openstack/ansible-hardening
Code Issues Proposed changes
ansible-hardening/doc/metadata/rhel7/V-72085.rst
Major Hayden dccce1d5cc
Handle RHEL 7 STIG renumbering 
This patch gets the docs adjusted to work with the new RHEL 7 STIG
version 1 release. The new STIG release has changed all of the
numbering, but it maintains a link to (most) of the old STIG IDs in
the XML.

Closes-bug: 1676865
Change-Id: I65023fe63163c9804a3aec9dcdbf23c69bedb604
2017-04-04 07:22:12 -05:00

557 B
Raw Blame History

---id: V-72085 status: opt-in tag: auditd ---

The audispd daemon transmits audit logs without encryption by default. The STIG requires that these logs are encrypted while they are transferred across the network. The encryption is controlled by the enable_krb5 option in /etc/audisp/audisp-remote.conf.

Deployers can opt-in for encrypted audit log transmission by setting the following Ansible variable:

security_audisp_enable_krb5: yes

Warning

Only enable this setting if kerberos is already configured.