STIGQter STIGQter: STIG Summary: Red Hat Enterprise Linux 6 Security Technical Implementation Guide Version: 1 Release: 24 Benchmark Date: 25 Oct 2019: The audit system must take appropriate action when there are disk errors on the audit storage volume.

DISA Rule

SV-50264r1_rule

Vulnerability Number

V-38464

Group Title

SRG-OS-000047

Rule Version

RHEL-06-000511

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Edit the file "/etc/audit/auditd.conf". Modify the following line, substituting [ACTION] appropriately:

disk_error_action = [ACTION]

Possible values for [ACTION] are described in the "auditd.conf" man page. These include:

"ignore"
"syslog"
"exec"
"suspend"
"single"
"halt"


Set this to "syslog", "exec", "single", or "halt".

Check Contents

Inspect "/etc/audit/auditd.conf" and locate the following line to determine if the system is configured to take appropriate action when disk errors occur:

# grep disk_error_action /etc/audit/auditd.conf
disk_error_action = [ACTION]


If the system is configured to "suspend" when disk errors occur or "ignore" them, this is a finding.

Vulnerability Number

V-38464

Documentable

False

Rule Version

RHEL-06-000511

Severity Override Guidance

Inspect "/etc/audit/auditd.conf" and locate the following line to determine if the system is configured to take appropriate action when disk errors occur:

# grep disk_error_action /etc/audit/auditd.conf
disk_error_action = [ACTION]


If the system is configured to "suspend" when disk errors occur or "ignore" them, this is a finding.

Check Content Reference

M

Target Key

2367

Comments