The Oracle Linux operating system must off-load audit records onto a different system or media from the system being audited.

An XCCDF Rule

Details
Profiles

Description

Information stored in one location is vulnerable to accidental or incidental deletion or alteration. Off-loading is a common process in information systems with limited audit storage capacity. Satisfies: SRG-OS-000342-GPOS-00133, SRG-OS-000479-GPOS-00224

ID: SV-221770r958754_rule
Version: OL07-00-030300
Severity: Medium
References: CCI-001851
Updated: 15 days ago

Remediation Templates

Configure the operating system to off-load audit records onto a different system or media from the system being audited.

Set the remote server option in "/etc/audisp/audisp-remote.conf" with the IP address of the log aggregation server.

The Oracle Linux operating system must off-load audit records onto a different system or media from the system being audited.

Description

Remediation Templates

A Manual Procedure