4e8bf6705f
- Removing extra space _ Fixing some typos Change-Id: Ib4f86c7a29074ce0150a3cd55478ed94f2d62c43
22 lines
564 B
ReStructuredText
22 lines
564 B
ReStructuredText
---
|
|
id: RHEL-07-030331
|
|
status: opt-in
|
|
tag: auditd
|
|
---
|
|
|
|
The ``audispd`` daemon transmits audit logs without encryption by default. The
|
|
STIG requires that these logs are encrypted while they are transferred across
|
|
the network. The encryption is controlled by the ``enable_krb5`` option in
|
|
``/etc/audisp/audisp-remote.conf``.
|
|
|
|
Deployers can opt-in for encrypted audit log transmission by setting the
|
|
following Ansible variable:
|
|
|
|
.. code-block:: yaml
|
|
|
|
security_audisp_enable_krb5: yes
|
|
|
|
.. warning::
|
|
|
|
Only enable this setting if kerberos is already configured.
|