Amazon Linux 2023 audispd-plugins package must be installed.

STIG ID: AZLX-23-001035  |  SRG: SRG-OS-000342-GPOS-00133 |  Severity: medium (CAT II)  |  CCI: CCI-001851 |  Vulnerability Id: V-274019

Vulnerability Discussion

The "audispd-plugins" package provides plugins for the real-time interface to the audit subsystem, "audispd". These plugins can, for example, relay events to remote machines or analyze events for suspicious behavior.

Check

Verify Amazon Linux 2023 has the audispd-plugins package installed with the following command:

$ sudo dnf list --installed audispd-plugins
Installed Packages
audispd-plugins.x86_64 3.0.6-1.amzn2023.0.2 @amazonlinux

If the "audispd-plugins" package is not installed, this is a finding.

Fix

Configure Amazon Linux 2023 to have the audispd-plugins package installed.

Install the audispd-plugins package with the following command:

$ sudo dnf install -y audispd-plugins
This website is not created by, run, approved, or endorsed by the U.S. Department of Defense. Use at your own risk. This website is created by open-source software.