Title

The ALG that is part of a CDS must have the capability to implement journaling. (Cat II impact)

Discussion

A journaling file system is a file system that keeps track of the changes that will be made in a journal (usually a circular log in a dedicated area of the file system) before committing them to the main file system. In the event of a system crash or power failure, such file systems are quicker to bring back online and less likely to become corrupted. The internal format of the journal must guard against crashes while the journal itself is being written to. Many journal implementations (such as the JBD2 layer in ext4) bracket every change logged with a checksum, on the understanding that a crash would leave a partially written change with a missing (or mismatched) checksum that can simply be ignored when replaying the journal at next remount.

Check Content

If the ALG is not used as part of a CDS, this is not applicable. Verify the ALG has the capability to implement journaling. If the ALG does not have the capability to implement journaling, this is a finding.

Fix Text

If the ALG is part of a CDS, configure the ALG to provide the capability to implement journaling.

Additional Identifiers

Rule ID: SV-68681r1_rule

Vulnerability ID: V-54435

Group Title: SRG-NET-000511-ALG-000052

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.