STIGQter: STIG Summary: Oracle Linux 6 Security Technical Implementation Guide Version: 2 Release: 3 Benchmark Date: 23 Apr 2021:

The system must set a maximum audit log file size.

DISA Rule

SV-208879r603263_rule

Vulnerability Number

V-208879

Group Title

SRG-OS-000480

Rule Version

OL6-00-000160

Severity

CAT II

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

Determine the amount of audit data (in megabytes) which should be retained in each log file. Edit the file "/etc/audit/auditd.conf". Add or modify the following line, substituting the correct value for [STOREMB]:

max_log_file = [STOREMB]

Set the value to "6" (MB) or higher for general-purpose systems. Larger values, of course, support retention of even more audit data.

Check Contents

Inspect "/etc/audit/auditd.conf" and locate the following line to determine how much data the system will retain in each audit log file: "# grep max_log_file /etc/audit/auditd.conf"

max_log_file = 6

If the system audit data threshold hasn't been properly set up, this is a finding.

Vulnerability Number

V-208879

Documentable

False

Rule Version

OL6-00-000160

Severity Override Guidance

Inspect "/etc/audit/auditd.conf" and locate the following line to determine how much data the system will retain in each audit log file: "# grep max_log_file /etc/audit/auditd.conf"

max_log_file = 6

If the system audit data threshold hasn't been properly set up, this is a finding.

Check Content Reference

M

Target Key

2928

Comments