The Photon operating system must ensure audit events are flushed to disk at proper intervals.
An XCCDF Rule
Description
Without setting a balance between performance and ensuring all audit events are written to disk, performance of the system may suffer or the risk of missing audit entries may be too high.
- ID
- SV-256544r991589_rule
- Version
- PHTN-30-000074
- Severity
- Medium
- References
- Updated
Remediation Templates
A Manual Procedure
Navigate to and open:
/etc/audit/auditd.conf
Ensure the following line is present and any existing "flush" and "freq" settings are removed: