Ensure /var/log/audit Located On Separate Partition

An XCCDF Rule

Description

Audit logs are stored in the /var/log/audit directory. Ensure that /var/log/audit has its own partition or logical volume at installation time, or migrate it using LVM. Make absolutely certain that it is large enough to store all audit logs that will be created by the auditing daemon.

Rationale

Placing /var/log/audit in its own partition enables better separation between audit files and other files, and helps ensure that auditing cannot be halted due to the partition running out of space.

ID: xccdf_org.ssgproject.content_rule_partition_for_var_log_audit
Severity: Low
References: BP28(R43)

1 12 13 14 15 16 2 3 5 6 8

APO11.04 APO13.01 BAI03.05 BAI04.04 DSS05.02 DSS05.04 DSS05.07 MEA02.01

CCI-000366 CCI-001849

164.312(a)(2)(ii)

4.3.3.3.9 4.3.3.5.8 4.3.4.4.7 4.4.2.1 4.4.2.2 4.4.2.4

SR 2.10 SR 2.11 SR 2.12 SR 2.8 SR 2.9 SR 3.1 SR 3.5 SR 3.8 SR 4.1 SR 4.3 SR 5.1 SR 5.2 SR 5.3 SR 7.1 SR 7.2 SR 7.6

A.12.1.3 A.12.4.1 A.12.4.2 A.12.4.3 A.12.4.4 A.12.7.1 A.13.1.1 A.13.2.1 A.14.1.3 A.17.2.1

CIP-007-3 R6.5

AU-4 CM-6(a) SC-5(2)

PR.DS-4 PR.PT-1 PR.PT-4

FMT_SMF_EXT.1

SRG-OS-000341-GPOS-00132 SRG-OS-000480-GPOS-00227

OL08-00-010542

SV-248610r779396_rule

SRG-APP-000357-CTR-000800
Updated: about 1 year ago


part /var/log/audit

Ensure /var/log/audit Located On Separate Partition

Description

Rationale

Remediation - Anaconda Pre-Install Instructions