AIX7-00-002017 - AIX must be configured so that the audit system takes appropriate action when the audit storage volume is full - backupsize

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version

Information

Taking appropriate action in case of a filled audit storage volume will minimize the possibility of losing audit records.

Solution

Edit the /etc/security/audit/config file and add/modify the following values:

Note: The values for 'binsize' and 'freespace' are the minimum required values. These values can be increased to meet organizationally defined values that exceed the listed values.

bin:
trail = /audit/trail
bin1 = /audit/bin1
bin2 = /audit/bin2
binsize = 25000
cmds = /etc/security/audit/bincmds
freespace = 65536
backuppath = /audit
backupsize = 0
bincompact = off

Restart the audit process:
# /usr/sbin/audit shutdown
# /usr/sbin/audit start

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_IBM_AIX_7-x_V2R5_STIG.zip

Item Details

References: CAT|II, CCI|CCI-001851, Rule-ID|SV-219956r508663_rule, STIG-ID|AIX7-00-002017, STIG-Legacy|SV-109109, STIG-Legacy|V-100005, Vuln-ID|V-219956

Plugin: Unix

Control ID: d7b09f555f9ee9b4a056ce51f24535b90838c31fd31dc48a9f2c0fedd98ddb53