STIGhubSTIGhub
STIGsRMF ControlsCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • RMF Controls
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 4 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide

V-269517

CAT III (Low)

AlmaLinux OS 9 must be configured to forward audit records via TCP to a different system or media from the system being audited via rsyslog.

Rule ID

SV-269517r1050400_rule

STIG

Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide

Version

V1R6

CCIs

CCI-001851

Discussion

Information stored in one location is vulnerable to accidental or incidental deletion or alteration. Off-loading is a common process in information systems with limited audit storage capacity.

Check Content

Verify that AlmaLinux OS 9 audit system offloads audit records onto a different system or media from the system being audited via rsyslog using TCP with the following command:

$ grep @@ /etc/rsyslog.conf /etc/rsyslog.d/*.conf

/etc/rsyslog.d/stig.conf:*.* @@loghost.example.com"

If a remote server is not configured, or the line is commented out, ask the system administrator (SA) to indicate how the audit logs are offloaded to a different system or media. 

If there is no evidence that the audit logs are being offloaded to another system or media, this is a finding.

Fix Text

Configure AlmaLinux OS 9 to offload audit records onto a different system or media from the system being audited via TCP using rsyslog by specifying the remote logging server in "/etc/rsyslog.conf"" or "/etc/rsyslog.d/[customfile].conf" with the name or IP address of the log aggregation server.

*.* @@[server]:[port]"