Ensure /var/log/audit Located On Separate Partition

An XCCDF Rule

Description

Audit logs are stored in the /var/log/audit directory. Ensure that /var/log/audit has its own partition or logical volume at installation time, or migrate it using LVM. Make absolutely certain that it is large enough to store all audit logs that will be created by the auditing daemon.

Rationale

Placing /var/log/audit in its own partition enables better separation between audit files and other files, and helps ensure that auditing cannot be halted due to the partition running out of space.

ID: xccdf_org.ssgproject.content_rule_partition_for_var_log_audit
Severity: Low
References: 1 12 13 14 15 16 2 3 5 6 8

APO11.04 APO13.01 BAI03.05 BAI04.04 DSS05.02 DSS05.04 DSS05.07 MEA02.01

CCI-000366 CCI-001849

164.312(a)(2)(ii)

4.3.3.3.9 4.3.3.5.8 4.3.4.4.7 4.4.2.1 4.4.2.2 4.4.2.4

SR 2.10 SR 2.11 SR 2.12 SR 2.8 SR 2.9 SR 3.1 SR 3.5 SR 3.8 SR 4.1 SR 4.3 SR 5.1 SR 5.2 SR 5.3 SR 7.1 SR 7.2 SR 7.6

A.12.1.3 A.12.4.1 A.12.4.2 A.12.4.3 A.12.4.4 A.12.7.1 A.13.1.1 A.13.2.1 A.14.1.3 A.17.2.1

CIP-007-3 R6.5

AU-4 CM-6(a) SC-5(2)

PR.DS-4 PR.PT-1 PR.PT-4

FMT_SMF_EXT.1

SRG-OS-000341-GPOS-00132 SRG-OS-000480-GPOS-00227

SRG-APP-000357-CTR-000800

R71

SLEM-05-231020

SV-261280r996324_rule

CCE-93787-0
Updated: about 1 month ago