Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-219154 | UBTU-18-010008 | SV-219154r853362_rule | Low |
Description |
---|
Information stored in one location is vulnerable to accidental or incidental deletion or alteration. Off-loading is a common process in information systems with limited audit storage capacity. |
STIG | Date |
---|---|
Canonical Ubuntu 18.04 LTS Security Technical Implementation Guide | 2023-09-08 |
Check Text ( C-20879r304790_chk ) |
---|
Verify there is a script which off-loads audit data and if that script runs weekly. Check if there is a script in the /etc/cron.weekly directory which off-loads audit data: # sudo ls /etc/cron.weekly audit-offload Check if the script inside the file does offloading of audit logs to an external media. If the script file does not exist or if the script file doesn't offload audit logs, this is a finding. |
Fix Text (F-20878r304791_fix) |
---|
Create a script which off-loads audit logs to external media and runs weekly. Script must be located into the /etc/cron.weekly directory. |