AlmaLinux OS 9 must authenticate the remote logging server for offloading audit logs via rsyslog.

An XCCDF Rule

Details
Profiles

Description

Information stored in one location is vulnerable to accidental or incidental deletion or alteration. Off-loading is a common process in information systems with limited audit storage capacity.

ID: SV-269513r1050396_rule
Version: ALMA-09-052600
Severity: Medium
References: CCI-001851
Updated: about 2 months ago

Remediation Templates

Configure AlmaLinux OS 9 to authenticate the remote logging server for offloading audit logs by setting the following option in "/etc/rsyslog.conf" or "/etc/rsyslog.d/[customfile].conf":

$ActionSendStreamDriverAuthMode x509/name

AlmaLinux OS 9 must authenticate the remote logging server for offloading audit logs via rsyslog.

Description

Remediation Templates

A Manual Procedure