RHEL 9 must allocate audit record storage capacity to store at least one week's worth of audit records.
An XCCDF Rule
Description
<VulnDiscussion>To ensure RHEL 9 systems have a sufficient storage capacity in which to write the audit logs, RHEL 9 needs to be able to allocate audit record storage capacity. The task of allocating audit record storage capacity is usually performed during initial installation of RHEL 9. Satisfies: SRG-OS-000341-GPOS-00132, SRG-OS-000342-GPOS-00133</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>
- ID
- SV-258155r926452_rule
- Severity
- Medium
- References
- Updated
Remediation - Manual Procedure
Allocate enough storage capacity for at least one week of audit records when audit records are not immediately sent to a central audit record storage facility.
If audit records are stored on a partition made specifically for audit records, resize the partition with sufficient space to contain one week of audit records.
If audit records are not stored on a partition made specifically for audit records, a new partition with sufficient space will need be to be created.