STIGhubSTIGhub
STIGsRMF ControlsCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • RMF Controls
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 5 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to Tri-Lab Operating System Stack (TOSS) 5 Security Technical Implementation Guide

V-282384

CAT II (Medium)

All TOSS 5 remote access methods must be monitored.

Rule ID

SV-282384r1200132_rule

STIG

Tri-Lab Operating System Stack (TOSS) 5 Security Technical Implementation Guide

Version

V1R1

CCIs

CCI-000067

Discussion

Logging remote access methods can be used to trace the decrease in the risks associated with remote user access management. It can also be used to spot cyberattacks and ensure ongoing compliance with organizational policies surrounding the use of remote access methods.

Check Content

Verify TOSS 5 monitors all remote access methods.

Check that remote access methods are being logged using the following command:

$ grep -rE '(auth.\*|authpriv.\*|daemon.\*)' /etc/rsyslog.conf

/etc/rsyslog.conf:authpriv.*
 
If "auth.*", "authpriv.*" or "daemon.*" are not configured to be logged, this is a finding.

Fix Text

Add or update the following lines to the "/etc/rsyslog.conf" file:

auth.*;authpriv.*;daemon.* /var/log/secure

Restart the "rsyslog" service for the changes to take effect using the following command:

$ sudo systemctl restart rsyslog.service