The designer will ensure the application has a capability to notify an administrator when audit logs are nearing capacity as specified in the system documentation.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-6139 | APP3650 | SV-6139r1_rule | ECAT-2 | Low |
| Description |
|---|
| If an application audit log reaches capacity without warning, it will stop logging important system and security events. It could also open the system up for a type of denial of service attack, if an application halts with a full log. |
| STIG | Date |
|---|---|
| Application Security and Development Checklist | 2014-12-22 |
Details
| Check Text ( C-2952r1_chk ) |
|---|
| Examine the application documentation and ask the application representative what automated mechanism is in place to ensure the administrator is notified when the application logs are near capacity. 1) If an automated mechanism is not in place to warn the administrator, it is a finding. If the application representative or the documentation indicates a mechanism is in place, examine the configuration of the mechanism to ensure the process is present and executing. 2) If an automated mechanism is not executing, it is a finding. Note: This may be automated by the operating system of the application servers. |
| Fix Text (F-17116r1_fix) |
|---|
| Implement a warning mechanism to notify system administrators when the audit records are near full. |