The SUSE operating system audit event multiplexor must be configured to use Kerberos.

From SLES 12 Security Technical Implementation Guide

Associated with: CCI-001851

SV-91999r2_rule The SUSE operating system audit event multiplexor must be configured to use Kerberos.

Vulnerability discussion

Information stored in one location is vulnerable to accidental or incidental deletion or alteration.Allowing devices and users to connect to or from the system without first authenticating them allows untrusted access and can lead to a compromise or attack. Audit events may include sensitive data must be encrypted prior to transmission. Kerberos provides a mechanism to provide both authentication and encryption for audit event records.

Check content

Determine if the SUSE operating system audit event multiplexor is configured to use Kerberos by running the following command: # sudo cat /etc/audisp/audisp-remote.conf | grep enable_krb5 enable_krb5 = yes If "enable-krb5" is not set to "yes", this is a finding.

Fix text

Configure the SUSE operating system audit event multiplexor to use Kerberos by editing the "/etc/audisp/audisp-remote.conf" file. Edit or add the following line to match the text below: enable_krb5 = yes

Pro Tips

Lavender hyperlinks in small type off to the right (of CSS class id, if you view the page source) point to globally unique URIs for each document and item. Copy the link location and paste anywhere you need to talk unambiguously about these things.

You can obtain data about documents and items in other formats. Simply provide an HTTP header Accept: text/turtle or Accept: application/rdf+xml.