UCF STIG Viewer Logo

SLES for vRealize audit logs must be rotated daily.


Overview

Finding ID Version Rule ID IA Controls Severity
V-240538 VRAU-SL-001470 SV-240538r671355_rule Medium
Description
Rotate audit logs daily to preserve audit file system space and to conform to the DISA requirement. If it is not rotated daily and moved to another location, then there is more of a chance for the compromise of audit data by malicious users.
STIG Date
VMware vRealize Automation 7.x SLES Security Technical Implementation Guide 2021-06-24

Details

Check Text ( C-43771r671353_chk )
Check for a "logrotate" entry that rotates audit logs.

# ls -l /etc/logrotate.d/audit

If it exists, check for the presence of the "daily" rotate flag:

# egrep "daily" /etc/logrotate.d/audit

The command should produce a "daily" entry in the logrotate file for the audit daemon.

If the "daily" entry is missing, this is a finding.
Fix Text (F-43730r671354_fix)
Create or edit the /etc/logrotate.d/audit file and add the "daily" entry, such as:

/var/log/audit/audit.log {
compress
dateext
rotate 15
daily
missingok
notifempty
create 600 root root
sharedscripts
postrotate
/sbin/service auditd restart 2> /dev/null > /dev/null || true
endscript
}