STIGQter: STIG Summary: VMware vSphere 6.7 Photon OS Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 09 Mar 2021:

The Photon operating system must generate audit records when the sudo command is used.

DISA Rule

SV-239142r675234_rule

Vulnerability Number

V-239142

Group Title

SRG-OS-000458-GPOS-00203

Rule Version

PHTN-67-000071

Severity

CAT II

CCI(s)

• CCI-000172 - The information system generates audit records for the events defined in AU-2 d. with the content defined in AU-3.

Weight

10

Fix Recommendation

At the command line, execute the following commands:

# echo '-a always,exit -F path=/usr/bin/sudo -F perm=x -F auid>=1000 -F auid!=4294967295 -k privileged' >> /etc/audit/rules.d/audit.STIG.rules
# /sbin/augenrules --load

Check Contents

At the command line, execute the following command:

# auditctl -l | grep sudo

Expected result:
-a always,exit -F path=/usr/bin/sudo -F perm=x -F auid>=1000 -F auid!=4294967295 -k privileged

If the output does not match the expected result, this is a finding.

Vulnerability Number

V-239142

Documentable

False

Rule Version

PHTN-67-000071

Severity Override Guidance

At the command line, execute the following command:

# auditctl -l | grep sudo

Expected result:
-a always,exit -F path=/usr/bin/sudo -F perm=x -F auid>=1000 -F auid!=4294967295 -k privileged

If the output does not match the expected result, this is a finding.

Check Content Reference

M

Target Key

5323

Comments