Why OSCAP rule xccdf_org.ssgproject.content_rule_audit_rules_login_events fails even after applying the remediation
Issue
-
OSCAP rule xccdf_org.ssgproject.content_rule_audit_rules_login_events fails even though audit rules are configured
# auditctl -l -k logins -w /var/log/tallylog -p wa -k logins -w /var/run/faillock -p wa -k logins -w /var/log/lastlog -p wa -k logins
# oscap xccdf eval --fetch-remote-resources --profile xccdf_org.ssgproject.content_profile_pci-dss --rule xccdf_org.ssgproject.content_rule_audit_rules_login_events /usr/share/xml/scap/ssg/content/ssg-rhel7-ds.xml Downloading: https://www.redhat.com/security/data/oval/com.redhat.rhsa-RHEL7.xml.bz2 ... ok Title Record Attempts to Alter Logon and Logout Events Rule xccdf_org.ssgproject.content_rule_audit_rules_login_events Ident CCE-27204-7 Result fail
Environment
- Red Hat Enterprise Linux 7.6
- scap-security-guide-0.1.40-12.el7.noarch
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.