Check: PHTN-67-000078
VMware vSphere 6.7 Photon OS STIG:
PHTN-67-000078
(in versions v1 r6 through v1 r1)
Title
The Photon operating system must ensure audit events are flushed to disk at proper intervals. (Cat II impact)
Discussion
Without setting a balance between performance and ensuring all audit events are written to disk, performance of the system may suffer or the risk of missing audit entries may be too high.
Check Content
At the command line, execute the following command: # grep -E "freq|flush" /etc/audit/auditd.conf Expected result: flush = INCREMENTAL_ASYNC freq = 50 If the output does not match the expected result, this is a finding.
Fix Text
Open /etc/audit/auditd.conf with a text editor. Ensure that the line below is present and any existing "flush" and "freq" settings are removed. flush = INCREMENTAL_ASYNC freq = 50
Additional Identifiers
Rule ID: SV-239149r675255_rule
Vulnerability ID: V-239149
Group Title: SRG-OS-000480-GPOS-00227
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000366 |
The organization implements the security configuration settings. |
Controls
Number | Title |
---|---|
CM-6 |
Configuration Settings |