4.1.1.3 Ensure audit logs are not automatically deleted

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version

Information

In high security contexts, the benefits of maintaining a long audit history exceed the cost of storing the audit history.

Solution

Set the following parameter in /etc/audit/auditd.conf: max_log_file_action = keep_logs

See Also

https://workbench.cisecurity.org/files/1857

Item Details

Category: AUDIT AND ACCOUNTABILITY

References: 800-53|AU-5, CSCv6|6.3

Plugin: Unix

Control ID: f9405332a73761b8f76d83dd5ed1eee9031179199224347c448ac37c01cfb359