RHEL 8 must allocate audit record storage capacity to store at least one week of audit records, when audit records are not immediately sent to a central audit record storage facility.

An XCCDF Rule

Description

To ensure RHEL 8 systems have a sufficient storage capacity in which to write the audit logs, RHEL 8 needs to be able to allocate audit record storage capacity. The task of allocating audit record storage capacity is usually performed during initial installation of RHEL 8.

ID: SV-230476r958752_rule
Version: RHEL-08-030660
Severity: Medium
References: CCI-001849
Updated: about 2 months ago

Remediation Templates

Allocate enough storage capacity for at least one week of audit records when audit records are not immediately sent to a central audit record storage facility.

If audit records are stored on a partition made specifically for audit records, resize the partition with sufficient space to contain one week of audit records.

If audit records are not stored on a partition made specifically for audit records, a new partition with sufficient space will need be to be created.

RHEL 8 must allocate audit record storage capacity to store at least one week of audit records, when audit records are not immediately sent to a central audit record storage facility.

Description

Remediation Templates

A Manual Procedure