STIGQter STIGQter: STIG Summary: VMware vRealize Operations Manager 6.x SLES Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 28 Sep 2018:

The SLES for vRealize must generate audit records for all kernel module load, unload, and restart actions, and also for all program initiations.

DISA Rule

SV-99403r1_rule

Vulnerability Number

V-88753

Group Title

SRG-OS-000477-GPOS-00222

Rule Version

VROM-SL-001460

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Add the following to "/etc/audit/audit.rules" in order to capture kernel module loading and unloading events:

-w /sbin/insmod -p x

OR

# /etc/dodscript.sh

Check Contents

Determine if "/sbin/insmod" is audited:

# cat /etc/audit/audit.rules | grep "/sbin/insmod"

If the result does not start with "-w" and contain "-p x", this is a finding.

Vulnerability Number

V-88753

Documentable

False

Rule Version

VROM-SL-001460

Severity Override Guidance

Determine if "/sbin/insmod" is audited:

# cat /etc/audit/audit.rules | grep "/sbin/insmod"

If the result does not start with "-w" and contain "-p x", this is a finding.

Check Content Reference

M

Target Key

3461

Comments