Detections
Analytics
RHEL-10-500015 - RHEL 10 must write audit records to disk.
Information
Audit data must be synchronously written to disk to ensure log integrity. This setting ensures that all audit event data is written to disk.Solution
Configure the RHEL 10 audit system to write log files to the disk.Edit the "/etc/audit/auditd.conf" file and add or update the "write_logs" option to "yes":
write_logs = yes
Restart the audit daemon with the following command for changes to take effect:
$ sudo service auditd restart
See Also
https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_RHEL_10_V1R1_STIG.zip
Item Details
Audit Name: DISA Red Hat Enterprise Linux 10 STIG v1r1
Category: AUDIT AND ACCOUNTABILITY
References: 800-53|AU-9, CAT|II, CCI|CCI-000163, Rule-ID|SV-281099r1165652_rule, STIG-ID|RHEL-10-500015, Vuln-ID|V-281099
Plugin: Unix
Control ID: a4098c5759e8e162bf792f0958831346fbc2a993e249076adc75136926f53183