STIGQter: STIG Summary: VMware vRealize Automation 7.x SLES Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 28 Sep 2018:

The SLES for vRealize must audit all account removal actions.

DISA Rule

SV-100397r1_rule

Vulnerability Number

V-89747

Group Title

SRG-OS-000241-GPOS-00091

Rule Version

VRAU-SL-000885

Severity

CAT II

CCI(s)

• CCI-001405 - The information system automatically audits account removal actions.

Weight

10

Fix Recommendation

Configure execute auditing of the "userdel" and "groupdel" executables. Add the following to the /etc/audit/audit.rules file:

-w /usr/sbin/userdel -p x -k userdel
-w /usr/sbin/groupdel -p x -k groupdel

Check Contents

Determine if execution of the "userdel" and "groupdel" executable are audited:

# auditctl -l | egrep '(userdel|groupdel)'

If either "userdel" or "groupdel" are not listed with a permissions filter of at least "x", this is a finding.

Vulnerability Number

V-89747

Documentable

False

Rule Version

VRAU-SL-000885

Severity Override Guidance

Determine if execution of the "userdel" and "groupdel" executable are audited:

# auditctl -l | egrep '(userdel|groupdel)'

If either "userdel" or "groupdel" are not listed with a permissions filter of at least "x", this is a finding.

Check Content Reference

M

Target Key

3459

Comments