs.

    It is critical that when the operating system is at risk of failing to process audit logs as required, it takes action to mitigate the failure. Audit processing failures include software/hardware e...
    Rule Medium Severity
    Show

  • SRG-OS-000047-GPOS-00023

    Group
    Show

  • AlmaLinux OS 9 audit system must make full use of the audit storage space.

    max_log_file (size in megabytes) multiplied by num_logs must make full use of the auditd storage volume (separate to the root partition). If max_log_file_action is set to ROTATE or KEEP_LOGS then ...
    Rule Medium Severity
    Show

  • SRG-OS-000047-GPOS-00023

    Group
    Show

  • SRG-OS-000047-GPOS-00023

    Group
    Show

  • AlmaLinux OS 9 audit system must retain an optimal number of audit records.

    max_log_file (size in megabytes) multiplied by num_logs must make full use of the auditd storage volume (separate to the root partition). If max_log_file_action is set to ROTATE or KEEP_LOGS then ...
    Rule Medium Severity
    Show

  • SRG-OS-000051-GPOS-00024

    Group
    Show

  • AlmaLinux OS 9 must periodically flush audit records to disk to prevent the loss of audit records.

    If option "freq" is not set to a value that requires audit records being written to disk after a threshold number is reached, then audit records may be lost.
    Rule Medium Severity
    Show

  • SRG-OS-000042-GPOS-00021

    Group
    Show

  • SRG-OS-000355-GPOS-00143

    Group
    Show

  • SRG-OS-000355-GPOS-00143

    Group
    Show

  • AlmaLinux OS 9 must have the chrony package installed.

    Inaccurate time stamps make it more difficult to correlate events and can lead to an inaccurate analysis. Determining the correct time a particular event occurred on a system is critical when condu...
    Rule Medium Severity
    Show

  • SRG-OS-000356-GPOS-00144

    Group
    Show

  • SRG-OS-000057-GPOS-00027

    Group
    Show

  • AlmaLinux OS 9 audit log directory must be owned by root to prevent unauthorized read access.

    Unauthorized disclosure of audit records can reveal system and configuration data to attackers, thus compromising its confidentiality. Audit information includes all information (e.g., audit recor...
    Rule Medium Severity
    Show

  • SRG-OS-000057-GPOS-00027

    Group
    Show

Node 2

siemur/test-space

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules