Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
SLEM 5 auditd service must notify the system administrator (SA) and information system security officer (ISSO) immediately when audit storage capacity is 75 percent full.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-261414 | SLEM-05-653030 | SV-261414r996654_rule | Medium |
| Description |
|---|
| If security personnel are not notified immediately when storage volume reaches 75 percent utilization, they are unable to plan for audit record storage capacity expansion. |
| STIG | Date |
|---|---|
| SUSE Linux Enterprise Micro (SLEM) 5 Security Technical Implementation Guide | 2024-06-04 |
Details
| Check Text ( C-65143r996653_chk ) |
|---|
| Determine if SLEM 5 auditd is configured to notify the SA and ISSO when the audit record storage volume reaches 75 percent of the storage capacity with the following command: > sudo grep -iw space_left /etc/audit/auditd.conf space_left = 25% If "space_left" is not set to "25%" or greater, this is a finding. |
| Fix Text (F-65051r996108_fix) |
|---|
| Configure SLEM 5 auditd service to notify the SA and ISSO immediately when audit storage capacity is 75 percent full. Add or modify the following lines in the "/etc/audit/auditd.conf " file: space_left = 25% |