STIGQter STIGQter: STIG Summary: IBM AIX 7.x Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 23 Apr 2021:

AIX must allocate audit record storage capacity to store at least one weeks worth of audit records, when audit records are not immediately sent to a central audit record storage facility.

DISA Rule

SV-215253r508663_rule

Vulnerability Number

V-215253

Group Title

SRG-OS-000341-GPOS-00132

Rule Version

AIX7-00-002033

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Increase the size of the file system hosting the audit logs (by 1GB).
# chfs -a size=+1G <root of file system for audit logs>

Check Contents

Check the file system size where the log file resides is greater than the organizationally defined size of audit logs for one week (1GB).

Find out where the audit log resides:
# grep trail /etc/security/audit/config
trail = /audit/trail

Find out the available space in the file system hosting the audit logs.

# df /audit/trail
Filesystem 512-blocks Free %Used Iused %Iused Mounted on
/dev/hd4 1966080 1792872 9% 3913 2% /

If the "512-blocks" multiplied by "Free" is less than the required size for the audit logs, this is a finding.

Vulnerability Number

V-215253

Documentable

False

Rule Version

AIX7-00-002033

Severity Override Guidance

Check the file system size where the log file resides is greater than the organizationally defined size of audit logs for one week (1GB).

Find out where the audit log resides:
# grep trail /etc/security/audit/config
trail = /audit/trail

Find out the available space in the file system hosting the audit logs.

# df /audit/trail
Filesystem 512-blocks Free %Used Iused %Iused Mounted on
/dev/hd4 1966080 1792872 9% 3913 2% /

If the "512-blocks" multiplied by "Free" is less than the required size for the audit logs, this is a finding.

Check Content Reference

M

Target Key

4012

Comments