The audit-audispd-plugins must be installed on the SUSE operating system.

STIG ID: SLES-15-030670  |  SRG: SRG-OS-000342-GPOS-00133 |  Severity: medium |  CCI: CCI-001851 |  Vulnerability Id: V-234966 | 

Vulnerability Discussion

The audit-audispd-plugins must be installed on the SUSE operating system.

Check

Verify that the "audit-audispd-plugins" package is installed on the SUSE operating system.

Check that the "audit-audispd-plugins" package is installed on the SUSE operating system with the following command:

> zypper info audit-audispd-plugins | grep Installed

If the "audit-audispd-plugins" package is not installed, this is a finding.

Verify the "au-remote" plugin is enabled with the following command:

> sudo grep -i active /etc/audisp/plugins.d/au-remote.conf
active = yes

If "active" is missing, commented out, or is not set to "yes", this is a finding.

Fix

Install the "audit-audispd-plugins" package on the SUSE operating system by running the following command:

> sudo zypper install audit-audispd-plugins

In "/etc/audisp/plugins.d/au-remote.conf", change the value of "active" to "yes", or add "active = yes" if no such setting exists in the file.
This website is not created by, run, approved, or endorsed by the U.S. Department of Defense. Use at your own risk. This website is created by open-source software.