Guide to the Secure Configuration of Red Hat Enterprise Linux CoreOS 4
Rules, Groups, and Values defined within the XCCDF Benchmark
-
Write Audit Logs to the Disk
To configure Audit daemon to write Audit logs to the disk, setwrite_logstoyesin/etc/audit/auditd.conf. This is the default setting.Rule Medium Severity -
Action for audispd to take when disk is full
The setting for disk_full_action in /etc/audisp/audisp-remote.confValue -
Action for audispd to take when network fails
The setting for network_failure_action in /etc/audisp/audisp-remote.confValue -
Remote server for audispd to send audit records
The setting for remote_server in /etc/audisp/audisp-remote.confValue -
Account for auditd to send email when actions occurs
The setting for action_mail_acct in /etc/audit/auditd.confValue -
Action for auditd to take when disk space is low
The setting for admin_space_left_action in /etc/audit/auditd.confValue -
Action for auditd to take when disk errors
'The setting for disk_error_action in /etc/audit/auditd.conf, if multiple values are allowed write them separated by pipes as in "syslog|single|halt", for remediations the first value will be taken'Value -
Action for auditd to take when disk is full
'The setting for disk_full_action in /etc/audit/auditd.conf, if multiple values are allowed write them separated by pipes as in "syslog|single|halt", for remediations the first value will be taken'Value -
Number of Record to Retain Before Flushing to Disk
The setting for freq in /etc/audit/auditd.confValue -
Maximum audit log file size for auditd
The setting for max_log_file in /etc/audit/auditd.confValue -
Action for auditd to take when log files reach their maximum size
The setting for max_log_file_action in /etc/audit/auditd.conf. The following options are available: <br>ignore - audit daemon does nothing. <br>syslog - audit daemon will issue a warning to syslog....Value -
Number of log files for auditd to retain
The setting for num_logs in /etc/audit/auditd.confValue -
Size remaining in disk space before prompting space_left_action
The setting for space_left (MB) in /etc/audit/auditd.confValue -
Action for auditd to take when disk space just starts to run low
The setting for space_left_action in /etc/audit/auditd.confValue -
Configure auditd flush priority
The <code>auditd</code> service can be configured to synchronously write audit event data to disk. Add or correct the following line in <code>/etc/audit/auditd.conf</code> to ensure that audit even...Rule Medium Severity -
Configure auditd Max Log File Size
Determine the amount of audit data (in megabytes) which should be retained in each log file. Edit the file <code>/etc/audit/auditd.conf</code>. Add or modify the following line, substituting the co...Rule Medium Severity -
Configure auditd max_log_file_action Upon Reaching Maximum Log Size
The default action to take when the logs reach their maximum size is to rotate the log files, discarding the oldest one. To configure the action taken by <code>auditd</code>, add or correct the lin...Rule Medium Severity -
Configure auditd max_log_file_action Upon Reaching Maximum Log Size
The default action to take when the logs reach their maximum size is to rotate the log files, discarding the oldest one. To configure the action taken by <code>auditd</code>, add or correct the lin...Rule Medium Severity -
Configure auditd Number of Logs Retained
Determine how many log files <code>auditd</code> should retain when it rotates logs. Edit the file <code>/etc/audit/auditd.conf</code>. Add or modify the following line, substituting <i>NUMLOGS</i>...Rule Medium Severity -
Configure auditd space_left on Low Disk Space
The <code>auditd</code> service can be configured to take an action when disk space is running low but prior to running out of space completely. Edit the file <code>/etc/audit/auditd.conf</code>. A...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.