Audispd must off-load audit records onto a different system or media from the SUSE operating system being audited.

An XCCDF Rule

Details
Profiles

Description

Information stored in one location is vulnerable to accidental or incidental deletion or alteration. Off-loading is a common process in information systems with limited audit storage capacity.

ID: SV-234968r1009570_rule
Version: SLES-15-030690
Severity: Low
References: CCI-001851
Updated: about 2 months ago

Remediation Templates

Configure the SUSE operating system "/etc/audit/audisp-remote.conf" file to off-load audit records onto a different system or media by adding or editing the following line with the correct IP address:

remote_server = [IP ADDRESS]

Audispd must off-load audit records onto a different system or media from the SUSE operating system being audited.

Description

Remediation Templates

A Manual Procedure