NixOS must take action when allocated audit record storage volume reaches 75 percent of the repository maximum audit record storage capacity.

An XCCDF Rule

Description

If security personnel are not notified immediately when storage volume reaches 75 percent utilization, they are unable to plan for audit record storage capacity expansion.

ID: SV-268103r1039197_rule
Version: ANIX-00-000420
Severity: Medium
References: CCI-000139
Updated: about 2 months ago

Remediation Templates

Configure the operating system to initiate an action to notify the system administrator (SA) and information system security officer (ISSO) (at a minimum) when allocated audit record storage volume reaches 75 percent of the repository maximum audit record storage.

Add or update the 'environment.etc."audit/auditd.conf".text' configuration in /etc/nixos/configuration.nix to include the following:

 environment.etc."audit/auditd.conf".text = [
  ''   space_left = 25%
  ''
 ];

Rebuild the NixOS configuration with the following command:

$ sudo nixos-rebuild switch

NixOS must take action when allocated audit record storage volume reaches 75 percent of the repository maximum audit record storage capacity.

Description

Remediation Templates

A Manual Procedure