The audit-audispd-plugins package must be installed on SLEM 5.

An XCCDF Rule

Description

<VulnDiscussion>Information stored in one location is vulnerable to accidental or incidental deletion or alteration. Offloading is a common process in information systems with limited audit storage capacity. The auditd service does not include the ability to send audit records to a centralized server for management directly. However, it can use a plug-in for audit event multiplexor to pass audit records to a remote server.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID: SV-261412r996649_rule
Severity: Medium
References: CCI-001851
Updated: 17 days ago

Install the "audit-audispd-plugins" package on SLEM 5 by running the following command:

     > sudo transactional-update pkg install audit-audispd-plugins

Add or modify the following line in the "/etc/audisp/plugins.d/au-remote.conf" file:
active = yes

Reboot the system:

     > sudo reboot

The audit-audispd-plugins package must be installed on SLEM 5.

Description

Remediation - Manual Procedure