STIGQter: STIG Summary: Oracle Linux 6 Security Technical Implementation Guide Version: 2 Release: 3 Benchmark Date: 23 Apr 2021:

The system must retain enough rotated audit logs to cover the required log retention period.

DISA Rule

SV-208878r603263_rule

Vulnerability Number

V-208878

Group Title

SRG-OS-000480

Rule Version

OL6-00-000159

Severity

CAT II

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

Determine how many log files "auditd" should retain when it rotates logs. Edit the file "/etc/audit/auditd.conf". Add or modify the following line, substituting [NUMLOGS] with the correct value:

num_logs = [NUMLOGS]

Set the value to 5 for general-purpose systems. Note that values less than 2 result in no log rotation.

Check Contents

Inspect "/etc/audit/auditd.conf" and locate the following line to determine how many logs the system is configured to retain after rotation: "# grep num_logs /etc/audit/auditd.conf"

num_logs = 5

If the overall system log file(s) retention hasn't been properly set up, this is a finding.

Vulnerability Number

V-208878

Documentable

False

Rule Version

OL6-00-000159

Severity Override Guidance

Inspect "/etc/audit/auditd.conf" and locate the following line to determine how many logs the system is configured to retain after rotation: "# grep num_logs /etc/audit/auditd.conf"

num_logs = 5

If the overall system log file(s) retention hasn't been properly set up, this is a finding.

Check Content Reference

M

Target Key

2928

Comments