Check: RHEL-09-231030
RHEL 9 STIG:
RHEL-09-231030
(in versions v1 r3 through v1 r1)
Title
RHEL 9 must use a separate file system for the system audit data path. (Cat III impact)
Discussion
Placing "/var/log/audit" in its own partition enables better separation between audit files and other system files, and helps ensure that auditing cannot be halted due to the partition running out of space. Satisfies: SRG-OS-000341-GPOS-00132, SRG-OS-000480-GPOS-00227
Check Content
Verify that a separate file system/partition has been created for the system audit data path with the following command: Note: /var/log/audit is used as the example as it is a common location. $ mount | grep /var/log/audit UUID=2efb2979-45ac-82d7-0ae632d11f51 on /var/log/home type xfs (rw,realtime,seclabel,attr2,inode64) If no line is returned, this is a finding.
Fix Text
Migrate the system audit data path onto a separate file system.
Additional Identifiers
Rule ID: SV-257847r925528_rule
Vulnerability ID: V-257847
Group Title: SRG-OS-000341-GPOS-00132
Expert Comments
CCIs
| Number | Definition |
|---|---|
| CCI-000366 |
The organization implements the security configuration settings. |
| CCI-001849 |
The organization allocates audit record storage capacity in accordance with organization-defined audit record storage requirements. |