Detections
Analytics

1.116 UBTU-22-651035

Information

The operating system must have a crontab script running weekly to offload audit events of standalone systems.

GROUP ID: V-260587
RULE ID: SV-260587r959008

Information stored in one location is vulnerable to accidental or incidental deletion or alteration.

Offloading is a common process in information systems with limited audit storage capacity.

NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.

Solution

Create a script that offloads audit logs to external media and runs weekly.

The script must be located in the "/etc/cron.weekly" directory.

See Also

https://workbench.cisecurity.org/benchmarks/22168

Item Details

Category: AUDIT AND ACCOUNTABILITY

References: 800-53|AU-4(1), CAT|III, CCI|CCI-001851, CSCv7|6.4, CSCv7|6.5, Rule-ID|SV-260587r959008_rule, STIG-ID|UBTU-22-651035, Vuln-ID|V-260587

Plugin: Unix

Control ID: c877989476acfd35e4a994337de7365617e1a7b20983d4e2d420361462cf4db2