Detections
Analytics

1.386 RHEL-09-653105

Information

RHEL 9 must write audit records to disk.

GROUP ID: V-258170
RULE ID: SV-258170r991589

Audit data should be synchronously written to disk to ensure log integrity. This setting assures that all audit event data is written disk.

Solution

Configure the audit system to write log files to the disk.

Edit the /etc/audit/auditd.conf file and add or update the "write_logs" option to "yes":

write_logs = yes

The audit daemon must be restarted for changes to take effect.

See Also

https://workbench.cisecurity.org/benchmarks/22008

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-6b., CAT|II, CCI|CCI-000366, Rule-ID|SV-258170r991589_rule, STIG-ID|RHEL-09-653105, Vuln-ID|V-258170

Plugin: Unix

Control ID: 03026981866ea44b1d3fe41bd2c457070003c503b929a3725b499acfe16b6ae1