UCF STIG Viewer Logo

The system must use a separate file system for the system audit data path.


Overview

Finding ID Version Rule ID IA Controls Severity
V-217849 RHEL-06-000004 SV-217849r505923_rule Low
Description
Placing "/var/log/audit" in its own partition enables better separation between audit files and other files, and helps ensure that auditing cannot be halted due to the partition running out of space.
STIG Date
Red Hat Enterprise Linux 6 Security Technical Implementation Guide 2020-09-03

Details

Check Text ( C-19330r376562_chk )
Run the following command to determine if "/var/log/audit" is on its own partition or logical volume:

$ mount | grep "on /var/log/audit "

If "/var/log/audit" has its own partition or volume group, a line will be returned.
If no line is returned, this is a finding.
Fix Text (F-19328r376563_fix)
Audit logs are stored in the "/var/log/audit" directory. Ensure that it has its own partition or logical volume at installation time, or migrate it later using LVM. Make absolutely certain that it is large enough to store all audit logs that will be created by the auditing daemon.