UCF STIG Viewer Logo

The Ubuntu operating system must have a crontab script running weekly to offload audit events of standalone systems.


Overview

Finding ID Version Rule ID IA Controls Severity
V-238321 UBTU-20-010300 SV-238321r654138_rule Low
Description
Information stored in one location is vulnerable to accidental or incidental deletion or alteration. Offloading is a common process in information systems with limited audit storage capacity.
STIG Date
Canonical Ubuntu 20.04 LTS Security Technical Implementation Guide 2021-03-23

Details

Check Text ( C-41531r654136_chk )
Note: If this is an interconnected system, this is Not Applicable.

Verify there is a script that offloads audit data and that script runs weekly.

Check if there is a script in the "/etc/cron.weekly" directory that offloads audit data:

# sudo ls /etc/cron.weekly

audit-offload

Check if the script inside the file does offloading of audit logs to external media.

If the script file does not exist or does not offload audit logs, this is a finding.
Fix Text (F-41490r654137_fix)
Create a script that offloads audit logs to external media and runs weekly.

The script must be located in the "/etc/cron.weekly" directory.