The audit system must alert the SA when the audit storage volume approaches its capacity.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-22375	GEN002730	SV-29653r1_rule	ECSC-1	Medium

Description
An accurate and current audit trail is essential for maintaining a record of system activity. If the system fails, the SA must be notified and must take prompt action to correct the problem. Minimally, the system must log this event and the SA will receive this notification during the daily system log review. If feasible, active alerting (such as e-mail or paging) should be employed consistent with the site’s established operations management systems and procedures.

Description

An accurate and current audit trail is essential for maintaining a record of system activity. If the system fails, the SA must be notified and must take prompt action to correct the problem. Minimally, the system must log this event and the SA will receive this notification during the daily system log review. If feasible, active alerting (such as e-mail or paging) should be employed consistent with the site’s established operations management systems and procedures.

STIG	Date
HP-UX 11.23 Security Technical Implementation Guide	2013-11-04

Details

Check Text ( None )
None

Fix Text (F-31780r1_fix)
Edit the AUDOMON_ARGS parameter of the /etc/rc.config.d/auditing file to include -w 90.