STIGQter: STIG Summary: SUSE Linux Enterprise Server 15 Security Technical Implementation Guide Version: 1 Release: 2 Benchmark Date: 23 Apr 2021: STIGQter: STIG Summary: SUSE Linux Enterprise Server 15 Security Technical Implementation Guide Version: 1 Release: 2 Benchmark Date: 23 Apr 2021:SV-234956r622137_rule
V-234956
SRG-OS-000046-GPOS-00022
SLES-15-030570
CAT II
10
Configure the auditd service to notify the administrators in the event of a SUSE operating system audit processing failure.
Edit the following line in "/etc/audit/auditd.conf" to ensure that administrators are notified via email for those situations:
action_mail_acct = root
Verify the administrators are notified in the event of a SUSE operating system audit processing failure by inspecting "/etc/audit/auditd.conf".
Check if the system is configured to send email to an account when it needs to notify an administrator with the following command:
> sudo grep action_mail /etc/audit/auditd.conf
action_mail_acct = root
If the value of the "action_mail_acct" keyword is not set to "root" and/or other accounts for security personnel, the "action_mail_acct" keyword is missing, or the returned line is commented out, this is a finding.
V-234956
False
SLES-15-030570
Verify the administrators are notified in the event of a SUSE operating system audit processing failure by inspecting "/etc/audit/auditd.conf".
Check if the system is configured to send email to an account when it needs to notify an administrator with the following command:
> sudo grep action_mail /etc/audit/auditd.conf
action_mail_acct = root
If the value of the "action_mail_acct" keyword is not set to "root" and/or other accounts for security personnel, the "action_mail_acct" keyword is missing, or the returned line is commented out, this is a finding.
M
5274