UCF STIG Viewer Logo

The Photon operating system must configure auditd to log space limit problems to syslog.


Finding ID Version Rule ID IA Controls Severity
V-239131 PHTN-67-000060 SV-239131r675201_rule Medium
If security personnel are not notified immediately when storage volume reaches 75% utilization, they are unable to plan for audit record storage capacity expansion.
VMware vSphere 6.7 Photon OS Security Technical Implementation Guide 2022-06-17


Check Text ( C-42342r675199_chk )
At the command line, execute the following command:

# grep "^space_left " /etc/audit/auditd.conf

Expected result:

space_left = 75

If the output does not match the expected result, this is a finding.
Fix Text (F-42301r675200_fix)
Open /etc/audit/auditd.conf with a text editor.

Ensure that the "space_left" line is uncommented and set to the following:

space_left = 75

At the command line, execute the following command:

# service auditd reload