Skip to content

RHEL 9 audit system must take appropriate action when the audit files have reached maximum size.

An XCCDF Rule

Description

<VulnDiscussion>It is critical that when the operating system is at risk of failing to process audit logs as required, it takes action to mitigate the failure. Audit processing failures include software/hardware errors; failures in the audit capturing mechanisms; and audit storage capacity being reached or exceeded. Responses to audit failure depend upon the nature of the failure mode.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID
SV-258160r958426_rule
Severity
Medium
References
Updated



Remediation - Manual Procedure

Configure RHEL 9 to rotate the audit log when it reaches maximum size.

Add or update the following line in "/etc/audit/auditd.conf" file:

max_log_file_action = ROTATE