The Photon operating system must configure auditd to log space limit problems to syslog.
Severity | Group ID | Group Title | Version | Rule ID | Date | STIG Version |
|---|---|---|---|---|---|---|
| medium | V-256529 | SRG-OS-000343-GPOS-00134 | PHTN-30-000057 | SV-256529r971542_rule | 2024-12-16 | 1 |
| Description |
|---|
| If security personnel are not notified immediately when storage volume reaches 75 percent utilization, they are unable to plan for audit record storage capacity expansion. |
| ℹ️ Check |
|---|
| At the command line, run the following command: # grep "^space_left " /etc/audit/auditd.conf Expected result: space_left = 75 If the output does not match the expected result, this is a finding. |
| ✔️ Fix |
|---|
| Navigate to and open: /etc/audit/auditd.conf Ensure the "space_left" line is uncommented and set to the following: space_left = 75 At the command line, run the following commands: # killproc auditd -TERM # systemctl start auditd |