The HPE 3PAR operating system must be configured to allocate audit record storage capacity to store at least one week of audit records, even though all audit records are immediately sent to a centralized audit record storage system (SIEM).
Severity | Group ID | Group Title | Version | Rule ID | Date | STIG Version |
|---|---|---|---|---|---|---|
| medium | V-255282 | SRG-OS-000341-GPOS-00132 | HP3P-33-001700 | SV-255282r958752_rule | 2024-08-27 | 2 |
| Description |
|---|
| To ensure operating systems have a sufficient storage capacity in which to write the audit logs, operating systems need to be able to allocate audit record storage capacity. The task of allocating audit record storage capacity is usually performed during initial installation of the operating system. |
| ℹ️ Check |
|---|
| To verify the logging capacity is set to the maximum value of "4", enter the following command: cli% showsys -param In the resulting list of configured parameters and values, if the following line does not appear, this is a finding. cli% EventLogSize : 4M |
| ✔️ Fix |
|---|
| Enter the following command to configure the audit logging capacity for the maximum storage value: cli% setsys EventLogSize 4M |