STIGQter: STIG Summary: VMware vSphere 6.7 Photon OS Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 09 Mar 2021:

The Photon operating system audit log must log space limit problems to syslog.

DISA Rule

SV-239085r675063_rule

Vulnerability Number

V-239085

Group Title

SRG-OS-000046-GPOS-00022

Rule Version

PHTN-67-000013

Severity

CAT II

CCI(s)

CCI-000139 - The information system alerts designated organization-defined personnel or roles in the event of an audit processing failure.
CCI-001858 - The information system provides a real-time alert in an organization-defined real-time period to organization-defined personnel, roles, and/or locations when organization-defined audit failure events requiring real-time alerts occur.

Weight

Fix Recommendation

Open /etc/audit/auditd.conf with a text editor.

Ensure that the "space_left_action" line is uncommented and set to the following:

space_left_action = SYSLOG

At the command line, execute the following command:

# service auditd reload

Check Contents

At the command line, execute the following command:

# grep "^space_left_action" /etc/audit/auditd.conf

Expected result:

space_left_action = SYSLOG

If the output does not match the expected result, this is a finding.

Vulnerability Number

V-239085

Documentable

False

Rule Version

PHTN-67-000013

Severity Override Guidance

Check Content Reference

Target Key

5323

The Photon operating system audit log must log space limit problems to syslog.

DISA Rule

Vulnerability Number

Group Title

Rule Version

Severity

CCI(s)

Weight

Fix Recommendation

Check Contents

Vulnerability Number

Documentable

Rule Version

Severity Override Guidance

Check Content Reference

Target Key

Comments