STIGhubSTIGhub
STIGsSearchCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 7 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to SUSE Linux Enterprise Server 15 Security Technical Implementation Guide

V-234968

CAT III (Low)

Audispd must off-load audit records onto a different system or media from the SUSE operating system being audited.

Rule ID

SV-234968r1009570_rule

STIG

SUSE Linux Enterprise Server 15 Security Technical Implementation Guide

Version

V2R7

CCIs

None

Discussion

Information stored in one location is vulnerable to accidental or incidental deletion or alteration. Off-loading is a common process in information systems with limited audit storage capacity.

Check Content

Verify "audispd" off-loads audit records onto a different system or media from the SUSE operating system being audited.

Check if "audispd" is configured to off-load audit records onto a different system or media from the SUSE operating system by running the following command:

> sudo grep remote_server /etc/audit/audisp-remote.conf
remote_server = 192.168.1.101

If "remote_server" is not set to an external server or media, or is commented out, this is a finding.

Fix Text

Configure the SUSE operating system "/etc/audit/audisp-remote.conf" file to off-load audit records onto a different system or media by adding or editing the following line with the correct IP address:

remote_server = [IP ADDRESS]