CCI-001312 requires generation of error messages providing information necessary for corrective actions without revealing org-defined sensitive information in error logs. The audit system and rsyslog can be tuned to meet this requirement.
Signed-off-by: Willy Santos <[email protected]> --- rhel6/src/input/system/auditing.xml | 2 +- rhel6/src/input/system/logging.xml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/rhel6/src/input/system/auditing.xml b/rhel6/src/input/system/auditing.xml index 3b46776..67245c9 100644 --- a/rhel6/src/input/system/auditing.xml +++ b/rhel6/src/input/system/auditing.xml @@ -70,7 +70,7 @@ actions will be taken if other obstacles exist. </rationale> <ident cce="4292-9" /> <oval id="service_auditd_enabled" /> -<ref nist="CM-6, CM-7" disa="169,172,174,1353,1462,1487,1115,1454,154,067,158,831,1123,1190" /> +<ref nist="CM-6, CM-7" disa="169,172,174,1353,1462,1487,1115,1454,154,067,158,831,1123,1190,1312" /> </Rule> <Rule id="enable_auditd_bootloader"> diff --git a/rhel6/src/input/system/logging.xml b/rhel6/src/input/system/logging.xml index a8284cd..d6a8db5 100644 --- a/rhel6/src/input/system/logging.xml +++ b/rhel6/src/input/system/logging.xml @@ -47,7 +47,7 @@ logging services, which are essential to system administration. </rationale> <ident cce="17698-2" /> <oval id="service_rsyslog_enabled" /> -<ref nist="AU-12, CM-6" disa="1557" /> +<ref nist="AU-12, CM-6" disa="1557,1312" /> </Rule> -- 1.7.7.6 _______________________________________________ scap-security-guide mailing list [email protected] https://fedorahosted.org/mailman/listinfo/scap-security-guide
