Check: OL6-00-000004
Oracle Linux 6 STIG:
OL6-00-000004
(in versions v2 r7 through v1 r9)
Title
The system must use a separate file system for the system audit data path. (Cat III impact)
Discussion
Placing "/var/log/audit" in its own partition enables better separation between audit files and other files, and helps ensure that auditing cannot be halted due to the partition running out of space.
Check Content
Run the following command to determine if "/var/log/audit" is on its own partition or logical volume: $ mount | grep "on /var/log/audit " If "/var/log/audit" has its own partition or volume group, a line will be returned. If no line is returned, this is a finding.
Fix Text
Audit logs are stored in the "/var/log/audit" directory. Ensure that it has its own partition or logical volume at installation time, or migrate it later using LVM. Make absolutely certain that it is large enough to store all audit logs that will be created by the auditing daemon.
Additional Identifiers
Rule ID: SV-219541r793798_rule
Vulnerability ID: V-219541
Group Title: SRG-OS-000480
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000137 |
The organization allocates audit record storage capacity. |
CCI-000366 |
The organization implements the security configuration settings. |
Controls
Number | Title |
---|---|
CM-6 |
Configuration Settings |