STIGQter STIGQter: STIG Summary: Canonical Ubuntu 18.04 LTS Security Technical Implementation Guide Version: 2 Release: 3 Benchmark Date: 23 Apr 2021:

The Ubuntu operating system must shut down by default upon audit failure (unless availability is an overriding concern).

DISA Rule

SV-219227r610963_rule

Vulnerability Number

V-219227

Group Title

SRG-OS-000047-GPOS-00023

Rule Version

UBTU-18-010301

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Configure the Ubuntu operating system to shut down by default upon audit failure (unless availability is an overriding concern).

Add or update the following line (depending on configuration "disk_full_action" can be set to "SYSLOG", "HALT" or "SINGLE") in "/etc/audit/auditd.conf" file:

disk_full_action = HALT

Restart the auditd service so the changes take effect:
# sudo systemctl restart auditd.service

Check Contents

Verify the Ubuntu operating system takes the appropriate action when the audit storage volume is full.

Check that the Ubuntu operating system takes the appropriate action when the audit storage volume is full with the following command:

# sudo grep disk_full_action /etc/audit/auditd.conf

disk_full_action = HALT

If the value of the "disk_full_action" option is not "SYSLOG", "SINGLE", or "HALT", or the line is commented out, this is a finding.

Vulnerability Number

V-219227

Documentable

False

Rule Version

UBTU-18-010301

Severity Override Guidance

Verify the Ubuntu operating system takes the appropriate action when the audit storage volume is full.

Check that the Ubuntu operating system takes the appropriate action when the audit storage volume is full with the following command:

# sudo grep disk_full_action /etc/audit/auditd.conf

disk_full_action = HALT

If the value of the "disk_full_action" option is not "SYSLOG", "SINGLE", or "HALT", or the line is commented out, this is a finding.

Check Content Reference

M

Target Key

4055

Comments