Encrypt Audit Records Sent With audispd Plugin

Description

Configure the operating system to encrypt the transfer of off-loaded audit records onto a different system or media from the system being audited. Uncomment the enable_krb5 option in

/etc/audit/audisp-remote.conf

, and set it with the following line:

enable_krb5 = yes

Rationale

Information stored in one location is vulnerable to accidental or incidental deletion or alteration. Off-loading is a common process in information systems with limited audit storage capacity.

ID: xccdf_org.ssgproject.content_rule_auditd_audispd_encrypt_sent_records
Severity: Medium
References: CCI-001851

AU-9(3) CM-6(a)

FAU_GEN.1.1.c

SRG-OS-000342-GPOS-00133 SRG-OS-000479-GPOS-00224
Updated: over 1 year ago