(QF) 10802 / The following audit checks in the CIS Red Hat Enterprise Linux 6.x Benchmark v1.4.0 standard failed inappropriately even when all the rules in the auditctl file were set as per the suggested check remediation.
search cancel

(QF) 10802 / The following audit checks in the CIS Red Hat Enterprise Linux 6.x Benchmark v1.4.0 standard failed inappropriately even when all the rules in the auditctl file were set as per the suggested check remediation.

book

Article ID: 165083

calendar_today

Updated On:

Products

Control Compliance Suite Windows

Issue/Introduction

The following audit checks in the CIS Red Hat Enterprise Linux 6.x Benchmark v1.4.0 standard failed inappropriately even when all the rules in the auditctl file were set as per the suggested check remediation.

  • 5.2.10: Are any events recorded which modify Discretionary Access Control Permissions?
  • 5.2.11: Are any events recorded which modify Unsuccessful Unauthorized Access Attempts to files?
  • 5.2.14: Are File Deletion Events by user recorded?

Environment

CCS 11.5 with SCU 2016-3

Resolution

Apply the Quick Fix (QF) 10802 to resolve this issue. Now, the code is modified to correctly identify the format of auditctl when it contains the LIST_RULES control rule definition.

Prerequisite: Before you apply the Quick Fix 10802, make sure that you have installed Symantec Control Compliance Suite 11.5 with SCU 2016-3.

Download the attached ZIP file and extract the Readme file. This file contains the full instructions on how to apply this fix.

File/Directory name  /  Version
Symantec.CSM.UnixPlatformContent.RHELv1.0.5.dll    11.10.10802.1102

Attachments

CCS_v11.5_SCU_10802_4051891_QF.zip get_app
Powered by Wolken Software