The audit-audispd-plugins package must be installed on SLEM 5.

An XCCDF Rule

Details
Profiles

Description

Information stored in one location is vulnerable to accidental or incidental deletion or alteration. Offloading is a common process in information systems with limited audit storage capacity. The auditd service does not include the ability to send audit records to a centralized server for management directly. However, it can use a plug-in for audit event multiplexor to pass audit records to a remote server.

ID: SV-261412r996649_rule
Version: SLEM-05-653020
Severity: Medium
References: CCI-001851
Updated: 5 days ago

Remediation Templates

Install the "audit-audispd-plugins" package on SLEM 5 by running the following command:

     > sudo transactional-update pkg install audit-audispd-plugins

Add or modify the following line in the "/etc/audisp/plugins.d/au-remote.conf" file:
active = yes

Reboot the system:

     > sudo reboot

The audit-audispd-plugins package must be installed on SLEM 5.

Description

Remediation Templates

A Manual Procedure