The system must use a separate file system for the system audit data path.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-23738 | GEN003623 | SV-38872r1_rule | ECSC-1 | Low |
| Description |
|---|
| The use of separate file systems for different paths can protect the system from failures resulting from a file system becoming full or failing. |
| STIG | Date |
|---|---|
| AIX 5.3 SECURITY TECHNICAL IMPLEMENTATION GUIDE | 2014-10-03 |
Details
| Check Text ( C-37872r1_chk ) |
|---|
| Determine the location of the audit data path. #more /etc/security/audit/config Make note of the binfile and trail location. (The best practice is to have the audit data and trails sent to /audit.) # cd < audit path > #df -k . If the system audit data path is not on a separate file system, this is a finding. |
| Fix Text (F-33125r1_fix) |
|---|
| Migrate the system audit data path onto a separate file system. Update the /etc/security/audit/config file as necessary to reflect the location of the audit data. |