9e66cde47c
This patch documents some alternatives for RHEL-07-030310 since automating the STIG requirement is challenging. Implements: blueprint security-rhel7-stig Change-Id: I28e9e4c25a98c26ef388bf0f62b9fbe58adbf96b
679 B
679 B
---id: RHEL-07-030310 status: exception - manual intervention tag: auditd ---
This STIG is difficult to implement in an automated way because the number of applications on a system with setuid/setgid permissions changes over time. In addition, adding audit rules for some of these automatically could cause a significant increase in logging traffic when these applications are used regularly.
Deployers are urged to do the following instead:
- Minimize the amount of applications with setuid/setgid privileges
- Monitor any new applications that gain setuid/setgid privileges
- Add risky applications with setuid/setgid privileges to auditd for detailed syscall monitoring