An error occurred:

Check: RIIM-OS-651035

Riverbed NetIM OS STIG: RIIM-OS-651035 (in version v1 r1)

Title

Ubuntu OS must have a crontab script running weekly to off-load audit events of standalone systems. (Cat III impact)

Discussion

Information stored in one location is vulnerable to accidental or incidental deletion or alteration. Off-loading is a common process in information systems with limited audit storage capacity.

Check Content

Verify there is a script that off-loads audit data and the script runs weekly by using the following command: Note: If the system is not connected to a network, this requirement is not applicable. $ ls /etc/cron.weekly <audit_offload_script_name> Check if the script inside the file off-loads audit logs to external media. If the script file does not exist or does not off-load audit logs, this is a finding.

Fix Text

Create a script that off-loads audit logs to external media and runs weekly. The script must be located in the "/etc/cron.weekly" directory.

Additional Identifiers

Rule ID: SV-275674r1148072_rule

Vulnerability ID: V-275674

Group Title: SRG-OS-000342-GPOS-00133

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
CCI-001851

Transfer audit logs per organization-defined frequency to a different system, system component, or media than the system or system component conducting the logging.

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
AU-4(1)

Transfer to Alternate Storage