The audit system must alert the SA when the audit storage volume approaches its capacity.

An XCCDF Rule

Description

<VulnDiscussion>Filling the audit storage area can result in a denial of service or system outage and can lead to events going undetected.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID: SV-219965r971542_rule
Severity: Medium
References: CCI-001855
Updated: 18 days ago

The root role is required. 

This action applies to the global zone only. Determine the zone that you are currently securing.

# zonename
If the command output is "global", this action applies.

Add an audit_warn alias to /etc/mail/aliases that will forward to designated system administrator(s).

# pfedit /etc/mail/aliases

Insert a line in the form:
audit_warn:user1,user2

Put the updated aliases file into service.
# newaliases

The audit system must alert the SA when the audit storage volume approaches its capacity.

Description

Remediation - Manual Procedure