AIX7-00-002017 - AIX must be configured so that the audit system takes appropriate action when the audit storage volume is full - bincompact

Information

Taking appropriate action in case of a filled audit storage volume will minimize the possibility of losing audit records.

Solution

Edit the /etc/security/audit/config file and add/modify the following values:

Note: The values for 'binsize' and 'freespace' are the minimum required values. These values can be increased to meet organizationally defined values that exceed the listed values.

bin:
trail = /audit/trail
bin1 = /audit/bin1
bin2 = /audit/bin2
binsize = 25000
cmds = /etc/security/audit/bincmds
freespace = 65536
backuppath = /audit
backupsize = 0
bincompact = off

Restart the audit process:
# /usr/sbin/audit shutdown
# /usr/sbin/audit start

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_IBM_AIX_7-x_V2R6_STIG.zip

Item Details

References: CAT|II, CCI|CCI-001851, Rule-ID|SV-219956r508663_rule, STIG-ID|AIX7-00-002017, STIG-Legacy|SV-109109, STIG-Legacy|V-100005, Vuln-ID|V-219956

Plugin: Unix

Control ID: 29e59ce4f16909ee7077a05174f3e6fc4059322d3a4221f896309459d4f9201e