>From d42cbb03638de2c1e9fcbe218a6e11b81cb9d6eb Mon Sep 17 00:00:00 2001 From: Shawn Wells <[email protected]> Date: Tue, 25 Dec 2012 15:47:55 -0500 Subject: [PATCH 05/17] Mapped audit_sysadmin_actions to AC-2(7)(b) Req calls for tracking/monitoring privileged role assignments, which is done through sudoers
--- RHEL6/input/system/auditing.xml | 4 ++-- 1 files changed, 2 insertions(+), 2 deletions(-) diff --git a/RHEL6/input/system/auditing.xml b/RHEL6/input/system/auditing.xml index 1decfed..847a3cb 100644 --- a/RHEL6/input/system/auditing.xml +++ b/RHEL6/input/system/auditing.xml @@ -630,7 +630,7 @@ unexpected users, groups, or modifications should be investigated for legitimacy.</rationale> <ident cce="26664-3" /> <oval id="audit_rules_usergroup_modification" /> -<ref nist="AU-2" disa="18,1403,1404,1405,1684,1683,1685,1686"/> +<ref nist="AC-2(4),AU-2" disa="18,1403,1404,1405,1684,1683,1685,1686"/> </Rule> <Rule id="audit_network_modifications"> @@ -1256,7 +1256,7 @@ To verify that auditing is configured for system administrator actions, run the of what was executed on the system, as well as, for accountability purposes.</rationale> <ident cce="26662-7" /> <oval id="audit_rules_sysadmin_actions" /> -<ref nist="AU-2" disa="126"/> +<ref nist="AC-2(7)(b),AU-2" disa="126"/> <tested by="DS" on="20121024"/> </Rule> -- 1.7.1
_______________________________________________ scap-security-guide mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
