| ALMA-09-052160 |
V1R1 |
AlmaLinux OS 9 audispd-plugins package must be installed. |
|
| ALMA-09-052270 |
V1R1 |
AlmaLinux OS 9 must label all offloaded audit logs before sending them to the central log server. |
|
| ALMA-09-052380 |
V1R1 |
AlmaLinux OS 9 must take appropriate action when the internal event queue is full. |
|
| ALMA-09-052490 |
V1R1 |
AlmaLinux OS 9 must be configured to offload audit records onto a different system from the system being audited via syslog. |
|
| ALMA-09-052600 |
V1R1 |
AlmaLinux OS 9 must authenticate the remote logging server for offloading audit logs via rsyslog. |
|
| ALMA-09-052710 |
V1R1 |
AlmaLinux OS 9 must encrypt the transfer of audit records offloaded onto a different system or media from the system being audited via rsyslog. |
|
| ALMA-09-052820 |
V1R1 |
AlmaLinux OS 9 must encrypt, via the gtls driver, the transfer of audit records offloaded onto a different system or media from the system being audited via rsyslog. |
|
| RHEL-09-652010 |
V2R2 |
RHEL 9 must have the rsyslog package installed. |
|
| RHEL-09-652055 |
V2R2 |
RHEL 9 must be configured to forward audit records via TCP to a different system or media from the system being audited via rsyslog. |
|
| SLES-12-020100 |
V3R1 |
The audit system must take appropriate action when the network cannot be used to off-load audit records. |
|
| SLES-12-020110 |
V3R1 |
Audispd must take appropriate action when the SUSE operating system audit storage is full. |
|
| SLES-12-030340 |
V3R1 |
The SUSE operating system must off-load rsyslog messages for networked systems in real time and off-load standalone systems at least weekly. |
|
| SLES-15-010580 |
V2R2 |
The SUSE operating system must off-load rsyslog messages for networked systems in real time and off-load standalone systems at least weekly. |
|
| SLES-15-030790 |
V2R2 |
The SUSE operating system must off-load audit records onto a different system or media from the system being audited. |
|
| SLES-15-030800 |
V2R2 |
Audispd must take appropriate action when the SUSE operating system audit storage is full. |
|
| UBTU-18-010007 |
V2R15 |
The Ubuntu operating system audit event multiplexor must be configured to off-load audit logs onto a different system in real time, if the system is interconnected. |
|
| UBTU-18-010008 |
V2R15 |
The Ubuntu operating system must have a crontab script running weekly to off-load audit events of standalone systems. |
|
| UBTU-20-010300 |
V2R1 |
The Ubuntu operating system must have a crontab script running weekly to offload audit events of standalone systems. |
|
| UBTU-22-651035 |
V2R2 |
Ubuntu 22.04 LTS must have a crontab script running weekly to offload audit events of standalone systems. |
|
| WN16-AU-000020 |
V2R9 |
Windows Server 2016 must, at a minimum, offload audit records of interconnected systems in real time and offload standalone or nondomain-joined systems weekly. |
|
| WN19-AU-000020 |
V3R2 |
Windows Server 2019 must, at a minimum, offload audit records of interconnected systems in real time and offload standalone or nondomain-joined systems weekly. |
|
| WN22-AU-000020 |
V2R2 |
Windows Server 2022 must, at a minimum, offload audit records of interconnected systems in real time and offload standalone or nondomain-joined systems weekly. |
|