UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Audit logs must be rotated daily.


Overview

Finding ID Version Rule ID IA Controls Severity
V-4357 GEN002860 SV-37945r1_rule ECSC-1 Medium
Description
Rotate audit logs daily to preserve audit file system space and to conform to the DoD/DISA requirement. If it is not rotated daily and moved to another location, then there is more of a chance for the compromise of audit data by malicious users.
STIG Date
Red Hat Enterprise Linux 5 Security Technical Implementation Guide 2013-07-03

Details

Check Text ( C-37230r1_chk )
Check for any crontab entries that rotate audit logs.
Procedure:
# crontab -l
If such a cron job is found, this is not a finding.

Otherwise, query the SA. If there is a process automatically rotating audit logs, this is not a finding. If the SA manually rotates audit logs, this is a finding, because if the SA is not there, it will not be accomplished. If the audit output is not archived daily, to tape or disk, this is a finding. This can be ascertained by looking at the audit log directory and, if more than one file is there, or if the file does not have today's date, this is a finding.

Fix Text (F-32436r1_fix)
Configure a cron job or other automated process to rotate the audit logs on a daily basis.