STIGQter: STIG Summary: IBM AIX 7.x Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 23 Apr 2021:

AIX must be configured to generate an audit record when 75% of the audit file system is full.

DISA Rule

SV-215241r508663_rule

Vulnerability Number

V-215241

Group Title

SRG-OS-000046-GPOS-00022

Rule Version

AIX7-00-002008

Severity

CAT II

CCI(s)

CCI-000139 - The information system alerts designated organization-defined personnel or roles in the event of an audit processing failure.

Weight

Fix Recommendation

Ensure the "/etc/security/audit/config" file contains the following line:
freepsace = <value>
where <value> is greater than 25%* filesystem capacity

Reset the audit system with the following command:
# /usr/sbin/audit shutdown

Start the audit system with the following command:
# /usr/sbin/audit start

Check Contents

Check if "freespace" is configured for the audit subsystem:

# grep -E freespace* /etc/security/audit/config
freespace = 65536

If the above command returns empty, or if the value is less than 25% of the filesystem size, this is a finding.

Vulnerability Number

V-215241

Documentable

False

Rule Version

AIX7-00-002008

Severity Override Guidance

Check Content Reference

Target Key

4012

AIX must be configured to generate an audit record when 75% of the audit file system is full.

DISA Rule

Vulnerability Number

Group Title

Rule Version

Severity

CCI(s)

Weight

Fix Recommendation

Check Contents

Vulnerability Number

Documentable

Rule Version

Severity Override Guidance

Check Content Reference

Target Key

Comments