The operating system must allocate audit record storage capacity to store at least one week's worth of audit records, when audit records are not immediately sent to a central audit record storage facility.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-203700 | SRG-OS-000341-GPOS-00132 | SV-203700r877391_rule | Low |
| Description |
|---|
| In order to ensure operating systems have a sufficient storage capacity in which to write the audit logs, operating systems need to be able to allocate audit record storage capacity. The task of allocating audit record storage capacity is usually performed during initial installation of the operating system. |
| STIG | Date |
|---|---|
| General Purpose Operating System Security Requirements Guide | 2022-11-21 |
Details
| Check Text ( C-3825r375047_chk ) |
|---|
| Verify the operating system allocates audit record storage capacity to store at least one week's worth of audit records, when audit records are not immediately sent to a central audit record storage facility. If it does not, this is a finding. |
| Fix Text (F-3825r375048_fix) |
|---|
| Configure the operating system to allocate audit record storage capacity to store at least one week's worth of audit records, when audit records are not immediately sent to a central audit record storage facility. |