UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The system must use a separate file system for the system audit data path.


Overview

Finding ID Version Rule ID IA Controls Severity
V-38467 RHEL-06-000004 SV-50267r1_rule Low
Description
Placing "/var/log/audit" in its own partition enables better separation between audit files and other files, and helps ensure that auditing cannot be halted due to the partition running out of space.
STIG Date
Red Hat Enterprise Linux 6 Security Technical Implementation Guide 2016-06-05

Details

Check Text ( C-46022r1_chk )
Run the following command to determine if "/var/log/audit" is on its own partition or logical volume:

$ mount | grep "on /var/log/audit "

If "/var/log/audit" has its own partition or volume group, a line will be returned.
If no line is returned, this is a finding.
Fix Text (F-43412r1_fix)
Audit logs are stored in the "/var/log/audit" directory. Ensure that it has its own partition or logical volume at installation time, or migrate it later using LVM. Make absolutely certain that it is large enough to store all audit logs that will be created by the auditing daemon.