STIGQter: STIG Summary: Oracle Linux 6 Security Technical Implementation Guide Version: 2 Release: 3 Benchmark Date: 23 Apr 2021:

The system must use a separate file system for the system audit data path.

DISA Rule

SV-219541r603263_rule

Vulnerability Number

V-219541

Group Title

SRG-OS-000480

Rule Version

OL6-00-000004

Severity

CAT III

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

Audit logs are stored in the "/var/log/audit" directory. Ensure that it has its own partition or logical volume at installation time, or migrate it later using LVM. Make absolutely certain that it is large enough to store all audit logs that will be created by the auditing daemon.

Check Contents

Run the following command to determine if "/var/log/audit" is on its own partition or logical volume:

$ mount | grep "on /var/log/audit "

If "/var/log/audit" has its own partition or volume group, a line will be returned.
If no line is returned, this is a finding.

Vulnerability Number

V-219541

Documentable

False

Rule Version

OL6-00-000004

Severity Override Guidance

Run the following command to determine if "/var/log/audit" is on its own partition or logical volume:

$ mount | grep "on /var/log/audit "

If "/var/log/audit" has its own partition or volume group, a line will be returned.
If no line is returned, this is a finding.

Check Content Reference

M

Target Key

2928

Comments