CCI|CCI-001851

Title

The information system off-loads audit records per organization-defined frequency onto a different system or media than the system being audited.

Reference Item Details

Category: 2013

Audit Items

View all Reference Audit Items

NamePluginAudit Name
3.200 - The system must be configured to use the au-remote plugin.UnixTenable Fedora Linux Best Practices v2.0.0
3.201 - The system must configure the au-remote plugin to off-load audit logs using the audisp-remote daemon - directionUnixTenable Fedora Linux Best Practices v2.0.0
3.201 - The system must configure the au-remote plugin to off-load audit logs using the audisp-remote daemon - pathUnixTenable Fedora Linux Best Practices v2.0.0
3.201 - The system must configure the au-remote plugin to off-load audit logs using the audisp-remote daemon - typeUnixTenable Fedora Linux Best Practices v2.0.0
3.0210 - The system must take appropriate action when the audisp-remote buffer is full.UnixTenable Fedora Linux Best Practices v2.0.0
3.0211 - The system must label all off-loaded audit logs before sending them to the central log server.UnixTenable Fedora Linux Best Practices v2.0.0
4.1.2.3 Ensure audit system is set to single when the disk is full.UnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
4.1.2.6 Ensure audit system action is defined for sending errorsUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
4.1.2.8 Ensure audit logs are stored on a different system.UnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
4.1.2.9 Ensure audit logs on separate system are encrypted.UnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
4.1.2.11 Ensure off-load of audit logs - directionUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
4.1.2.11 Ensure off-load of audit logs - pathUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
4.1.2.11 Ensure off-load of audit logs - typeUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
4.1.2.12 Ensure action is taken when audisp-remote buffer is fullUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
4.1.2.13 Ensure off-loaded audit logs are labeled.UnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
AIX7-00-002017 - AIX must be configured so that the audit system takes appropriate action when the audit storage volume is fullUnixDISA STIG AIX 7.x v2r8
AIX7-00-002017 - AIX must be configured so that the audit system takes appropriate action when the audit storage volume is full - backuppathUnixDISA STIG AIX 7.x v2r3
AIX7-00-002017 - AIX must be configured so that the audit system takes appropriate action when the audit storage volume is full - backuppathUnixDISA STIG AIX 7.x v2r5
AIX7-00-002017 - AIX must be configured so that the audit system takes appropriate action when the audit storage volume is full - backuppathUnixDISA STIG AIX 7.x v2r6
AIX7-00-002017 - AIX must be configured so that the audit system takes appropriate action when the audit storage volume is full - backuppathUnixDISA STIG AIX 7.x v2r1
AIX7-00-002017 - AIX must be configured so that the audit system takes appropriate action when the audit storage volume is full - backupsizeUnixDISA STIG AIX 7.x v2r3
AIX7-00-002017 - AIX must be configured so that the audit system takes appropriate action when the audit storage volume is full - backupsizeUnixDISA STIG AIX 7.x v2r1
AIX7-00-002017 - AIX must be configured so that the audit system takes appropriate action when the audit storage volume is full - backupsizeUnixDISA STIG AIX 7.x v2r5
AIX7-00-002017 - AIX must be configured so that the audit system takes appropriate action when the audit storage volume is full - backupsizeUnixDISA STIG AIX 7.x v2r6
AIX7-00-002017 - AIX must be configured so that the audit system takes appropriate action when the audit storage volume is full - bin1UnixDISA STIG AIX 7.x v2r5
AIX7-00-002017 - AIX must be configured so that the audit system takes appropriate action when the audit storage volume is full - bin1UnixDISA STIG AIX 7.x v2r6
AIX7-00-002017 - AIX must be configured so that the audit system takes appropriate action when the audit storage volume is full - bin1UnixDISA STIG AIX 7.x v2r1
AIX7-00-002017 - AIX must be configured so that the audit system takes appropriate action when the audit storage volume is full - bin1UnixDISA STIG AIX 7.x v2r3
AIX7-00-002017 - AIX must be configured so that the audit system takes appropriate action when the audit storage volume is full - bin2UnixDISA STIG AIX 7.x v2r3
AIX7-00-002017 - AIX must be configured so that the audit system takes appropriate action when the audit storage volume is full - bin2UnixDISA STIG AIX 7.x v2r6
AIX7-00-002017 - AIX must be configured so that the audit system takes appropriate action when the audit storage volume is full - bin2UnixDISA STIG AIX 7.x v2r1
AIX7-00-002017 - AIX must be configured so that the audit system takes appropriate action when the audit storage volume is full - bin2UnixDISA STIG AIX 7.x v2r5
AIX7-00-002017 - AIX must be configured so that the audit system takes appropriate action when the audit storage volume is full - bincompactUnixDISA STIG AIX 7.x v2r3
AIX7-00-002017 - AIX must be configured so that the audit system takes appropriate action when the audit storage volume is full - bincompactUnixDISA STIG AIX 7.x v2r6
AIX7-00-002017 - AIX must be configured so that the audit system takes appropriate action when the audit storage volume is full - bincompactUnixDISA STIG AIX 7.x v2r1
AIX7-00-002017 - AIX must be configured so that the audit system takes appropriate action when the audit storage volume is full - bincompactUnixDISA STIG AIX 7.x v2r5
AIX7-00-002017 - AIX must be configured so that the audit system takes appropriate action when the audit storage volume is full - binsizeUnixDISA STIG AIX 7.x v2r1
AIX7-00-002017 - AIX must be configured so that the audit system takes appropriate action when the audit storage volume is full - binsizeUnixDISA STIG AIX 7.x v2r6
AIX7-00-002017 - AIX must be configured so that the audit system takes appropriate action when the audit storage volume is full - binsizeUnixDISA STIG AIX 7.x v2r5
AIX7-00-002017 - AIX must be configured so that the audit system takes appropriate action when the audit storage volume is full - binsizeUnixDISA STIG AIX 7.x v2r3
AIX7-00-002017 - AIX must be configured so that the audit system takes appropriate action when the audit storage volume is full - cmdsUnixDISA STIG AIX 7.x v2r6
AIX7-00-002017 - AIX must be configured so that the audit system takes appropriate action when the audit storage volume is full - cmdsUnixDISA STIG AIX 7.x v2r1
AIX7-00-002017 - AIX must be configured so that the audit system takes appropriate action when the audit storage volume is full - cmdsUnixDISA STIG AIX 7.x v2r3
AIX7-00-002017 - AIX must be configured so that the audit system takes appropriate action when the audit storage volume is full - cmdsUnixDISA STIG AIX 7.x v2r5
AIX7-00-002017 - AIX must be configured so that the audit system takes appropriate action when the audit storage volume is full - freespaceUnixDISA STIG AIX 7.x v2r5
AIX7-00-002017 - AIX must be configured so that the audit system takes appropriate action when the audit storage volume is full - freespaceUnixDISA STIG AIX 7.x v2r1
AIX7-00-002017 - AIX must be configured so that the audit system takes appropriate action when the audit storage volume is full - freespaceUnixDISA STIG AIX 7.x v2r3
AIX7-00-002017 - AIX must be configured so that the audit system takes appropriate action when the audit storage volume is full - freespaceUnixDISA STIG AIX 7.x v2r6
AIX7-00-002017 - AIX must be configured so that the audit system takes appropriate action when the audit storage volume is full - trailUnixDISA STIG AIX 7.x v2r5
AIX7-00-002017 - AIX must be configured so that the audit system takes appropriate action when the audit storage volume is full - trailUnixDISA STIG AIX 7.x v2r6