Check: SRG-OS-000341-GPOS-00132
General Purpose Operating System SRG:
SRG-OS-000341-GPOS-00132
(in versions v2 r7 through v1 r4)
Title
The operating system must allocate audit record storage capacity to store at least one week's worth of audit records, when audit records are not immediately sent to a central audit record storage facility. (Cat III impact)
Discussion
In order to ensure operating systems have a sufficient storage capacity in which to write the audit logs, operating systems need to be able to allocate audit record storage capacity. The task of allocating audit record storage capacity is usually performed during initial installation of the operating system.
Check Content
Verify the operating system allocates audit record storage capacity to store at least one week's worth of audit records, when audit records are not immediately sent to a central audit record storage facility. If it does not, this is a finding.
Fix Text
Configure the operating system to allocate audit record storage capacity to store at least one week's worth of audit records, when audit records are not immediately sent to a central audit record storage facility.
Additional Identifiers
Rule ID: SV-203700r877391_rule
Vulnerability ID: V-203700
Group Title: SRG-OS-000341
Expert Comments
CCIs
| Number | Definition |
|---|---|
| CCI-001849 |
The organization allocates audit record storage capacity in accordance with organization-defined audit record storage requirements. |
Controls
| Number | Title |
|---|---|
| AU-4 |
Audit Storage Capacity |