| ALMA-09-052930 |
V1R1 |
AlmaLinux OS 9 must have the rsyslog package installed. |
|
| ALMA-09-053040 |
V1R1 |
AlmaLinux OS 9 must be configured to forward audit records via TCP to a different system or media from the system being audited via rsyslog. |
|
| ALMA-09-053150 |
V1R1 |
The rsyslog service on AlmaLinux OS 9 must be active. |
|
| OL07-00-030201 |
V3R1 |
The Oracle Linux operating system must be configured to off-load audit logs onto a different system or storage media from the system being audited. |
|
| OL07-00-030210 |
V3R1 |
The Oracle Linux operating system must take appropriate action when the remote logging buffer is full. |
|
| OL07-00-030211 |
V3R1 |
The Oracle Linux operating system must label all off-loaded audit logs before sending them to the central log server. |
|
| OL07-00-030300 |
V3R1 |
The Oracle Linux operating system must off-load audit records onto a different system or media from the system being audited. |
|
| OL07-00-030310 |
V3R1 |
The Oracle Linux operating system must encrypt the transfer of audit records off-loaded onto a different system or media from the system being audited. |
|
| OL07-00-030320 |
V3R1 |
The Oracle Linux operating system must be configured so that the audit system takes appropriate action when the audit storage volume is full. |
|
| OL07-00-030321 |
V3R1 |
The Oracle Linux operating system must be configured so that the audit system takes appropriate action when there is an error sending audit records to a remote system. |
|
| OL08-00-030062 |
V2R2 |
OL 8 must label all offloaded audit logs before sending them to the central log server. |
|
| OL08-00-030690 |
V2R2 |
The OL 8 audit records must be offloaded onto a different system or storage media from the system being audited. |
|
| OL08-00-030700 |
V2R2 |
OL 8 must take appropriate action when the internal event queue is full. |
|
| OL08-00-030710 |
V2R2 |
OL 8 must encrypt the transfer of audit records offloaded onto a different system or media from the system being audited. |
|
| OL08-00-030720 |
V2R2 |
OL 8 must authenticate the remote logging server for offloading audit logs. |
|
| RHEL-07-030201 |
V3R9 |
The Red Hat Enterprise Linux operating system must be configured to off-load audit logs onto a different system or storage media from the system being audited. |
|
| RHEL-07-030210 |
V3R9 |
The Red Hat Enterprise Linux operating system must take appropriate action when the remote logging buffer is full. |
|
| RHEL-07-030211 |
V3R9 |
The Red Hat Enterprise Linux operating system must label all off-loaded audit logs before sending them to the central log server. |
|
| RHEL-07-030300 |
V3R9 |
The Red Hat Enterprise Linux operating system must off-load audit records onto a different system or media from the system being audited. |
|
| RHEL-07-030310 |
V3R9 |
The Red Hat Enterprise Linux operating system must encrypt the transfer of audit records off-loaded onto a different system or media from the system being audited. |
|
| RHEL-07-030320 |
V3R9 |
The Red Hat Enterprise Linux operating system must be configured so that the audit system takes appropriate action when the audit storage volume is full. |
|
| RHEL-07-030321 |
V3R9 |
The Red Hat Enterprise Linux operating system must be configured so that the audit system takes appropriate action when there is an error sending audit records to a remote system. |
|
| RHEL-08-030062 |
V2R1 |
RHEL 8 must label all off-loaded audit logs before sending them to the central log server. |
|
| RHEL-08-030690 |
V2R1 |
The RHEL 8 audit records must be off-loaded onto a different system or storage media from the system being audited. |
|
| RHEL-08-030700 |
V2R1 |
RHEL 8 must take appropriate action when the internal event queue is full. |
|
| RHEL-08-030710 |
V2R1 |
RHEL 8 must encrypt the transfer of audit records off-loaded onto a different system or media from the system being audited. |
|
| RHEL-08-030720 |
V2R1 |
RHEL 8 must authenticate the remote logging server for off-loading audit logs. |
|
| RHEL-09-652035 |
V2R2 |
RHEL 9 must be configured to offload audit records onto a different system from the system being audited via syslog. |
|
| RHEL-09-652040 |
V2R2 |
RHEL 9 must authenticate the remote logging server for offloading audit logs via rsyslog. |
|
| RHEL-09-652045 |
V2R2 |
RHEL 9 must encrypt the transfer of audit records offloaded onto a different system or media from the system being audited via rsyslog. |
|
| RHEL-09-652050 |
V2R2 |
RHEL 9 must encrypt via the gtls driver the transfer of audit records offloaded onto a different system or media from the system being audited via rsyslog. |
|
| RHEL-09-653065 |
V2R2 |
RHEL 9 must take appropriate action when the internal event queue is full. |
|
| RHEL-09-653130 |
V2R2 |
RHEL 9 audispd-plugins package must be installed. |
|
| SLES-12-020070 |
V3R1 |
The audit-audispd-plugins must be installed on the SUSE operating system. |
|
| SLES-12-020080 |
V3R1 |
The SUSE operating system audit event multiplexor must be configured to use Kerberos. |
|
| SLES-12-020090 |
V3R1 |
Audispd must off-load audit records onto a different system or media from the SUSE operating system being audited. |
|
| SLES-15-030670 |
V2R2 |
The audit-audispd-plugins must be installed on the SUSE operating system. |
|
| SLES-15-030680 |
V2R2 |
The SUSE operating system audit event multiplexor must be configured to use Kerberos. |
|
| SLES-15-030690 |
V2R2 |
Audispd must off-load audit records onto a different system or media from the SUSE operating system being audited. |
|
| UBTU-18-010025 |
V2R15 |
The Ubuntu operating system audit event multiplexor must be configured to off-load audit logs onto a different system or storage media from the system being audited. |
|
| UBTU-20-010216 |
V2R1 |
The Ubuntu operating system audit event multiplexor must be configured to off-load audit logs onto a different system or storage media from the system being audited. |
|
| UBTU-22-653020 |
V2R2 |
Ubuntu 22.04 LTS audit event multiplexor must be configured to offload audit logs onto a different system from the system being audited. |
|
| WN16-AU-000010 |
V2R9 |
Audit records must be backed up to a different system or media than the system being audited. |
|
| WN19-AU-000010 |
V3R2 |
Windows Server 2019 audit records must be backed up to a different system or media than the system being audited. |
|
| WN22-AU-000010 |
V2R2 |
Windows Server 2022 audit records must be backed up to a different system or media than the system being audited. |
|