RHEL 9 must have the packages required for encrypting offloaded audit logs installed.

STIG ID: RHEL-09-652015  |  SRG: SRG-OS-000480-GPOS-00227 |  Severity: medium |  CCI: CCI-000366,CCI-000803 |  Vulnerability Id: V-258141

Vulnerability Discussion

The rsyslog-gnutls package provides Transport Layer Security (TLS) support for the rsyslog daemon, which enables secure remote logging.

Satisfies: SRG-OS-000480-GPOS-00227, SRG-OS-000120-GPOS-00061

Check

Verify that RHEL 9 has the rsyslog-gnutls package installed with the following command:

$ sudo dnf list --installed rsyslog-gnutls

Example output:

rsyslog-gnutls.x86_64 8.2102.0-101.el9_0.1

If the "rsyslog-gnutls" package is not installed, this is a finding.

Fix

The rsyslog-gnutls package can be installed with the following command:

$ sudo dnf install rsyslog-gnutls