STIGQter STIGQter: STIG Summary: SUSE Linux Enterprise Server 15 Security Technical Implementation Guide Version: 1 Release: 2 Benchmark Date: 23 Apr 2021:

The SUSE operating system audit system must take appropriate action when the audit storage volume is full.

DISA Rule

SV-234958r622137_rule

Vulnerability Number

V-234958

Group Title

SRG-OS-000047-GPOS-00023

Rule Version

SLES-15-030590

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Configure the SUSE operating system to shut down by default upon audit failure (unless availability is an overriding concern).

Add or update the following line (depending on configuration "disk_full_action" can be set to "SYSLOG", "SINGLE", or "HALT" depending on configuration) in "/etc/audit/auditd.conf" file:

disk_full_action = HALT

Check Contents

Verify the SUSE operating system takes the appropriate action when the audit storage volume is full.

Check that the SUSE operating system takes the appropriate action when the audit storage volume is full with the following command:

> sudo grep disk_full_action /etc/audit/auditd.conf

disk_full_action = SYSLOG

If the value of the "disk_full_action" option is not "SYSLOG", "SINGLE", or "HALT", or the line is commented out, this is a finding.

Vulnerability Number

V-234958

Documentable

False

Rule Version

SLES-15-030590

Severity Override Guidance

Verify the SUSE operating system takes the appropriate action when the audit storage volume is full.

Check that the SUSE operating system takes the appropriate action when the audit storage volume is full with the following command:

> sudo grep disk_full_action /etc/audit/auditd.conf

disk_full_action = SYSLOG

If the value of the "disk_full_action" option is not "SYSLOG", "SINGLE", or "HALT", or the line is commented out, this is a finding.

Check Content Reference

M

Target Key

5274

Comments