STIGQter: STIG Summary: VMware vSphere 6.7 Photon OS Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 09 Mar 2021:

The Photon operating system audit log must attempt to log audit failures to syslog.

DISA Rule

SV-239086r675066_rule

Vulnerability Number

V-239086

Group Title

SRG-OS-000047-GPOS-00023

Rule Version

PHTN-67-000014

Severity

CAT II

CCI(s)

• CCI-000140 - The information system takes organization-defined actions upon audit failure (e.g., shut down information system, overwrite oldest audit records, stop generating audit records).

Weight

10

Fix Recommendation

Open /etc/audit/auditd.conf with a text editor.

Ensure that the following lines are present, not duplicated, and not commented:

disk_full_action = SYSLOG
disk_error_action = SYSLOG
admin_space_left_action = SYSLOG

At the command line, execute the following command:

# service auditd reload

Check Contents

At the command line, execute the following commands:

# grep -E "^disk_full_action|^disk_error_action|^admin_space_left_action" /etc/audit/auditd.conf

If any of the above parameters are not set to SYSLOG or are missing, this is a finding.

Vulnerability Number

V-239086

Documentable

False

Rule Version

PHTN-67-000014

Severity Override Guidance

At the command line, execute the following commands:

# grep -E "^disk_full_action|^disk_error_action|^admin_space_left_action" /etc/audit/auditd.conf

If any of the above parameters are not set to SYSLOG or are missing, this is a finding.

Check Content Reference

M

Target Key

5323

Comments