The audit system must alert the SA when the audit storage volume approaches its capacity.

An XCCDF Rule

Details
Profiles

Description

Filling the audit storage area can result in a denial of service or system outage and can lead to events going undetected.

ID: SV-219965r971542_rule
Version: SOL-11.1-010370
Severity: Medium
References: CCI-001855
Updated: about 2 months ago

Remediation Templates

The root role is required. 

This action applies to the global zone only. Determine the zone that you are currently securing.

# zonename
If the command output is "global", this action applies.

Add an audit_warn alias to /etc/mail/aliases that will forward to designated system administrator(s).

# pfedit /etc/mail/aliases

Insert a line in the form:
audit_warn:user1,user2

Put the updated aliases file into service.
# newaliases

The audit system must alert the SA when the audit storage volume approaches its capacity.

Description

Remediation Templates

A Manual Procedure