SV-234957r622137_rule
V-234957
SRG-OS-000046-GPOS-00022
SLES-15-030580
CAT II
10
Configure the auditd service to notify the administrators in the event of a SUSE operating system audit processing failure.
Configure an alias value for the postmaster with the following command:
> sudo sh -c 'echo "postmaster: root" >> /etc/aliases'
Configure an alias for root that forwards to a monitored email address with the following command:
> sudo sh -c 'echo "root: box@server.mil" >> /etc/aliases'
The following command must be run to implement changes to the /etc/aliases file:
> sudo newaliases
Verify the administrators are notified in the event of a SUSE operating system audit processing failure by checking that "/etc/aliases" has a defined value for root.
> grep -i "^postmaster:" /etc/aliases
postmaster: root
If the above command does not return a value of "root", or the output is commented out, this is a finding
Verify the alias for root forwards to a monitored e-mail account:
> grep -i "^root:" /etc/aliases
root: person@server.mil
If the alias for root does not forward to a monitored e-mail account, or the output is commented out, this is a finding.
V-234957
False
SLES-15-030580
Verify the administrators are notified in the event of a SUSE operating system audit processing failure by checking that "/etc/aliases" has a defined value for root.
> grep -i "^postmaster:" /etc/aliases
postmaster: root
If the above command does not return a value of "root", or the output is commented out, this is a finding
Verify the alias for root forwards to a monitored e-mail account:
> grep -i "^root:" /etc/aliases
root: person@server.mil
If the alias for root does not forward to a monitored e-mail account, or the output is commented out, this is a finding.
M
5274