Configuring Audit Settings for STIG Compliance on Red Hat

Hands-On Lab

 

Photo of Bob Salmans

Bob Salmans

Security Training Architect I in Content

Length

00:30:00

Difficulty

Intermediate

The Red Hat Linux audit service comes with precompiled rule sets for various compliance requirements. In this lab, we will configure a Red Hat host's audit rules to include the STIG (Security Technical Implementation Guide) compliance rule set. This will allow us to identify any points at which we are not compliant with STIG requirements.

What are Hands-On Labs?

Hands-On Labs are scenario-based learning environments where learners can practice without consequences. Don't compromise a system or waste money on expensive downloads. Practice real-world skills without the real-world risk, no assembly required.

Configuring Audit Settings for STIG Compliance on Red Hat

Introduction

The Red Hat Linux audit service comes with precompiled rule sets for various compliance requirements. In this lab, we will configure a Red Hat host's audit rules to include the STIG (Security Technical Implementation Guide) compliance rule set. This will allow us to identify any points at which we are not compliant with STIG requirements.

Solution

  1. Begin by logging in to the lab server using the credentials provided on the hands-on lab page:

    ssh cloud_user@PUBLIC_IP_ADDRESS
  2. Become the root user:

    sudo su

Implement the Red Hat included STIG audit rules

  1. Make a backup of the current audit rules using the following command:

    cp /etc/audit/rules.d/audit.rules /etc/audit/rules.d/audit.rules_backup
  2. Copy the STIG audit rules into the audit.rules file with the following command:

    cd /usr/share/doc/audit-2.8.1/rules
    cat 30-stig.rules 99-finalize.rules >> /etc/audit/rules.d/audit.rules

Restart the auditd service

  1. To restart the auditd service, use the following command:

    service auditd restart  
  2. Run the following command to verify the status is active (running):

    service auditd status

Conclusion

Congratulations — you've completed this hands-on lab!