SRG-OS-000342-GPOS-00133 Controls

STIG ID Version Title Product
SLES-12-020070 V2R11 The audit-audispd-plugins must be installed on the SUSE operating system.
SLES-12-020080 V2R11 The SUSE operating system audit event multiplexor must be configured to use Kerberos.
SLES-12-020090 V2R11 Audispd must off-load audit records onto a different system or media from the SUSE operating system being audited.
RHEL-08-030062 V1R3 RHEL 8 must label all off-loaded audit logs before sending them to the central log server.
RHEL-08-030690 V1R3 The RHEL 8 audit records must be off-loaded onto a different system or storage media from the system being audited.
RHEL-08-030700 V1R3 RHEL 8 must take appropriate action when the internal event queue is full.
RHEL-08-030710 V1R3 RHEL 8 must encrypt the transfer of audit records off-loaded onto a different system or media from the system being audited.
RHEL-08-030720 V1R3 RHEL 8 must authenticate the remote logging server for off-loading audit logs.
UBTU-20-010216 V1R12 The Ubuntu operating system audit event multiplexor must be configured to off-load audit logs onto a different system or storage media from the system being audited.
SLES-15-030670 V1R12 The audit-audispd-plugins must be installed on the SUSE operating system.
SLES-15-030680 V1R12 The SUSE operating system audit event multiplexor must be configured to use Kerberos.
SLES-15-030690 V1R12 Audispd must off-load audit records onto a different system or media from the SUSE operating system being audited.
WN19-AU-000010 V3R2 Windows Server 2019 audit records must be backed up to a different system or media than the system being audited.
UBTU-22-653020 V2R2 Ubuntu 22.04 LTS audit event multiplexor must be configured to offload audit logs onto a different system from the system being audited.
WN16-AU-000010 V2R7 Audit records must be backed up to a different system or media than the system being audited.
WN22-AU-000010 V1R4 Windows Server 2022 audit records must be backed up to a different system or media than the system being audited.
RHEL-07-030201 V3R6 The Red Hat Enterprise Linux operating system must be configured to off-load audit logs onto a different system or storage media from the system being audited.
RHEL-07-030210 V3R6 The Red Hat Enterprise Linux operating system must take appropriate action when the remote logging buffer is full.
RHEL-07-030211 V3R6 The Red Hat Enterprise Linux operating system must label all off-loaded audit logs before sending them to the central log server.
RHEL-07-030300 V3R6 The Red Hat Enterprise Linux operating system must off-load audit records onto a different system or media from the system being audited.
RHEL-07-030310 V3R6 The Red Hat Enterprise Linux operating system must encrypt the transfer of audit records off-loaded onto a different system or media from the system being audited.
RHEL-07-030320 V3R6 The Red Hat Enterprise Linux operating system must be configured so that the audit system takes appropriate action when the audit storage volume is full.
RHEL-07-030321 V3R6 The Red Hat Enterprise Linux operating system must be configured so that the audit system takes appropriate action when there is an error sending audit records to a remote system.
RHEL-09-652035 V1R3 RHEL 9 must be configured to offload audit records onto a different system from the system being audited via syslog.
RHEL-09-652040 V1R3 RHEL 9 must authenticate the remote logging server for offloading audit logs via rsyslog.
RHEL-09-652045 V1R3 RHEL 9 must encrypt the transfer of audit records offloaded onto a different system or media from the system being audited via rsyslog.
RHEL-09-652050 V1R3 RHEL 9 must encrypt via the gtls driver the transfer of audit records offloaded onto a different system or media from the system being audited via rsyslog.
RHEL-09-653065 V1R3 RHEL 9 must take appropriate action when the internal event queue is full.
RHEL-09-653130 V1R3 RHEL 9 audispd-plugins package must be installed.
OL08-00-030062 V1R3 OL 8 must label all offloaded audit logs before sending them to the central log server.
OL08-00-030690 V1R3 The OL 8 audit records must be offloaded onto a different system or storage media from the system being audited.
OL08-00-030700 V1R3 OL 8 must take appropriate action when the internal event queue is full.
OL08-00-030710 V1R3 OL 8 must encrypt the transfer of audit records offloaded onto a different system or media from the system being audited.
OL08-00-030720 V1R3 OL 8 must authenticate the remote logging server for offloading audit logs.
UBTU-18-010025 V2R11 The Ubuntu operating system audit event multiplexor must be configured to off-load audit logs onto a different system or storage media from the system being audited.
OL07-00-030201 V2R11 The Oracle Linux operating system must be configured to off-load audit logs onto a different system or storage media from the system being audited.
OL07-00-030210 V2R11 The Oracle Linux operating system must take appropriate action when the remote logging buffer is full.
OL07-00-030211 V2R11 The Oracle Linux operating system must label all off-loaded audit logs before sending them to the central log server.
OL07-00-030300 V2R11 The Oracle Linux operating system must off-load audit records onto a different system or media from the system being audited.
OL07-00-030310 V2R11 The Oracle Linux operating system must encrypt the transfer of audit records off-loaded onto a different system or media from the system being audited.
OL07-00-030320 V2R11 The Oracle Linux operating system must be configured so that the audit system takes appropriate action when the audit storage volume is full.
OL07-00-030321 V2R11 The Oracle Linux operating system must be configured so that the audit system takes appropriate action when there is an error sending audit records to a remote system.