STIGQter: STIG Summary: Oracle Linux 6 Security Technical Implementation Guide Version: 2 Release: 3 Benchmark Date: 23 Apr 2021:

The audit system must identify staff members to receive notifications of audit log storage volume capacity issues.

DISA Rule

SV-209032r603263_rule

Vulnerability Number

V-209032

Group Title

SRG-OS-000046

Rule Version

OL6-00-000313

Severity

CAT II

CCI(s)

• CCI-000139 - The information system alerts designated organization-defined personnel or roles in the event of an audit processing failure.

Weight

10

Fix Recommendation

The "auditd" service can be configured to send email to a designated account in certain situations. Add or correct the following line in "/etc/audit/auditd.conf" to ensure that administrators are notified via email for those situations:

action_mail_acct = root

Check Contents

Inspect "/etc/audit/auditd.conf" and locate the following line to determine if the system is configured to send email to an account when it needs to notify an administrator:

action_mail_acct = root

If auditd is not configured to send emails per identified actions, this is a finding.

Vulnerability Number

V-209032

Documentable

False

Rule Version

OL6-00-000313

Severity Override Guidance

Inspect "/etc/audit/auditd.conf" and locate the following line to determine if the system is configured to send email to an account when it needs to notify an administrator:

action_mail_acct = root

If auditd is not configured to send emails per identified actions, this is a finding.

Check Content Reference

M

Target Key

2928

Comments