RHEL 9 must write audit records to disk.
An XCCDF Rule
Description
Audit data should be synchronously written to disk to ensure log integrity. This setting assures that all audit event data is written disk.
- ID
- SV-258170r991589_rule
- Version
- RHEL-09-653105
- Severity
- Medium
- References
- Updated
Remediation Templates
A Manual Procedure
Configure the audit system to write log files to the disk.
Edit the /etc/audit/auditd.conf file and add or update the "write_logs" option to "yes":
write_logs = yes
The audit daemon must be restarted for changes to take effect.