Check: AIX7-00-002033
IBM AIX 7.x STIG:
AIX7-00-002033
(in versions v3 r1 through v1 r1)
Title
AIX must allocate audit record storage capacity to store at least one weeks worth of audit records, when audit records are not immediately sent to a central audit record storage facility. (Cat II impact)
Discussion
In order to ensure operating systems have a sufficient storage capacity in which to write the audit logs, operating systems need to be able to allocate audit record storage capacity. The task of allocating audit record storage capacity is usually performed during initial installation of AIX.
Check Content
Check the file system size where the log file resides is greater than the organizationally defined size of audit logs for one week (1GB). Find out where the audit log resides: # grep trail /etc/security/audit/config trail = /audit/trail Find out the available space in the file system hosting the audit logs. # df /audit/trail Filesystem 512-blocks Free %Used Iused %Iused Mounted on /dev/hd4 1966080 1792872 9% 3913 2% / If the "512-blocks" multiplied by "Free" is less than the required size for the audit logs, this is a finding.
Fix Text
Increase the size of the file system hosting the audit logs (by 1GB). # chfs -a size=+1G <root of file system for audit logs>
Additional Identifiers
Rule ID: SV-215253r958752_rule
Vulnerability ID: V-215253
Group Title: SRG-OS-000341-GPOS-00132
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-001849 |
Allocate audit log storage capacity to accommodate organization-defined audit log retention requirements. |
Controls
Number | Title |
---|---|
AU-4 |
Audit Storage Capacity |