RHEL 10 must have the packages required for encrypting off-loaded audit logs installed.

STIG ID: RHEL-10-200650  |  SRG: SRG-OS-000120-GPOS-00061 |  Severity: medium (CAT II)  |  CCI: CCI-000803 |  Vulnerability Id: V-280992

Vulnerability Discussion

The "rsyslog-gnutls" package provides Transport Layer Security (TLS) support for the rsyslog daemon, which enables secure remote logging.

Check

Verify RHEL 10 has the "rsyslog-gnutls" package installed with the following command:

$ sudo dnf list --installed rsyslog-gnutls
Installed Packages
rsyslog-gnutls.x86_64 8.2412.0-1.el10 @AppStream

If the "rsyslog-gnutls" package is not installed, this is a finding.

Fix

Configure RHEL 10 to have the "rsyslog-gnutls" package installed with the following command:

$ sudo dnf -y install rsyslog-gnutls
This website is not created by, run, approved, or endorsed by the U.S. Department of Defense. Use at your own risk. This website is created by open-source software.