4.1.2.9 Ensure audit logs on separate system are encrypted.

Information

The operating system must encrypt the transfer of audit records off-loaded onto a different system or media from the system being audited and encrypted the records.

Information stored in one location is vulnerable to accidental or incidental deletion or alteration.

Off-loading and encrypting is a common process in information systems with limited audit storage capacity.

Solution

Configure the operating system to encrypt the transfer of off-loaded audit records onto a different system or media from the system being audited.

Add or update the /etc/audisp/audisp-remote.conf and set it with the following line:

Example: vim /etc/audisp/audisp-remote.conf

Add, uncomment or update the following line:

enable_krb5 = yes

See Also

https://workbench.cisecurity.org/benchmarks/8415

Item Details

Category: AUDIT AND ACCOUNTABILITY

References: 800-53|AU-4(1), CAT|II, CCI|CCI-001851, CSCv7|6.2, Rule-ID|SV-204510r603261_rule, STIG-ID|RHEL-07-030310, Vuln-ID|V-204510

Plugin: Unix

Control ID: 6ac09739cbaf8d4d623d953171d1f4be8f359fa1a95574504fb51c2ab3111f66