SLEM 5 must allocate audit record storage capacity to store at least one week of audit records when audit records are not immediately sent to a central audit record storage facility.

An XCCDF Rule

Description

To ensure SLEM 5 has a sufficient storage capacity in which to write the audit logs, SLEM 5 must be able to allocate audit record storage capacity. The task of allocating audit record storage capacity is usually performed during initial installation of SLEM 5.

ID: SV-261413r996652_rule
Version: SLEM-05-653025
Severity: Medium
References: CCI-001849
Updated: 5 days ago

Remediation Templates

Allocate enough storage capacity for at least one week of SLEM 5 audit records when audit records are not immediately sent to a central audit record storage facility.

If audit records are stored on a partition made specifically for audit records, use the "YaST2 - Partitioner" program (installation and configuration tool for Linux) to resize the partition with sufficient space to contain one week of audit records.

If audit records are not stored on a partition made specifically for audit records, a new partition with sufficient amount of space will need be to be created. The new partition can be created using the "YaST2 - Partitioner" program on the system.

SLEM 5 must allocate audit record storage capacity to store at least one week of audit records when audit records are not immediately sent to a central audit record storage facility.

Description

Remediation Templates

A Manual Procedure