STIGQter: STIG Summary: SUSE Linux Enterprise Server 15 Security Technical Implementation Guide Version: 1 Release: 2 Benchmark Date: 23 Apr 2021: STIGQter: STIG Summary: SUSE Linux Enterprise Server 15 Security Technical Implementation Guide Version: 1 Release: 2 Benchmark Date: 23 Apr 2021:SV-234965r622137_rule
V-234965
SRG-OS-000341-GPOS-00132
SLES-15-030660
CAT II
10
Allocate enough storage capacity for at least one week of SUSE operating system audit records when audit records are not immediately sent to a central audit record storage facility.
If audit records are stored on a partition made specifically for audit records, use the "YaST2 - Partitioner" program (installation and configuration tool for Linux) to resize the partition with sufficient space to contain one week of audit records.
If audit records are not stored on a partition made specifically for audit records, a new partition with sufficient amount of space will need be to be created. The new partition can be created using the "YaST2 - Partitioner" program on the system.
Verify the SUSE operating system allocates audit record storage capacity to store at least one week of audit records when audit records are not immediately sent to a central audit record storage facility.
Determine to which partition the audit records are being written with the following command:
> sudo grep -iw log_file /etc/audit/auditd.conf
log_file = /var/log/audit/audit.log
Check the size of the partition that audit records are written to (with the example being /var/log/audit/) with the following command:
> df -h /var/log/audit/
/dev/sda2 24G 10.4G 13.6G 43% /var
If the audit records are not written to a partition made specifically for audit records (/var/log/audit is a separate partition), determine the amount of space being used by other files in the partition with the following command:
> sudo du -sh [audit_partition]
1.8G /var/log/audit
The partition size needed to capture a week of audit records is based on the activity level of the system and the total storage capacity available. In normal circumstances, 10.0 GB of storage space for audit records will be sufficient.
If the audit record partition is not allocated sufficient storage capacity, this is a finding.
V-234965
False
SLES-15-030660
Verify the SUSE operating system allocates audit record storage capacity to store at least one week of audit records when audit records are not immediately sent to a central audit record storage facility.
Determine to which partition the audit records are being written with the following command:
> sudo grep -iw log_file /etc/audit/auditd.conf
log_file = /var/log/audit/audit.log
Check the size of the partition that audit records are written to (with the example being /var/log/audit/) with the following command:
> df -h /var/log/audit/
/dev/sda2 24G 10.4G 13.6G 43% /var
If the audit records are not written to a partition made specifically for audit records (/var/log/audit is a separate partition), determine the amount of space being used by other files in the partition with the following command:
> sudo du -sh [audit_partition]
1.8G /var/log/audit
The partition size needed to capture a week of audit records is based on the activity level of the system and the total storage capacity available. In normal circumstances, 10.0 GB of storage space for audit records will be sufficient.
If the audit record partition is not allocated sufficient storage capacity, this is a finding.
M
5274