PHTN-67-000060 - The Photon operating system must configure auditd to log space limit problems to syslog.

Information

If security personnel are not notified immediately when storage volume reaches 75% utilization, they are unable to plan for audit record storage capacity expansion.

Solution

Open /etc/audit/auditd.conf with a text editor.

Ensure that the 'space_left' line is uncommented and set to the following:

space_left = 75

At the command line, execute the following command:

# service auditd reload

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_VMW_vSphere_6-7_Y22M04_STIG.zip

Item Details

Category: AUDIT AND ACCOUNTABILITY

References: 800-53|AU-5(1), CAT|II, CCI|CCI-001855, Rule-ID|SV-239131r675201_rule, STIG-ID|PHTN-67-000060, Vuln-ID|V-239131

Plugin: Unix

Control ID: 7b9f19b146d64f1d5371c95b3eac87d47af1f7aab94749ee9fb9cd605a49cd2e