The Oracle Linux operating system must use a separate file system for the system audit data path large enough to hold at least one week of audit data.

STIG ID: OL07-00-021330 |  SRG: SRG-OS-000341-GPOS-00132 |  Severity: low |  CCI:  | Vulnerability Id: V-221756

Vulnerability Discussion

The use of separate file systems for different paths can protect the system from failures resulting from a file system becoming full or failing.

Check

Migrate the system audit data path onto an appropriately sized separate file system to store at least one week of audit records.

Fix

Determine if the operating system is configured to have the "/var/log/audit" path is on a separate file system.

# grep /var/log/audit /etc/fstab

If no result is returned, or the operating system is not configured to have "/var/log/audit" on a separate file system, this is a finding.

Verify that "/var/log/audit" is mounted on a separate file system:

# mount | grep "/var/log/audit"

If no result is returned, or "/var/log/audit" is not on a separate file system, this is a finding.

Verify the size of the audit file system:

# df -h /var/log/audit

If the size is insufficient for a week of audit data, this is a finding.