AlmaLinux OS 9 must label all offloaded audit logs before sending them to the central log server.

An XCCDF Rule

Details
Profiles

Description

When audit logs are not labelled before they are sent to a central log server, the audit data will not be able to be analyzed and tied back to the correct system.

ID: SV-269510r1050393_rule
Version: ALMA-09-052270
Severity: Medium
References: CCI-001851
Updated: about 2 months ago

Remediation Templates

Edit the /etc/audit/auditd.conf file and add or update the "name_format" option:

name_format = HOSTNAME

The audit daemon must be restarted for changes to take effect.

AlmaLinux OS 9 must label all offloaded audit logs before sending them to the central log server.

Description

Remediation Templates

A Manual Procedure