STIGQter: STIG Summary: Canonical Ubuntu 18.04 LTS Security Technical Implementation Guide Version: 2 Release: 3 Benchmark Date: 23 Apr 2021:

The Ubuntu operating system must have a crontab script running weekly to off-load audit events of standalone systems.

DISA Rule

SV-219154r610963_rule

Vulnerability Number

V-219154

Group Title

SRG-OS-000479-GPOS-00224

Rule Version

UBTU-18-010008

Severity

CAT III

CCI(s)

• CCI-001851 - The information system off-loads audit records per organization-defined frequency onto a different system or media than the system being audited.

Weight

10

Fix Recommendation

Create a script which off-loads audit logs to external media and runs weekly.

Script must be located into the /etc/cron.weekly directory.

Check Contents

Verify there is a script which off-loads audit data and if that script runs weekly.

Check if there is a script in the /etc/cron.weekly directory which off-loads audit data:

# sudo ls /etc/cron.weekly

audit-offload

Check if the script inside the file does offloading of audit logs to an external media.

If the script file does not exist or if the script file doesn't offload audit logs, this is a finding.

Vulnerability Number

V-219154

Documentable

False

Rule Version

UBTU-18-010008

Severity Override Guidance

Verify there is a script which off-loads audit data and if that script runs weekly.

Check if there is a script in the /etc/cron.weekly directory which off-loads audit data:

# sudo ls /etc/cron.weekly

audit-offload

Check if the script inside the file does offloading of audit logs to an external media.

If the script file does not exist or if the script file doesn't offload audit logs, this is a finding.

Check Content Reference

M

Target Key

4055

Comments