CCI-000139 requires the OS to alert designated organization officials in event of audit processing failure. The configure_auditd_action_mail_acct rule addresses this requirement.
Signed-off-by: Willy Santos <[email protected]> --- rhel6/src/input/system/auditing.xml | 1 + 1 files changed, 1 insertions(+), 0 deletions(-) diff --git a/rhel6/src/input/system/auditing.xml b/rhel6/src/input/system/auditing.xml index 7668357..cd28e85 100644 --- a/rhel6/src/input/system/auditing.xml +++ b/rhel6/src/input/system/auditing.xml @@ -309,6 +309,7 @@ via email for those situations: <rationale>Email sent to the root account is typically aliased to the administrators of the system, who can take appropriate action.</rationale> <oval id="auditd_data_retention_action_mail_acct" value="var_auditd_action_mail_acct" /> +<ref disa="139" /> </Rule> </Group> -- 1.7.7.6 _______________________________________________ scap-security-guide mailing list [email protected] https://fedorahosted.org/mailman/listinfo/scap-security-guide
