1.1.11 Ensure separate partition exists for /var/log

Information

The /var/log directory is used by system services to store log data . There are two important reasons to ensure that system logs are stored on a separate partition: protection against resource exhaustion (since logs can grow quite large) and protection of audit data.

Solution

For new installations, during installation create a custom partition setup and specify a separate partition for /var/log. For systems that were previously installed, create a new partition and configure /etc/fstab as appropriate.

See Also

https://workbench.cisecurity.org/files/2171

Item Details

Category: AUDIT AND ACCOUNTABILITY

References: 800-53|AU-4, CSCv7|6.4

Plugin: Unix

Control ID: e898fbeec25d937e48236f15a1f49b69a04c41fb9d9c718f475ac0bc436a4717