Check: GEN002730
HP-UX 11.23 STIG:
GEN002730
(in version v1 r8)
Title
The audit system must alert the SA when the audit storage volume approaches its capacity. (Cat II impact)
Discussion
An accurate and current audit trail is essential for maintaining a record of system activity. If the system fails, the SA must be notified and must take prompt action to correct the problem. Minimally, the system must log this event and the SA will receive this notification during the daily system log review. If feasible, active alerting (such as e-mail or paging) should be employed consistent with the site’s established operations management systems and procedures.
Check Content
Determine if the audit system is configured to generate warnings when the audit storage volume approaches capacity. Procedure: # cat /etc/rc.config.d/auditing | grep AUDOMON_ARGS | grep "\-w" If the -w parameter does not exist, this is a finding. If the number following the -w parameter (which represents the threshold for percentage of capacity) is greater than 90, this is a finding.
Fix Text
Edit the AUDOMON_ARGS parameter of the /etc/rc.config.d/auditing file to include -w 90.
Additional Identifiers
Rule ID: SV-29653r1_rule
Vulnerability ID: V-22375
Group Title: GEN002730
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000143 |
The information system provides a warning when allocated audit record storage volume reaches an organization-defined percentage of maximum audit record storage capacity. |
Controls
Number | Title |
---|---|
No controls are assigned to this check |