SLEM 5 auditd service must notify the system administrator (SA) and information system security officer (ISSO) immediately when audit storage capacity is 75 percent full.

An XCCDF Rule

Details
Profiles

Description

If security personnel are not notified immediately when storage volume reaches 75 percent utilization, they are unable to plan for audit record storage capacity expansion.

ID: SV-261414r996654_rule
Version: SLEM-05-653030
Severity: Medium
References: CCI-001855
Updated: 5 days ago

Remediation Templates

Configure SLEM 5 auditd service to notify the SA and ISSO immediately when audit storage capacity is 75 percent full.

Add or modify the following lines in the "/etc/audit/auditd.conf " file: 

space_left = 25%

SLEM 5 auditd service must notify the system administrator (SA) and information system security officer (ISSO) immediately when audit storage capacity is 75 percent full.

Description

Remediation Templates

A Manual Procedure