The SUSE operating system must have the auditing package installed.
DISA Rule
SV-217190r603262_rule
Vulnerability Number
V-217190
Group Title
SRG-OS-000337-GPOS-00129
Rule Version
SLES-12-020000
Severity
CAT II
CCI(s)
- CCI-000172 - The information system generates audit records for the events defined in AU-2 d. with the content defined in AU-3.
- CCI-001814 - The Information system supports auditing of the enforcement actions.
- CCI-001875 - The information system provides an audit reduction capability that supports on-demand audit review and analysis.
- CCI-001878 - The information system provides a report generation capability that supports on-demand audit review and analysis.
- CCI-001879 - The information system provides a report generation capability that supports on-demand reporting requirements.
- CCI-001880 - The information system provides a report generation capability that supports after-the-fact investigations of security incidents.
- CCI-001881 - The information system provides an audit reduction capability that does not alter original content or time ordering of audit records.
- CCI-001882 - The information system provides a report generation capability that does not alter original content or time ordering of audit records.
- CCI-001889 - The information system records time stamps for audit records that meet organization-defined granularity of time measurement.
- CCI-001877 - The information system provides an audit reduction capability that supports after-the-fact investigations of security incidents.
- CCI-001914 - The information system provides the capability for organization-defined individuals or roles to change the auditing to be performed on organization-defined information system components based on organization-defined selectable event criteria within organization-defined time thresholds.
Weight
10
Fix Recommendation
The SUSE operating system auditd package must be installed on the system. If it is not installed, use the following command to install it:
# sudo zypper in auditd
Check Contents
Verify the SUSE operating system auditing package is installed.
Check that the "audit" package is installed by performing the following command:
# zypper se audit
i | audit | User Space Tools for 2.6 Kernel Auditing
If the package "audit" is not installed on the system, then this is a finding.
Vulnerability Number
V-217190
Documentable
False
Rule Version
SLES-12-020000
Severity Override Guidance
Verify the SUSE operating system auditing package is installed.
Check that the "audit" package is installed by performing the following command:
# zypper se audit
i | audit | User Space Tools for 2.6 Kernel Auditing
If the package "audit" is not installed on the system, then this is a finding.
Check Content Reference
M
Target Key
4033
Comments
STIGQter: STIG Summary: SLES 12 Security Technical Implementation Guide Version: 2 Release: 3 Benchmark Date: 23 Apr 2021: