STIGQter: STIG Summary: VMware vRealize Operations Manager 6.x SLES Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 28 Sep 2018:

The SLES for vRealize must audit all account removal actions.

DISA Rule

SV-99277r1_rule

Vulnerability Number

V-88627

Group Title

SRG-OS-000241-GPOS-00091

Rule Version

VROM-SL-000860

Severity

CAT II

CCI(s)

• CCI-001405 - The information system automatically audits account removal actions.

Weight

10

Fix Recommendation

Configure execute auditing of the "userdel" and "groupdel" executables. Add the following to the "/etc/audit/audit.rules" file:

-w /usr/sbin/userdel -p x -k userdel
-w /usr/sbin/groupdel -p x -k groupdel

Check Contents

Determine if execution of the "userdel" and "groupdel" executable are audited:

# auditctl -l | egrep '(userdel|groupdel)'

If either "userdel" or "groupdel" are not listed with a permissions filter of at least "x", this is a finding.

Vulnerability Number

V-88627

Documentable

False

Rule Version

VROM-SL-000860

Severity Override Guidance

Determine if execution of the "userdel" and "groupdel" executable are audited:

# auditctl -l | egrep '(userdel|groupdel)'

If either "userdel" or "groupdel" are not listed with a permissions filter of at least "x", this is a finding.

Check Content Reference

M

Target Key

3461

Comments