Detections
Analytics

CCI|CCI-001851

Title

Transfer audit logs per organization-defined frequency to a different system, system component, or media than the system or system component conducting the logging.

Reference Item Details

Category: 2024

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.15 UBTU-24-100450UnixCIS Ubuntu Linux 24.04 LTS STIG v1.0.0 CAT III
1.116 UBTU-22-651035UnixCIS Ubuntu Linux 22.04 LTS STIG v1.0.0 CAT III
1.121 UBTU-22-653020UnixCIS Ubuntu Linux 22.04 LTS STIG v1.0.0 CAT III
1.174 UBTU-24-900950UnixCIS Ubuntu Linux 24.04 LTS STIG v1.0.0 CAT III
1.212 OL08-00-030062UnixCIS Oracle Linux 8 STIG v1.0.0 CAT II
1.278 OL08-00-030690UnixCIS Oracle Linux 8 STIG v1.0.0 CAT II
1.279 OL08-00-030700UnixCIS Oracle Linux 8 STIG v1.0.0 CAT II
1.280 OL08-00-030710UnixCIS Oracle Linux 8 STIG v1.0.0 CAT II
1.281 OL08-00-030720UnixCIS Oracle Linux 8 STIG v1.0.0 CAT II
1.357 RHEL-09-652010UnixCIS Red Hat Enterprise Linux 9 STIG v1.0.0 CAT II
1.362 RHEL-09-652040UnixCIS Red Hat Enterprise Linux 9 STIG v1.0.0 CAT II
1.363 RHEL-09-652045UnixCIS Red Hat Enterprise Linux 9 STIG v1.0.0 CAT II
1.364 RHEL-09-652050UnixCIS Red Hat Enterprise Linux 9 STIG v1.0.0 CAT II
1.365 RHEL-09-652055UnixCIS Red Hat Enterprise Linux 9 STIG v1.0.0 CAT II
1.371 RHEL-09-653030UnixCIS Red Hat Enterprise Linux 9 STIG v1.0.0 CAT II
1.377 RHEL-09-653060UnixCIS Red Hat Enterprise Linux 9 STIG v1.0.0 CAT II
1.378 RHEL-09-653065UnixCIS Red Hat Enterprise Linux 9 STIG v1.0.0 CAT II
1.391 RHEL-09-653130UnixCIS Red Hat Enterprise Linux 9 STIG v1.0.0 CAT II
4.1.2.3 Ensure audit system is set to single when the disk is full.UnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
4.1.2.6 Ensure audit system action is defined for sending errorsUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
4.1.2.8 Ensure audit logs are stored on a different system.UnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
4.1.2.9 Ensure audit logs on separate system are encrypted.UnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
4.1.2.11 Ensure off-load of audit logs - directionUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
4.1.2.11 Ensure off-load of audit logs - pathUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
4.1.2.11 Ensure off-load of audit logs - typeUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
4.1.2.12 Ensure action is taken when audisp-remote buffer is fullUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
4.1.2.13 Ensure off-loaded audit logs are labeled.UnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
AIX7-00-002017 - AIX must be configured so that the audit system takes appropriate action when the audit storage volume is full.UnixDISA STIG AIX 7.x v3r1
AIX7-00-002131 - AIX must implement a remote syslog server that is documented using site-defined procedures.UnixDISA STIG AIX 7.x v3r1
ALMA-09-052160 - AlmaLinux OS 9 audispd-plugins package must be installed.UnixDISA CloudLinux AlmaLinux OS 9 STIG v1r2
ALMA-09-052270 - AlmaLinux OS 9 must label all offloaded audit logs before sending them to the central log server.UnixDISA CloudLinux AlmaLinux OS 9 STIG v1r2
ALMA-09-052380 - AlmaLinux OS 9 must take appropriate action when the internal event queue is full.UnixDISA CloudLinux AlmaLinux OS 9 STIG v1r2
ALMA-09-052490 - AlmaLinux OS 9 must be configured to offload audit records onto a different system from the system being audited via syslog.UnixDISA CloudLinux AlmaLinux OS 9 STIG v1r2
ALMA-09-052600 - AlmaLinux OS 9 must authenticate the remote logging server for offloading audit logs via rsyslog.UnixDISA CloudLinux AlmaLinux OS 9 STIG v1r2
ALMA-09-052710 - AlmaLinux OS 9 must encrypt the transfer of audit records offloaded onto a different system or media from the system being audited via rsyslog.UnixDISA CloudLinux AlmaLinux OS 9 STIG v1r2
ALMA-09-052820 - AlmaLinux OS 9 must encrypt, via the gtls driver, the transfer of audit records offloaded onto a different system or media from the system being audited via rsyslog.UnixDISA CloudLinux AlmaLinux OS 9 STIG v1r2
ALMA-09-052930 - AlmaLinux OS 9 must have the rsyslog package installed.UnixDISA CloudLinux AlmaLinux OS 9 STIG v1r2
ALMA-09-053040 - AlmaLinux OS 9 must be configured to forward audit records via TCP to a different system or media from the system being audited via rsyslog.UnixDISA CloudLinux AlmaLinux OS 9 STIG v1r2
ALMA-09-053150 - The rsyslog service on AlmaLinux OS 9 must be active.UnixDISA CloudLinux AlmaLinux OS 9 STIG v1r2
AMLS-NM-000400 - The Arista Multilayer Switch must, at a minimum, off-load audit records for interconnected systems in real time - logging hostAristaDISA STIG Arista MLS DCS-7000 Series NDM v1r4
AMLS-NM-000400 - The Arista Multilayer Switch must, at a minimum, off-load audit records for interconnected systems in real time - trap loggingAristaDISA STIG Arista MLS DCS-7000 Series NDM v1r4
ARST-ND-000850 - The Arista network Arista device must be configured to send log data to a central log server for the purpose of forwarding alerts to the administrators and the ISSO.AristaDISA STIG Arista MLS EOS 4.x NDM v2r2
ARST-ND-000850 - The Arista network Arista device must be configured to send log data to a central log server for the purpose of forwarding alerts to the administrators and the ISSO.AristaDISA STIG Arista MLS EOS 4.2x NDM v2r1
AS24-U1-000720 - The Apache web server must not impede the ability to write specified log record content to an audit log server.UnixDISA STIG Apache Server 2.4 Unix Server v3r2 Middleware
AS24-U1-000720 - The Apache web server must not impede the ability to write specified log record content to an audit log server.UnixDISA STIG Apache Server 2.4 Unix Server v3r2
AS24-U1-000730 - The Apache web server must be configured to integrate with an organizations security infrastructure.UnixDISA STIG Apache Server 2.4 Unix Server v3r2
AS24-U1-000730 - The Apache web server must be configured to integrate with an organizations security infrastructure.UnixDISA STIG Apache Server 2.4 Unix Server v3r2 Middleware
AS24-W1-000720 - The Apache web server must not impede the ability to write specified log record content to an audit log server.WindowsDISA STIG Apache Server 2.4 Windows Server v3r3
AS24-W1-000720 - The Apache web server must not impede the ability to write specified log record content to an audit log server.WindowsDISA STIG Apache Server 2.4 Windows Server v2r3
AS24-W1-000730 - The Apache web server must be configurable to integrate with an organizations security infrastructure.WindowsDISA STIG Apache Server 2.4 Windows Server v3r3