Audispd must take appropriate action when the SUSE operating system audit storage is full.

An XCCDF Rule

Details
Profiles

Description

Information stored in one location is vulnerable to accidental or incidental deletion or alteration. Off-loading is a common process in information systems with limited audit storage capacity.

ID: SV-234979r1009576_rule
Version: SLES-15-030800
Severity: Medium
References: CCI-001851
Updated: about 2 months ago

Remediation Templates

Configure the SUSE operating system to take the appropriate action if the audit storage is full.

Add, edit, or uncomment the "disk_full_action" option in "/etc/audit/audisp-remote.conf". Set it to "syslog", "single" or "halt" as in the example below:

disk_full_action = syslog

Audispd must take appropriate action when the SUSE operating system audit storage is full.

Description

Remediation Templates

A Manual Procedure