Detections
Analytics
RHEL-10-200647 - RHEL 10 must monitor all remote access methods.
Information
Logging remote access methods can be used to trace the decrease in the risks associated with remote user access management. It can also be used to spot cyberattacks and ensure ongoing compliance with organizational policies surrounding the use of remote access methods.Solution
Configure RHEL 10 to monitor all remote access methods.Add or update the following lines to the "/etc/rsyslog.conf" file or a file in "/etc/rsyslog.d":
auth.*;authpriv.*;daemon.* /var/log/secure
Restart the "rsyslog" service with the following command for the changes to take effect:
$ sudo systemctl restart rsyslog.service
See Also
https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_RHEL_10_V1R1_STIG.zip
Item Details
Audit Name: DISA Red Hat Enterprise Linux 10 STIG v1r1
Category: ACCESS CONTROL
References: 800-53|AC-17(1), CAT|II, CCI|CCI-000067, Rule-ID|SV-280990r1165325_rule, STIG-ID|RHEL-10-200647, Vuln-ID|V-280990
Plugin: Unix
Control ID: 22f44270aff6b3f9e57bbb32acbd97b3a985627b39a80127d644ef7a2c3ae65a