Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-208878 | OL6-00-000159 | SV-208878r603263_rule | Medium |
Description |
---|
The total storage for audit log files must be large enough to retain log information over the period required. This is a function of the maximum log file size and the number of logs retained. |
STIG | Date |
---|---|
Oracle Linux 6 Security Technical Implementation Guide | 2021-06-14 |
Check Text ( C-9131r357614_chk ) |
---|
Inspect "/etc/audit/auditd.conf" and locate the following line to determine how many logs the system is configured to retain after rotation: "# grep num_logs /etc/audit/auditd.conf" num_logs = 5 If the overall system log file(s) retention hasn't been properly set up, this is a finding. |
Fix Text (F-9131r357615_fix) |
---|
Determine how many log files "auditd" should retain when it rotates logs. Edit the file "/etc/audit/auditd.conf". Add or modify the following line, substituting [NUMLOGS] with the correct value: num_logs = [NUMLOGS] Set the value to 5 for general-purpose systems. Note that values less than 2 result in no log rotation. |