Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
AIX must be configured so that the audit system takes appropriate action when the audit storage volume is full.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-219956 | AIX7-00-002017 | SV-219956r508663_rule | Medium |
| Description |
|---|
| Taking appropriate action in case of a filled audit storage volume will minimize the possibility of losing audit records. |
| STIG | Date |
|---|---|
| IBM AIX 7.x Security Technical Implementation Guide | 2021-06-16 |
Details
| Check Text ( C-21667r364827_chk ) |
|---|
| Verify the action the operating system takes if the disk the audit records are written to becomes full. Verify that the file "/etc/security/audit/config" includes the required settings with the following command: # cat /etc/security/audit/config bin: trail = /audit/trail bin1 = /audit/bin1 bin2 = /audit/bin2 binsize = 25000 cmds = /etc/security/audit/bincmds freespace = 65536 backuppath = /audit backupsize = 0 bincompact = off If any of the configurations listed above is missing or not set to the listed value or greater, this is a finding. |
| Fix Text (F-21666r364828_fix) |
|---|
| Edit the /etc/security/audit/config file and add/modify the following values: Note: The values for "binsize" and "freespace" are the minimum required values. These values can be increased to meet organizationally defined values that exceed the listed values. bin: trail = /audit/trail bin1 = /audit/bin1 bin2 = /audit/bin2 binsize = 25000 cmds = /etc/security/audit/bincmds freespace = 65536 backuppath = /audit backupsize = 0 bincompact = off Restart the audit process: # /usr/sbin/audit shutdown # /usr/sbin/audit start |