DISA STIG for Oracle Linux 7
Rules and Groups employed by this XCCDF Profile
-
Configure auditd Data Retention
The audit system writes data to <code>/var/log/audit/audit.log</code>. By default, <code>auditd</code> rotates 5 logs by size (6MB), retaining a ma...Group -
Configure audispd Plugin To Send Logs To Remote Server
Configure the audispd plugin to off-load audit records onto a different system or media from the system being audited. Set the <code>remote_server...Rule Medium Severity -
Configure audispd's Plugin disk_full_action When Disk Is Full
Configure the action the operating system takes if the disk the audit records are written to becomes full. Edit the file <code>/etc/audisp/audisp-r...Rule Medium Severity -
Encrypt Audit Records Sent With audispd Plugin
Configure the operating system to encrypt the transfer of off-loaded audit records onto a different system or media from the system being audited. ...Rule Medium Severity -
Configure audispd's Plugin network_failure_action On Network Failure
Configure the action the operating system takes if there is an error sending audit records to a remote system. Edit the file <code>/etc/audisp/audi...Rule Medium Severity -
Configure auditd to use audispd's remote logging daemon
To configure the <code>auditd</code> service to use the <code>audisp-remote</code> plug-in of the <code>audispd</code> audit event multiplexor, set...Rule Medium Severity -
Ensure the audispd's remote logging daemon direction is correct
Ensure the direction of logs in <code>audisp-remote</code> plug-in of the <code>audispd</code> audit event multiplexor is correct. Check that the <...Rule Medium Severity -
Ensure the audispd's remote logging daemon executable is correct
Ensure the executable used by <code>audisp-remote</code> plug-in of the <code>audispd</code> audit event multiplexor is correct. Check that the <co...Rule Medium Severity -
Ensure the audispd's remote logging daemon type is correct
Ensure the type used by <code>audisp-remote</code> plug-in of the <code>audispd</code> audit event multiplexor is correct. Check that the <code>typ...Rule Medium Severity -
Configure auditd mail_acct Action on Low Disk Space
The <code>auditd</code> service can be configured to send email to a designated account in certain situations. Add or correct the following line in...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.