STIGQter STIGQter: STIG Summary: SUSE Linux Enterprise Server 15 Security Technical Implementation Guide Version: 1 Release: 2 Benchmark Date: 23 Apr 2021:

The Information System Security Officer (ISSO) and System Administrator (SA), at a minimum, must have mail aliases to be notified of a SUSE operating system audit processing failure.

DISA Rule

SV-234957r622137_rule

Vulnerability Number

V-234957

Group Title

SRG-OS-000046-GPOS-00022

Rule Version

SLES-15-030580

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Configure the auditd service to notify the administrators in the event of a SUSE operating system audit processing failure.

Configure an alias value for the postmaster with the following command:

> sudo sh -c 'echo "postmaster: root" >> /etc/aliases'

Configure an alias for root that forwards to a monitored email address with the following command:

> sudo sh -c 'echo "root: box@server.mil" >> /etc/aliases'

The following command must be run to implement changes to the /etc/aliases file:

> sudo newaliases

Check Contents

Verify the administrators are notified in the event of a SUSE operating system audit processing failure by checking that "/etc/aliases" has a defined value for root.

> grep -i "^postmaster:" /etc/aliases

postmaster: root

If the above command does not return a value of "root", or the output is commented out, this is a finding

Verify the alias for root forwards to a monitored e-mail account:

> grep -i "^root:" /etc/aliases
root: person@server.mil

If the alias for root does not forward to a monitored e-mail account, or the output is commented out, this is a finding.

Vulnerability Number

V-234957

Documentable

False

Rule Version

SLES-15-030580

Severity Override Guidance

Verify the administrators are notified in the event of a SUSE operating system audit processing failure by checking that "/etc/aliases" has a defined value for root.

> grep -i "^postmaster:" /etc/aliases

postmaster: root

If the above command does not return a value of "root", or the output is commented out, this is a finding

Verify the alias for root forwards to a monitored e-mail account:

> grep -i "^root:" /etc/aliases
root: person@server.mil

If the alias for root does not forward to a monitored e-mail account, or the output is commented out, this is a finding.

Check Content Reference

M

Target Key

5274

Comments