STIG ID: ALMA-09-054690 | SRG: SRG-OS-000051-GPOS-00024 | Severity: medium | CCI: | Vulnerability Id: V-269531
If option "freq" is not set to a value that requires audit records being written to disk after a threshold number is reached, then audit records may be lost.
Configure AlmaLinux OS 9 to flush audit to disk by adding or updating the following rule in "/etc/audit/auditd.conf":
freq = 100
The audit daemon must be restarted for the changes to take effect.
Verify that audit system is configured to flush to disk after every 100 records with the following command:
$ grep freq /etc/audit/auditd.conf
freq = 100
If "freq" is not set to a value between "1" and "100", the value is missing, or the line is commented out, this is a finding.