Detections
Analytics

1.174 UBTU-24-900950

Information

The operating system must have a crontab script running weekly to offload audit events of standalone systems.

GROUP ID: V-270817
RULE ID: SV-270817r1066940

Information stored in one location is vulnerable to accidental or incidental deletion or alteration.

Offloading is a common process in information systems with limited audit storage capacity.

NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.

Solution

Create a script that offloads audit logs to external media and runs weekly.

The script must be located in the "/etc/cron.weekly" directory.

See Also

https://workbench.cisecurity.org/benchmarks/22775

Item Details

Category: AUDIT AND ACCOUNTABILITY

References: 800-53|AU-4(1), CAT|III, CCI|CCI-001851, CSCv7|6.4, CSCv7|6.5, Rule-ID|SV-270817r1066940_rule, STIG-ID|UBTU-24-900950, Vuln-ID|V-270817

Plugin: Unix

Control ID: 43fce02d9f748b60f44a1a0e7c18ca0714cb935e50dc2d2f80950d2c8801fb3b