Skip to content
ATO Pathways
Log In
Overview
Search
Catalogs
SCAP
OSCAL
Catalogs
Profiles
Documents
References
Knowledge Base
Platform Documentation
Compliance Dictionary
Platform Changelog
About
Catalogs
XCCDF
Guide to the Secure Configuration of OpenEmbedded
System Settings
System Accounting with auditd
Configure auditd Data Retention
Configure auditd Max Log File Size
Configure auditd Max Log File Size
An XCCDF Rule
Details
Profiles
Prose
Configure auditd Max Log File Size
Medium Severity
Determine the amount of audit data (in megabytes) which should be retained in each log file. Edit the file
/etc/audit/auditd.conf
. Add or modify the following line, substituting the correct value of
for
STOREMB
:
max_log_file =
STOREMB
Set the value to
6
(MB) or higher for general-purpose systems. Larger values, of course, support retention of even more audit data.