Description
Audit logs are stored in the /var/log/audit directory.
Ensure that /var/log/audit has its own partition or logical
volume at installation time, or migrate it using LVM.
Make absolutely certain that it is large enough to store all
audit logs that will be created by the auditing daemon.
Rationale
Placing /var/log/audit in its own partition
enables better separation between audit files
and other files, and helps ensure that
auditing cannot be halted due to the partition running out
of space.
- ID
xccdf_org.ssgproject.content_rule_partition_for_var_log_audit
- References
CSC: Critical Security Controls
COBIT®: Control Objectives for Information and Related Technologies
CCI: Control Correlation Identifier
HIPAA: Health Insurance Portability and Accountability Act
ISA-62443-2-1-2009, Security for Industrial Automation and Control Systems Part 2-1: Establishing an Industrial Automation and Control Systems Security Program
ANSI/ISA-62443-3-3 (99.03.03)-2013 Security for industrial automation and control systems Part 3-3: System security requirements and security levels
CIP: Critical Infrastructure Protection
NIST Special Publication 800-53 (Revision 4): Security and Privacy Controls for Federal Information Systems and Organizations
Framework for Improving Critical Infrastructure Cybersecurity
OSPP: Protection Profile for General Purpose Operating Systems
GPOS SRG: General Purpose Operating System Security Requirements Guide
STIG: Security Technical Implementation Guides for UNIX/Linux Operating Systems
CIS for SuSE Linux Enterprise Server
CCE: Common Configuration Enumeration
CTR SRG: Container Platform Security Requirements Guide
STIG References, Finding IDs and Rule IDs