SLEM 5 auditd service must notify the system administrator (SA) and information system security officer (ISSO) immediately when audit storage capacity is 75 percent full.

An XCCDF Rule

Description

<VulnDiscussion>If security personnel are not notified immediately when storage volume reaches 75 percent utilization, they are unable to plan for audit record storage capacity expansion.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID: SV-261414r996654_rule
Severity: Medium
References: CCI-001855
Updated: 17 days ago

Configure SLEM 5 auditd service to notify the SA and ISSO immediately when audit storage capacity is 75 percent full.

Add or modify the following lines in the "/etc/audit/auditd.conf " file: 

space_left = 25%

SLEM 5 auditd service must notify the system administrator (SA) and information system security officer (ISSO) immediately when audit storage capacity is 75 percent full.

Description

Remediation - Manual Procedure