=====Secure Server Build=====

====Logging and Auditing====
===13.2.1 Syslog===
Syslog should be enabled by default.  Appropriate logging levels should be set in /etc/syslog.conf. Permissions should be set such that “group” and “world” have no access at all to the syslog file. All relevant files should be owned by root, or by a secure admin group that is predefined in /etc/group. 
Communicate with the UNIX operations group to ensure that the hardened server’s syslog files are incorporated into its centralized server logging system. 

===13.2.2 System Auditing and Accounting===
copy the following files

  # cp /usr/share/doc/audit-version /stig.rules /etc/audit/audit.rules

then edit it to reflect requirements from document. Leave buffers as per stig file but comment out failure mode