UCF STIG Viewer Logo

The Photon operating system audit log must log space limit problems to syslog.


Finding ID Version Rule ID IA Controls Severity
V-239085 PHTN-67-000013 SV-239085r675063_rule Medium
It is critical for the appropriate personnel to be aware if a system is at risk of failing to process audit logs as required. Without this notification, the security personnel may be unaware of an impending failure of the audit capability, and system operation may be adversely affected. Satisfies: SRG-OS-000046-GPOS-00022, SRG-OS-000344-GPOS-00135
VMware vSphere 6.7 Photon OS Security Technical Implementation Guide 2022-06-17


Check Text ( C-42296r675061_chk )
At the command line, execute the following command:

# grep "^space_left_action" /etc/audit/auditd.conf

Expected result:

space_left_action = SYSLOG

If the output does not match the expected result, this is a finding.
Fix Text (F-42255r675062_fix)
Open /etc/audit/auditd.conf with a text editor.

Ensure that the "space_left_action" line is uncommented and set to the following:

space_left_action = SYSLOG

At the command line, execute the following command:

# service auditd reload