STIGQter STIGQter: STIG Summary: Canonical Ubuntu 20.04 LTS Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 10 Mar 2021:

The Ubuntu operating system must shut down by default upon audit failure (unless availability is an overriding concern).

DISA Rule

SV-238244r653907_rule

Vulnerability Number

V-238244

Group Title

SRG-OS-000047-GPOS-00023

Rule Version

UBTU-20-010118

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Configure the Ubuntu operating system to shut down by default upon audit failure (unless availability is an overriding concern).

Add or update the following line (depending on configuration, "disk_full_action" can be set to "SYSLOG", "HALT" or "SINGLE") in "/etc/audit/auditd.conf" file:

disk_full_action = HALT

Restart the "auditd" service so the changes take effect:

$ sudo systemctl restart auditd.service

Check Contents

Verify the Ubuntu operating system takes the appropriate action when the audit storage volume is full with the following command:

$ sudo grep '^disk_full_action' /etc/audit/auditd.conf

disk_full_action = HALT

If the value of the "disk_full_action" option is not "SYSLOG", "SINGLE", or "HALT", or the line is commented out, this is a finding.

Vulnerability Number

V-238244

Documentable

False

Rule Version

UBTU-20-010118

Severity Override Guidance

Verify the Ubuntu operating system takes the appropriate action when the audit storage volume is full with the following command:

$ sudo grep '^disk_full_action' /etc/audit/auditd.conf

disk_full_action = HALT

If the value of the "disk_full_action" option is not "SYSLOG", "SINGLE", or "HALT", or the line is commented out, this is a finding.

Check Content Reference

M

Target Key

5318

Comments