SV-100177r1_rule
V-89527
SRG-OS-000062-GPOS-00031
VRAU-SL-000235
CAT II
10
Ensure attempts to alter /var/log/tallylog are audited by modifying /etc/audit/audit.rules to contain "-w /var/log/tallylog -p wa" with the following command:
echo '-w /var/log/tallylog -p wa' >> /etc/audit/audit.rules
Or run the following command to implement all logging requirements:
# /etc/dodscript.sh
Verify that attempts to alter the log files /var/log/tallylog are audited:
# egrep "tallylog" /etc/audit/audit.rules
If "-w /var/log/tallylog -p wa" entry does not exist, this is a finding.
V-89527
False
VRAU-SL-000235
Verify that attempts to alter the log files /var/log/tallylog are audited:
# egrep "tallylog" /etc/audit/audit.rules
If "-w /var/log/tallylog -p wa" entry does not exist, this is a finding.
M
3459