Check: GEN002860
SUSE Linux Enterprise Server v11 for System z STIG:
GEN002860
(in versions v1 r12 through v1 r9)
Title
Audit logs must be rotated daily. (Cat II impact)
Discussion
Rotate audit logs daily to preserve audit file system space and to conform to the DoD/DISA requirement. If it is not rotated daily and moved to another location, then there is more of a chance for the compromise of audit data by malicious users.
Check Content
Check for any crontab entries that rotate audit logs. Procedure: # crontab -l If such a cron job is found, this is not a finding. Otherwise, query the SA. If there is a process automatically rotating audit logs, this is not a finding. If the SA manually rotates audit logs, this is a finding, because if the SA is not there, it will not be accomplished. If the audit output is not archived daily, to tape or disk, this is a finding. This can be ascertained by looking at the audit log directory and, if more than one file is there, or if the file does not have today’s date, this is a finding.
Fix Text
Configure a cron job or other automated process to rotate the audit logs on a daily basis.
Additional Identifiers
Rule ID: SV-45560r1_rule
Vulnerability ID: V-4357
Group Title: GEN002860
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000366 |
The organization implements the security configuration settings. |
Controls
Number | Title |
---|---|
CM-6 |
Configuration Settings |