4.1.2.9 Ensure audit logs on separate system are encrypted.

Information

The operating system must encrypt the transfer of audit records off-loaded onto a different system or media from the system being audited and encrypted the records.

Rationale:

Information stored in one location is vulnerable to accidental or incidental deletion or alteration.

Off-loading and encrypting is a common process in information systems with limited audit storage capacity.

Solution

Configure the operating system to encrypt the transfer of off-loaded audit records onto a different system or media from the system being audited.
Add or update the /etc/audisp/audisp-remote.conf and set it with the following line:
Example: vim /etc/audisp/audisp-remote.conf
Add, uncomment or update the following line:

enable_krb5 = yes

See Also

https://workbench.cisecurity.org/files/3636

Item Details

Category: AUDIT AND ACCOUNTABILITY

References: 800-53|AU-4(1), CCI|CCI-001851, CSCv7|6.2, Rule-ID|SV-204510r603261_rule, STIG-ID|RHEL-07-030310

Plugin: Unix

Control ID: 267914b7001c47573ef8c0143c4647b190d53ce5ffe0c742007ab95a447d78fe