PHTN-67-000011 – The Photon operating system must configure auditd to use the correct log format.

Details

To compile an accurate risk assessment and provide forensic analysis, it is essential for security personnel to know exact, unfiltered details of the event in question.

Solution

Open /etc/audit/auditd.conf with a text editor.

Ensure that the ‘log_format’ line is uncommented and set to the following:

log_format = RAW

At the command line, execute the following command:

# service auditd reload

Supportive Information

The following resource is also helpful.

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_VMW_vSphere_6-7_STIG.zip

This security hardening control applies to the following category of controls within NIST 800-53: Audit and Accountability.This control applies to the following type of system Unix.

References

800-53|AU-3
CAT|II
CCI|CCI-000131
Rule-ID|SV-239083r675057_rule
STIG-ID|PHTN-67-000011
Vuln-ID|V-239083

Source

Tenable.com/audits

Updated on July 16, 2022

Was this article helpful?

Yes No

Details

Solution

Supportive Information

References

Source

Related Articles