All RHEL 9 remote access methods must be monitored.

An XCCDF Rule

Description

<VulnDiscussion>Logging remote access methods can be used to trace the decrease in the risks associated with remote user access management. It can also be used to spot cyberattacks and ensure ongoing compliance with organizational policies surrounding the use of remote access methods.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID: SV-258144r926419_rule
Severity: Medium
References: CCI-000067
Updated: 8 months ago

Add or update the following lines to the "/etc/rsyslog.conf" file:

auth.*;authpriv.*;daemon.* /var/log/secure

The "rsyslog" service must be restarted for the changes to take effect with the following command:
$ sudo systemctl restart rsyslog.service

All RHEL 9 remote access methods must be monitored.

Description

Remediation - Manual Procedure