The system must use a separate file system for the system audit data path..
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-23738 | GEN003623 | SV-35054r1_rule | ECSC-1 | Low |
| Description |
|---|
| The use of separate file systems for different paths can protect the system from failures resulting from a file system becoming full or failing. |
| STIG | Date |
|---|---|
| HP-UX 11.31 Security Technical Implementation Guide | 2017-01-27 |
Details
| Check Text ( None ) |
|---|
| None |
| Fix Text (F-30229r2_fix) |
|---|
| Migrate the audit log path onto a separate filesystem. The following assumes that /var exists and that the new audit log mount point will be /var/.audit. Verify if auditing is running: # ps -ef | grep audomon | grep -v grep If auditing is running, issue the stop command: # /sbin/init.d/auditing stop Use SAM/SMH to: - Create a new Logical Volume (size to be determined based on local site requirements). - Create a VxFS file system on the new logical volume, paying special attention to site requirements such as Access Permissions, Allocation Policies, Mirroring considerations, large/no-large files and mount options such as suid/nosuid and ro/rw. Verify the /etc/fstab /var/.audit entry # more /etc/fstab Verify the current mounts: # mount Mount /var/.audit if not yet mounted: # mount -a Re-start the auditing subsystem: # /sbin/init.d/auditing start Verify that auditing is now running: # ps -ef | grep audomon | grep -v grep |