Check: SRG-OS-000341-GPOS-00132
General Purpose Operating System SRG:
SRG-OS-000341-GPOS-00132
(in versions v3 r1 through v1 r6)
Title
The operating system must allocate audit record storage capacity to store at least one week's worth of audit records, when audit records are not immediately sent to a central audit record storage facility. (Cat III impact)
Discussion
In order to ensure operating systems have a sufficient storage capacity in which to write the audit logs, operating systems need to be able to allocate audit record storage capacity. The task of allocating audit record storage capacity is usually performed during initial installation of the operating system.
Check Content
Verify the operating system allocates audit record storage capacity to store at least one week's worth of audit records, when audit records are not immediately sent to a central audit record storage facility. If it does not, this is a finding.
Fix Text
Configure the operating system to allocate audit record storage capacity to store at least one week's worth of audit records, when audit records are not immediately sent to a central audit record storage facility.
Additional Identifiers
Rule ID: SV-203700r958752_rule
Vulnerability ID: V-203700
Group Title: SRG-OS-000341
Expert Comments
CCIs
| Number | Definition |
|---|---|
| CCI-001849 |
Allocate audit log storage capacity to accommodate organization-defined audit log retention requirements. |
Controls
| Number | Title |
|---|---|
| AU-4 |
Audit Storage Capacity |