An error occurred:

Check: UBTU-18-010008

Canonical Ubuntu 18.04 LTS STIG: UBTU-18-010008 (in versions v2 r15 through v2 r9)

Title

The Ubuntu operating system must have a crontab script running weekly to off-load audit events of standalone systems. (Cat III impact)

Discussion

Information stored in one location is vulnerable to accidental or incidental deletion or alteration. Off-loading is a common process in information systems with limited audit storage capacity.

Check Content

Verify there is a script which off-loads audit data and if that script runs weekly. Check if there is a script in the /etc/cron.weekly directory which off-loads audit data: # sudo ls /etc/cron.weekly audit-offload Check if the script inside the file does offloading of audit logs to an external media. If the script file does not exist or if the script file doesn't offload audit logs, this is a finding.

Fix Text

Create a script which off-loads audit logs to external media and runs weekly. Script must be located into the /etc/cron.weekly directory.

Additional Identifiers

Rule ID: SV-219154r959008_rule

Vulnerability ID: V-219154

Group Title: SRG-OS-000479-GPOS-00224

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
CCI-001851

Transfer audit logs per organization-defined frequency to a different system, system component, or media than the system or system component conducting the logging.

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
AU-4(1)

Transfer to Alternate Storage